Important fix for HMAC-SHA-384/512

[Werner Koch]

Hi!

a bug has in found in the HMAC computation when using a key size of 64
to 128 bytes with SHA-384 or SHA-512.  The result is a wrong HMAC value.
Given that such key seizes are not very common, it should not give any
real world problems but it needs to be fixed anyway.

The fix below is for libgcrypt 1.4.3 but it should apply to all 1.4
versions.


Salam-Shalom,

   Werner



 * Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.

--- orig/libgcrypt-1.4.3/cipher/md.c    2008-09-12 15:43:52.000000000 +0200
+++ libgcrypt-1.4.3/cipher/md.c 2008-11-05 19:52:32.000000000 +0100
@@ -834,7 +834,7 @@ prepare_macpads( gcry_md_hd_t hd, const 
   if ( !algo )
     return GPG_ERR_DIGEST_ALGO; /* i.e. no algo enabled */
 
-  if ( keylen > 64 ) 
+  if ( keylen > hd->ctx->macpads_Bsize ) 
     {
       helpkey = gcry_malloc_secure ( md_digest_length( algo ) );
       if ( !helpkey )
@@ -842,7 +842,7 @@ prepare_macpads( gcry_md_hd_t hd, const 
       gcry_md_hash_buffer ( algo, helpkey, key, keylen );
       key = helpkey;
       keylen = md_digest_length( algo );
-      gcry_assert ( keylen <= 64 );
+      gcry_assert ( keylen <= hd->ctx->macpads_Bsize );
     }
 
   memset ( hd->ctx->macpads, 0, 2*(hd->ctx->macpads_Bsize) );



-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.