Google Git
Sign in
boringssl / boringssl / 2fe7f2d0d9a6fcc75b4e594eeec306cc55acd594
commit2fe7f2d0d9a6fcc75b4e594eeec306cc55acd594[log] [tgz]
authorEric Roman <eroman@chromium.org>Mon Jan 26 15:52:15 2015 -0800
committerAdam Langley <agl@google.com>Wed Jan 28 01:27:25 2015 +0000
treee2ab277420995401e20dd2095b4bb798b89c1098
parent1d75c8be73e5e78220498b182c629c46d7e524af [diff]
Initialize HMAC keys to zero.

In an attempt to assign a zero-length HMAC key, consumers might
incorrectly call:

   HMAC_Init_ex(key=NULL, key_len=0)

This does not work as expected since |key==NULL| has special semantics.
This bug may consequently result in uninitialized memory being used for
the HMAC key data.

This workaround doesn't fix all the problems associated with this
pattern, however by defaulting to a zero key the results are more
predictable than before.

BUG=http://crbug.com/449409

Change-Id: I777276d57c61f1c0cce80b18e28a9b063784733f
Reviewed-on: https://boringssl-review.googlesource.com/3040
Reviewed-by: Adam Langley <agl@google.com>
1 file changed
tree: e2ab277420995401e20dd2095b4bb798b89c1098
  1. crypto/
  2. doc/
  3. include/
  4. ssl/
  5. tool/
  6. util/
  7. .clang-format
  8. .gitignore
  9. BUILDING
  10. CMakeLists.txt
  11. codereview.settings
  12. STYLE