Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return nil in NewHMAC if HMAC doesn't support the hash function #159

Merged
merged 2 commits into from
Sep 9, 2024
Merged

Return nil in NewHMAC if HMAC doesn't support the hash function #159

merged 2 commits into from
Sep 9, 2024

Conversation

qmuntal
Copy link
Collaborator

@qmuntal qmuntal commented Sep 3, 2024

This PR adds a check in the OpenSSL 3 NewHMAC code path to prove that the fetched HMAC can be used with the given hash function. If that's not possible, then NewHMAC will return nil. Note that this was already the case if the hash function was not supported as a stand-alone algorithm.

Fixes #153.

@qmuntal
Copy link
Collaborator Author

qmuntal commented Sep 3, 2024

CI fails because sync.OnceValue is not supported in Go 1.20. Will be fixed by #160.

@karianna
Copy link
Collaborator

karianna commented Sep 4, 2024

#160 has merged, not sure how you re-trigger CI here though

@qmuntal qmuntal marked this pull request as ready for review September 4, 2024 06:21
@qmuntal
Copy link
Collaborator Author

qmuntal commented Sep 4, 2024

#160 has merged, not sure how you re-trigger CI here though

I've now merged v2 into the PR branch, which re-triggered CI.

dagood
dagood reviewed Sep 4, 2024
View reviewed changes
@qmuntal qmuntal requested a review from dagood September 5, 2024 08:21
@karianna
Copy link
Collaborator

karianna commented Sep 7, 2024

@qmuntal will need a rebase now

@karianna karianna merged commit fc0ef3a into v2 Sep 9, 2024
26 checks passed
@qmuntal qmuntal mentioned this pull request Sep 10, 2024
Merged
mertakman pushed a commit to mertakman/openssl that referenced this pull request Sep 10, 2024
@qmuntal @dagood @mertakman
Return nil in NewHMAC if HMAC doesn't support the hash function (gola…
7c5c99c 
…ng-fips#159)

* return nil in NewHMAC if HMAC doesn't support the hash function

* Update hmac.go

Co-authored-by: Davis Goodin <[email protected]>

---------

Co-authored-by: Davis Goodin <[email protected]>
@qmuntal qmuntal mentioned this pull request Sep 12, 2024
Closed
@qmuntal qmuntal deleted the hmac-fox branch October 30, 2024 09:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@karianna karianna karianna approved these changes

@dagood dagood dagood approved these changes

@ueno ueno Awaiting requested review from ueno

@derekparker derekparker Awaiting requested review from derekparker

@gdams gdams Awaiting requested review from gdams

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

NewHMAC panics if the HMAC doesn't support a valid digest
3 participants
@qmuntal @karianna @dagood