openssl: Ensure underlying hash algorithm is available during HMAC init
Without this we only would learn that the algorithm isn't actually available (e.g. due to FIPS mode) when set_key() is called later, so there isn't any automatic fallback to other implementations. Fixes #3284.
This commit is contained in:
parent
96b8fa72b3
commit
6b347d5232
|
@ -185,6 +185,12 @@ static mac_t *hmac_create(hash_algorithm_t algo)
|
|||
this->hmac = &this->hmac_ctx;
|
||||
#endif
|
||||
|
||||
/* make sure the underlying hash algorithm is supported */
|
||||
if (!set_key(this, chunk_from_str("")))
|
||||
{
|
||||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue