Clean up usage of hash.Hash interface.

Check for nil value of the exported HMAC.HashFunc field. PiperOrigin-RevId: 611642993 Change-Id: I47cdeb5069ec0d43666a8ed3d77e73b912a62964
tink-crypto · Mar 1, 2024 · f3a178b · f3a178b
1 parent 328cc24
commit f3a178b
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 9 deletions.
diff --git a/mac/subtle/hmac.go b/mac/subtle/hmac.go
@@ -82,10 +82,11 @@ func ValidateHMACParams(hash string, keySize uint32, tagSize uint32) error {
 
 // ComputeMAC computes message authentication code (MAC) for the given data.
 func (h *HMAC) ComputeMAC(data []byte) ([]byte, error) {
-	mac := hmac.New(h.HashFunc, h.Key)
-	if _, err := mac.Write(data); err != nil {
-		return nil, err
+	if h.HashFunc == nil {
+		return nil, fmt.Errorf("hmac: invalid hash algorithm")
 	}
+	mac := hmac.New(h.HashFunc, h.Key)
+	mac.Write(data)
 	tag := mac.Sum(nil)
 	return tag[:h.TagSize], nil
 }

diff --git a/mac/subtle/hmac_test.go b/mac/subtle/hmac_test.go
@@ -116,6 +116,20 @@ func TestNewHMACWithInvalidInput(t *testing.T) {
 	}
 }
 
+func TestHMACWithNilHashFunc(t *testing.T) {
+	cipher, err := subtle.NewHMAC("SHA256", random.GetRandomBytes(32), 32)
+	if err != nil {
+		t.Fatalf("subtle.NewHMAC() err = %v", err)
+	}
+
+	// Modify exported field.
+	cipher.HashFunc = nil
+
+	if _, err := cipher.ComputeMAC([]byte{}); err == nil {
+		t.Errorf("cipher.ComputerMAC() err = nil, want not nil")
+	}
+}
+
 func TestHMAComputeVerifyWithNilInput(t *testing.T) {
 	cipher, err := subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 32)
 	if err != nil {

diff --git a/subtle/subtle.go b/subtle/subtle.go
@@ -124,12 +124,7 @@ func ComputeHash(hashFunc func() hash.Hash, data []byte) ([]byte, error) {
 		return nil, errNilHashFunc
 	}
 	h := hashFunc()
-
-	_, err := h.Write(data)
-	if err != nil {
-		return nil, err
-	}
-
+	h.Write(data)
 	return h.Sum(nil), nil
 }