openssl: Don't pre-initialize OpenSSL HMAC with an empty key
authorMartin Willi <martin@revosec.ch>
Mon, 30 Mar 2015 08:25:41 +0000 (10:25 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 13 Apr 2015 12:52:30 +0000 (14:52 +0200)
commitc2906c8f21af7555e0f786b6474cf4c7dc0c7651
tree7d6ab93bb38fa0201aa771e56c1a0334fc3b903e
parent7394ad92aeeb12316fa3710d3ac2138d7cee7c6c
openssl: Don't pre-initialize OpenSSL HMAC with an empty key

With OpenSSL commit 929b0d70c19f60227f89fac63f22a21f21950823 setting an empty
key fails if no previous key has been set on that HMAC.

In 9138f49e we explicitly added the check we remove now, as HMAC_Update()
might crash if HMAC_Init_ex() has not been called yet. To avoid that, we
set and check a flag locally to let any get_mac() call fail if set_key() has
not yet been called.
src/libstrongswan/plugins/openssl/openssl_hmac.c