Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: crypto/hmac.h

Issue 9695058: Don't enforce the old HMAC key size requirement in FIPS 198 Sec. 3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | crypto/hmac_win.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: crypto/hmac.h
===================================================================
--- crypto/hmac.h (revision 125777)
+++ crypto/hmac.h (working copy)
@@ -40,6 +40,14 @@
// Initializes this instance using |key| of the length |key_length|. Call Init
// only once. It returns false on the second or later calls.
// TODO(abarth): key_length should be a size_t.
+ //
+ // NOTE: the US Federal crypto standard FIPS 198, Section 3 says:
+ // The size of the key, K, shall be equal to or greater than L/2, where L
+ // is the size of the hash function output.
+ // In FIPS 198-1 (and SP-800-107, which describes key size recommendations),
+ // this requirement is gone. But a system crypto library may still enforce
+ // this old requirement. If the key is shorter than this recommended value,
+ // Init() may fail.
bool Init(const unsigned char* key, int key_length) WARN_UNUSED_RESULT;
// Initializes this instance using |key|. Call Init
« no previous file with comments | « no previous file | crypto/hmac_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698