From: Dmitry Belyavskiy Date: Thu, 20 May 2021 08:59:07 +0000 (+0200) Subject: HMAC doesn't work with a default digest X-Git-Tag: openssl-3.0.0-beta1~442 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=819b94c0c0d338fbec0aee828f3b61d7878c3837;p=thirdparty%2Fopenssl.git HMAC doesn't work with a default digest Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15371) --- diff --git a/apps/dgst.c b/apps/dgst.c index 15f9e2e6850..7ac10133035 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -330,6 +330,8 @@ int dgst_main(int argc, char **argv) } if (hmac_key != NULL) { + if (md == NULL) + md = (EVP_MD *)EVP_sha256(); sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl, (unsigned char *)hmac_key, strlen(hmac_key)); diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index 1083da71b8e..d64d810edde 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -17,7 +17,7 @@ use OpenSSL::Test::Utils; setup("test_dgst"); -plan tests => 7; +plan tests => 8; sub tsignverify { my $testtext = shift; @@ -117,6 +117,20 @@ subtest "HMAC generation with `dgst` CLI" => sub { "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)"); }; +subtest "HMAC generation with `dgst` CLI, default digest" => sub { + plan tests => 2; + + my $testdata = srctop_file('test', 'data.bin'); + #HMAC the data twice to check consistency + my @hmacdata = run(app(['openssl', 'dgst', '-hmac', '123456', + $testdata, $testdata]), capture => 1); + chomp(@hmacdata); + my $expected = qr/HMAC-SHA256\(\Q$testdata\E\)= 6f12484129c4a761747f13d8234a1ff0e074adb34e9e9bf3a155c391b97b9a7c/; + ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)"); + ok($hmacdata[1] =~ $expected, + "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)"); +}; + subtest "Custom length XOF digest generation with `dgst` CLI" => sub { plan tests => 2;