7340N/A# Developed in house.

7340N/A# It checks the validity of the context.

7340N/A# The issue was reported to the upstream by QE: #4679

7340N/A--- a/crypto/hmac/hmac.c 2016-11-09 12:52:40.755645360 -0800

7340N/A+++ b/crypto/hmac/hmac.c 2016-11-09 12:53:17.872944235 -0800

7340N/A@@ -71,6 +71,10 @@

7340N/A int i, j, reset = 0;

7340N/A unsigned char pad[HMAC_MAX_MD_CBLOCK];

7340N/A

7340N/A+ /* If we are changing MD then we must have a key */

7340N/A+ if (md != NULL && md != ctx->md && (key == NULL || len < 0))

7340N/A+ return 0;

7340N/A+

7340N/A #ifdef OPENSSL_FIPS

7340N/A /* If FIPS mode switch to approved implementation if possible */

7340N/A if (FIPS_mode()) {

7340N/A@@ -97,9 +101,6 @@

7340N/A return FIPS_hmac_init_ex(ctx, key, len, md, NULL);

7340N/A }

7340N/A #endif

7340N/A- /* If we are changing MD then we must have a key */

7340N/A- if (md != NULL && md != ctx->md && (key == NULL || len < 0))

7340N/A- return 0;

7340N/A

7340N/A if (md != NULL) {

7340N/A reset = 1;

7340N/A@@ -164,12 +165,13 @@

7340N/A

7340N/A int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)

7340N/A {

7340N/A+ if (!ctx->md)

7340N/A+ return 0;

7340N/A+

7340N/A #ifdef OPENSSL_FIPS

7340N/A if (FIPS_mode() && !ctx->i_ctx.engine)

7340N/A return FIPS_hmac_update(ctx, data, len);

7340N/A #endif

7340N/A- if (!ctx->md)

7340N/A- return 0;

7340N/A

7340N/A return EVP_DigestUpdate(&ctx->md_ctx, data, len);

7340N/A }

7340N/A@@ -178,14 +180,15 @@

7340N/A {

7340N/A unsigned int i;

7340N/A unsigned char buf[EVP_MAX_MD_SIZE];

7340N/A+

7340N/A+ if (!ctx->md)

7340N/A+ goto err;

7340N/A+

7340N/A #ifdef OPENSSL_FIPS

7340N/A if (FIPS_mode() && !ctx->i_ctx.engine)

7340N/A return FIPS_hmac_final(ctx, md, len);

7340N/A #endif

7340N/A

7340N/A- if (!ctx->md)

7340N/A- goto err;

7340N/A-

7340N/A if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))

7340N/A goto err;

7340N/A if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))