I noticed something in the HMAC code that looks like a bug to me.

If you call HMAC(), the function HMAC_CTX_init() is called twice.

That can't be right, can it?

====
void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md)
{
if(key && md)
HMAC_CTX_init(ctx);
...
}

void HMAC_CTX_init(HMAC_CTX *ctx)
{
EVP_MD_CTX_init(&ctx->i_ctx);
EVP_MD_CTX_init(&ctx->o_ctx);
EVP_MD_CTX_init(&ctx->md_ctx);
}

unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
const unsigned char *d, size_t n, unsigned char *md,
unsigned int *md_len)
{
...
HMAC_CTX_init(&c);
HMAC_Init(&c,key,key_len,evp_md);
HMAC_Update(&c,d,n);
HMAC_Final(&c,md,md_len);
HMAC_CTX_cleanup(&c);
====


Nanno

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org