what is gcry_md_reset()'s relationship with HMAC?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Nov 9 23:44:26 CET 2009


On 11/05/2009 11:31 PM, Daniel Kahn Gillmor wrote:
> from reading the gcrypt source, it looks to me like gcry_md_reset() does
> actually re-initializes the digest with the first part of the macpads
> structure, but it doesn't wipe the pads out.
> 
> But the documentation for gcry_md_reset() doesn't mention setkey() at
> all -- it implies that it's the same as a close() followed by an open(),
> which would actually result in the wiping of the macpads themselves.
> (i.e. another gcry_md_setkey() would need to be invoked).

after some tests, it seems clear that gcry_md_reset() does not reset the
HMAC keys.  I think this is the Right Thing to do, but the documentation
does not appear to describe this properly -- it seems to be different
from a close() followed by an open().

maybe the docs should be updated?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091109/aed77030/attachment.pgp>


More information about the Gcrypt-devel mailing list