diff options
| author | Matt Caswell <matt@openssl.org> | 2020-01-03 09:37:19 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-01-07 11:53:29 +0000 |
| commit | 16d92fa873975b2a32d3ea01b7d63c64f7fd9ee7 (patch) | |
| tree | 64fded0988ef61a34ec01508d7c922fa4941f8ab /test | |
| parent | 0fcc6e70bc8970c4aee5e55d517aa1cc522a3ee8 (diff) | |
Don't store an HMAC key for longer than we need
The HMAC_CTX structure stores the original key in case the ctx is reused
without changing the key.
However, HMAC_Init_ex() checks its parameters such that the only code path
where the stored key is ever used is in the case where HMAC_Init_ex is
called with a NULL key and an explicit md is provided which is the same as
the md that was provided previously. But in that case we can actually reuse
the pre-digested key that we calculated last time, so we can refactor the
code not to use the stored key at all.
With that refactor done it is no longer necessary to store the key in the
ctx at all. This means that long running ctx's will not keep the key in
memory for any longer than required. Note though that the digested key
*is* still kept in memory for the duration of the life of the ctx.
Fixes #10743
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10763)
Diffstat (limited to 'test')
| -rw-r--r-- | test/hmactest.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/test/hmactest.c b/test/hmactest.c index ca775773a6..e12c48fd8d 100644 --- a/test/hmactest.c +++ b/test/hmactest.c @@ -173,6 +173,27 @@ static int test_hmac_run(void) if (!TEST_str_eq(p, (char *)test[6].digest)) goto err; + /* Test reusing a key */ + if (!TEST_true(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) + || !TEST_true(HMAC_Update(ctx, test[6].data, test[6].data_len)) + || !TEST_true(HMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, (char *)test[6].digest)) + goto err; + + /* + * Test reusing a key where the digest is provided again but is the same as + * last time + */ + if (!TEST_true(HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) + || !TEST_true(HMAC_Update(ctx, test[6].data, test[6].data_len)) + || !TEST_true(HMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, (char *)test[6].digest)) + goto err; + ret = 1; err: HMAC_CTX_free(ctx); |