Important fix for HMAC-SHA-384/512
Werner Koch
wk at gnupg.org
Wed Nov 5 19:47:21 CET 2008
Hi!
a bug has in found in the HMAC computation when using a key size of 64
to 128 bytes with SHA-384 or SHA-512. The result is a wrong HMAC value.
Given that such key seizes are not very common, it should not give any
real world problems but it needs to be fixed anyway.
The fix below is for libgcrypt 1.4.3 but it should apply to all 1.4
versions.
Salam-Shalom,
Werner
* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
--- orig/libgcrypt-1.4.3/cipher/md.c 2008-09-12 15:43:52.000000000 +0200
+++ libgcrypt-1.4.3/cipher/md.c 2008-11-05 19:52:32.000000000 +0100
@@ -834,7 +834,7 @@ prepare_macpads( gcry_md_hd_t hd, const
if ( !algo )
return GPG_ERR_DIGEST_ALGO; /* i.e. no algo enabled */
- if ( keylen > 64 )
+ if ( keylen > hd->ctx->macpads_Bsize )
{
helpkey = gcry_malloc_secure ( md_digest_length( algo ) );
if ( !helpkey )
@@ -842,7 +842,7 @@ prepare_macpads( gcry_md_hd_t hd, const
gcry_md_hash_buffer ( algo, helpkey, key, keylen );
key = helpkey;
keylen = md_digest_length( algo );
- gcry_assert ( keylen <= 64 );
+ gcry_assert ( keylen <= hd->ctx->macpads_Bsize );
}
memset ( hd->ctx->macpads, 0, 2*(hd->ctx->macpads_Bsize) );
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gcrypt-devel
mailing list