On Fri, Nov 24, 2017 at 02:35:04PM +0100, Kamil Konieczny wrote: > > I have more questions, this time about HMAC export/import. > In doc, there is stated that key can be copied into context transformation. > > Should .export copy request context _and_ key used ? Or not ? The key is stored in the tfm so export does not need to touch the key. However, sometimes the key is naturally embedded in the hash state too, e.g., with hmac, in that case it would make sense for export to copy it as part of the hash state. > When processing requests, can I assume the key in transformation is const until .final ? Yes you may. > Is is possible to have okey derived from different key then ikey ? I think not. We do not need to support that case. If the user changes the key mid-stream it results in undefined behaviour. However, the code should not crash though. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt