From 89e3ffaa1fb56bcc76f626a64afcc25e506d8b54 Mon Sep 17 00:00:00 2001
From: Jelte Jansen <jelte@isc.org>
Date: Wed, 18 May 2011 21:10:06 +0200
Subject: [PATCH] [trac936] always fail on secret_len == 0

---
 src/lib/cryptolink/crypto_hmac.cc | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/lib/cryptolink/crypto_hmac.cc b/src/lib/cryptolink/crypto_hmac.cc
index d5a733b281..9aa9d2474d 100644
--- a/src/lib/cryptolink/crypto_hmac.cc
+++ b/src/lib/cryptolink/crypto_hmac.cc
@@ -88,13 +88,11 @@ public:
                                   secret_len);
                 hmac_->set_key(hashed_key.begin(), hashed_key.size());
             } else {
-                // Apparently 1.9 considers 0 a valid secret length.
-                // We do not.
-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,0)
+                // Botan 1.8 considers len 0 a bad key. 1.9 does not,
+                // but we won't accept it anyway, and fail early
                 if (secret_len == 0) {
                     isc_throw(BadKey, "Bad HMAC secret length: 0");
                 }
-#endif
                 hmac_->set_key(static_cast<const Botan::byte*>(secret),
                                secret_len);
             }