Hi Luka, > I have just found out, that recent openssl 1.0.2 commit > 929b0d70c19f60227f89fac63f22a21f21950823 > breaks hmac when using openssl plugin for hmac functions
This commit prevents the pre-initialization with an empty key we use to avoid any non-initialized use of HMAC_Update(). Most likely we should track the state of key initialization ourselves, which allows us to remove that initialization. Can you please test the patch at [1] and let us know if that works with the new OpenSSL version? While our API use here is certainly questionable, I'm asking myself if that check in OpenSSL is a not a little too strict. Setting a zero-length key seems legitimate to me; but not sure if any protocol exists that uses such a key. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=openssl-hmac _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users