Fix for HMAC.

author: Dr. Stephen Henson <steve@openssl.org> 2000-03-27 00:53:27 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2000-03-27 00:53:27 +0000
commit: b475baffb27fdb8342c717bc89e1c1dec0e6c0f1 (patch)
tree: 001a8354c69f9491eb75d6ff06a904f2bef633f7
parent: 617d71bc12446296656a937031efdfcc8237e5f5 (diff)
download: openssl-b475baffb27fdb8342c717bc89e1c1dec0e6c0f1.tar.gz
2 files changed, 7 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 0073a5c84f..b98ea514a0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.5 and 0.9.5a  [XX XXX 2000]
 
+  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
+     was larger than the MD block size.      
+     [Steve Henson, pointed out by Yost William <YostW@tce.com>]
+
   *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
      fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
      using the passed key: if the passed key was a private key the result
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 23b7c98f8f..e1ec79e093 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -88,9 +88,11 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
 		else
 			{
 			memcpy(ctx->key,key,len);
-			memset(&(ctx->key[len]),0,sizeof(ctx->key)-len);
 			ctx->key_length=len;
 			}
+		if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
+			memset(&ctx->key[ctx->key_length], 0,
+				HMAC_MAX_MD_CBLOCK - ctx->key_length);
 		}
 
 	if (reset)
author	Dr. Stephen Henson <steve@openssl.org>	2000-03-27 00:53:27 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2000-03-27 00:53:27 +0000
commit	b475baffb27fdb8342c717bc89e1c1dec0e6c0f1 (patch)
tree	001a8354c69f9491eb75d6ff06a904f2bef633f7
parent	617d71bc12446296656a937031efdfcc8237e5f5 (diff)
download	openssl-b475baffb27fdb8342c717bc89e1c1dec0e6c0f1.tar.gz