diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2022-09-01 15:59:52 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2022-10-17 16:35:35 +0900 |
| commit | 65bba0ef6fa104324d34079f107f9c72ed8d0e2f (patch) | |
| tree | 7412ce5484ded42ae9c28aab7e42c0f647a2984d /test/openssl | |
| parent | bee383d9fe84eb29ec12a8c392fcbf7c646575b8 (diff) | |
| download | ruby-65bba0ef6fa104324d34079f107f9c72ed8d0e2f.tar.gz | |
[ruby/openssl] hmac: use EVP_PKEY_new_raw_private_key() if available
Current OpenSSL 3.0.x release has a regression with zero-length MAC
keys. While this issue should be fixed in a future release of OpenSSL,
we can use EVP_PKEY_new_raw_private_key() in place of the problematic
EVP_PKEY_new_mac_key() to avoid the issue. OpenSSL 3.0's man page
recommends using it regardless:
> EVP_PKEY_new_mac_key() works in the same way as
> EVP_PKEY_new_raw_private_key(). New applications should use
> EVP_PKEY_new_raw_private_key() instead.
Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1224912710
https://github.com/ruby/openssl/commit/4293f18b1f
Diffstat (limited to 'test/openssl')
| -rw-r--r-- | test/openssl/test_hmac.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/test/openssl/test_hmac.rb b/test/openssl/test_hmac.rb index 2f53a813e1..3cb707448a 100644 --- a/test/openssl/test_hmac.rb +++ b/test/openssl/test_hmac.rb @@ -62,6 +62,14 @@ class OpenSSL::TestHMAC < OpenSSL::TestCase b64digest = OpenSSL::HMAC.base64digest("MD5", key, "Hi There") assert_equal "kpRyejY4uxwT9I74FYv8nQ==", b64digest end + + def test_zero_length_key + # Empty string as the key + hexdigest = OpenSSL::HMAC.hexdigest("SHA256", "\0"*32, "test") + assert_equal "43b0cef99265f9e34c10ea9d3501926d27b39f57c6d674561d8ba236e7a819fb", hexdigest + hexdigest = OpenSSL::HMAC.hexdigest("SHA256", "", "test") + assert_equal "43b0cef99265f9e34c10ea9d3501926d27b39f57c6d674561d8ba236e7a819fb", hexdigest + end end end |