From 02ced31b6aa999099214d2688b1a80ac5d93c57b Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 16 Aug 2006 03:15:09 +0000 Subject: [PATCH] 2072. [bug] We were not generating valid HMAC SHA digests. [RT #16320] --- CHANGES | 3 + bin/tests/hash_test.c | 196 ++++++++++++++++++++++++++++++++-- lib/isc/hmacsha.c | 54 +++++----- lib/isc/include/isc/hmacsha.h | 12 +-- lib/isc/include/isc/sha1.h | 5 +- lib/isc/include/isc/sha2.h | 3 +- lib/isc/sha2.c | 4 +- 7 files changed, 229 insertions(+), 48 deletions(-) diff --git a/CHANGES b/CHANGES index 29dcc82834..371c451a78 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2072. [bug] We were not generating valid HMAC SHA digests. + [RT #16320] + 2071. [port] Test whether gcc accepts -fno-strict-aliasing. [RT #16324] diff --git a/bin/tests/hash_test.c b/bin/tests/hash_test.c index 54ff363afb..84ee3400fd 100644 --- a/bin/tests/hash_test.c +++ b/bin/tests/hash_test.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hash_test.c,v 1.15 2005/04/27 04:56:08 sra Exp $ */ +/* $Id: hash_test.c,v 1.16 2006/08/16 03:15:09 marka Exp $ */ /*! \file */ #include @@ -24,18 +24,19 @@ #include #include +#include #include #include #include #include static void -print_digest(unsigned char *s, const char *hash, unsigned char *d, +print_digest(const char *s, const char *hash, unsigned char *d, unsigned int words) { unsigned int i, j; - printf("hash (%s) %s:\n\t", hash, (char *)s); + printf("hash (%s) %s:\n\t", hash, s); for (i = 0; i < words; i++) { printf(" "); for (j = 0; j < 4; j++) @@ -47,9 +48,15 @@ print_digest(unsigned char *s, const char *hash, unsigned char *d, int main(int argc, char **argv) { isc_sha1_t sha1; + isc_sha224_t sha224; isc_md5_t md5; isc_hmacmd5_t hmacmd5; - unsigned char digest[20]; + isc_hmacsha1_t hmacsha1; + isc_hmacsha224_t hmacsha224; + isc_hmacsha256_t hmacsha256; + isc_hmacsha384_t hmacsha384; + isc_hmacsha512_t hmacsha512; + unsigned char digest[ISC_SHA512_DIGESTLENGTH]; unsigned char buffer[1024]; const char *s; unsigned char key[20]; @@ -62,21 +69,35 @@ main(int argc, char **argv) { memcpy(buffer, s, strlen(s)); isc_sha1_update(&sha1, buffer, strlen(s)); isc_sha1_final(&sha1, digest); - print_digest(buffer, "sha1", digest, 5); + print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4); s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; isc_sha1_init(&sha1); memcpy(buffer, s, strlen(s)); isc_sha1_update(&sha1, buffer, strlen(s)); isc_sha1_final(&sha1, digest); - print_digest(buffer, "sha1", digest, 5); + print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4); + + s = "abc"; + isc_sha224_init(&sha224); + memcpy(buffer, s, strlen(s)); + isc_sha224_update(&sha224, buffer, strlen(s)); + isc_sha224_final(digest, &sha224); + print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4); + + s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + isc_sha224_init(&sha224); + memcpy(buffer, s, strlen(s)); + isc_sha224_update(&sha224, buffer, strlen(s)); + isc_sha224_final(digest, &sha224); + print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4); s = "abc"; isc_md5_init(&md5); memcpy(buffer, s, strlen(s)); isc_md5_update(&md5, buffer, strlen(s)); isc_md5_final(&md5, digest); - print_digest(buffer, "md5", digest, 4); + print_digest(s, "md5", digest, 4); /* * The 3 HMAC-MD5 examples from RFC2104 @@ -87,7 +108,7 @@ main(int argc, char **argv) { memcpy(buffer, s, strlen(s)); isc_hmacmd5_update(&hmacmd5, buffer, strlen(s)); isc_hmacmd5_sign(&hmacmd5, digest); - print_digest(buffer, "hmacmd5", digest, 4); + print_digest(s, "hmacmd5", digest, 4); s = "what do ya want for nothing?"; strcpy((char *)key, "Jefe"); @@ -95,7 +116,7 @@ main(int argc, char **argv) { memcpy(buffer, s, strlen(s)); isc_hmacmd5_update(&hmacmd5, buffer, strlen(s)); isc_hmacmd5_sign(&hmacmd5, digest); - print_digest(buffer, "hmacmd5", digest, 4); + print_digest(s, "hmacmd5", digest, 4); s = "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" @@ -107,7 +128,162 @@ main(int argc, char **argv) { memcpy(buffer, s, strlen(s)); isc_hmacmd5_update(&hmacmd5, buffer, strlen(s)); isc_hmacmd5_sign(&hmacmd5, digest); - print_digest(buffer, "hmacmd5", digest, 4); + print_digest(s, "hmacmd5", digest, 4); + + /* + * The 3 HMAC-SHA1 examples from RFC4634. + */ + s = "Hi There"; + memset(key, 0x0b, 20); + isc_hmacsha1_init(&hmacsha1, key, 20); + memcpy(buffer, s, strlen(s)); + isc_hmacsha1_update(&hmacsha1, buffer, strlen(s)); + isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH); + print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4); + + s = "what do ya want for nothing?"; + strcpy((char *)key, "Jefe"); + isc_hmacsha1_init(&hmacsha1, key, 4); + memcpy(buffer, s, strlen(s)); + isc_hmacsha1_update(&hmacsha1, buffer, strlen(s)); + isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH); + print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4); + + s = "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335"; + memset(key, 0xaa, 20); + isc_hmacsha1_init(&hmacsha1, key, 20); + memcpy(buffer, s, strlen(s)); + isc_hmacsha1_update(&hmacsha1, buffer, strlen(s)); + isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH); + print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4); + + /* + * The 3 HMAC-SHA224 examples from RFC4634. + */ + s = "Hi There"; + memset(key, 0x0b, 20); + isc_hmacsha224_init(&hmacsha224, key, 20); + memcpy(buffer, s, strlen(s)); + isc_hmacsha224_update(&hmacsha224, buffer, strlen(s)); + isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH); + print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4); + + s = "what do ya want for nothing?"; + strcpy((char *)key, "Jefe"); + isc_hmacsha224_init(&hmacsha224, key, 4); + memcpy(buffer, s, strlen(s)); + isc_hmacsha224_update(&hmacsha224, buffer, strlen(s)); + isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH); + print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4); + + s = "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335"; + memset(key, 0xaa, 20); + isc_hmacsha224_init(&hmacsha224, key, 20); + memcpy(buffer, s, strlen(s)); + isc_hmacsha224_update(&hmacsha224, buffer, strlen(s)); + isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH); + print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4); + + /* + * The 3 HMAC-SHA256 examples from RFC4634. + */ + s = "Hi There"; + memset(key, 0x0b, 20); + isc_hmacsha256_init(&hmacsha256, key, 20); + memcpy(buffer, s, strlen(s)); + isc_hmacsha256_update(&hmacsha256, buffer, strlen(s)); + isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH); + print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4); + + s = "what do ya want for nothing?"; + strcpy((char *)key, "Jefe"); + isc_hmacsha256_init(&hmacsha256, key, 4); + memcpy(buffer, s, strlen(s)); + isc_hmacsha256_update(&hmacsha256, buffer, strlen(s)); + isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH); + print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4); + + s = "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335"; + memset(key, 0xaa, 20); + isc_hmacsha256_init(&hmacsha256, key, 20); + memcpy(buffer, s, strlen(s)); + isc_hmacsha256_update(&hmacsha256, buffer, strlen(s)); + isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH); + print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4); + + /* + * The 3 HMAC-SHA384 examples from RFC4634. + */ + s = "Hi There"; + memset(key, 0x0b, 20); + isc_hmacsha384_init(&hmacsha384, key, 20); + memcpy(buffer, s, strlen(s)); + isc_hmacsha384_update(&hmacsha384, buffer, strlen(s)); + isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH); + print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4); + + s = "what do ya want for nothing?"; + strcpy((char *)key, "Jefe"); + isc_hmacsha384_init(&hmacsha384, key, 4); + memcpy(buffer, s, strlen(s)); + isc_hmacsha384_update(&hmacsha384, buffer, strlen(s)); + isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH); + print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4); + + s = "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335"; + memset(key, 0xaa, 20); + isc_hmacsha384_init(&hmacsha384, key, 20); + memcpy(buffer, s, strlen(s)); + isc_hmacsha384_update(&hmacsha384, buffer, strlen(s)); + isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH); + print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4); + + /* + * The 3 HMAC-SHA512 examples from RFC4634. + */ + s = "Hi There"; + memset(key, 0x0b, 20); + isc_hmacsha512_init(&hmacsha512, key, 20); + memcpy(buffer, s, strlen(s)); + isc_hmacsha512_update(&hmacsha512, buffer, strlen(s)); + isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH); + print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4); + + s = "what do ya want for nothing?"; + strcpy((char *)key, "Jefe"); + isc_hmacsha512_init(&hmacsha512, key, 4); + memcpy(buffer, s, strlen(s)); + isc_hmacsha512_update(&hmacsha512, buffer, strlen(s)); + isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH); + print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4); + + s = "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335" + "\335\335\335\335\335\335\335\335\335\335"; + memset(key, 0xaa, 20); + isc_hmacsha512_init(&hmacsha512, key, 20); + memcpy(buffer, s, strlen(s)); + isc_hmacsha512_update(&hmacsha512, buffer, strlen(s)); + isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH); + print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4); return (0); } diff --git a/lib/isc/hmacsha.c b/lib/isc/hmacsha.c index 1dd2a11a00..ac4c0d663f 100644 --- a/lib/isc/hmacsha.c +++ b/lib/isc/hmacsha.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacsha.c,v 1.4 2006/01/31 00:35:21 marka Exp $ */ +/* $Id: hmacsha.c,v 1.5 2006/08/16 03:15:09 marka Exp $ */ /* * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 @@ -42,7 +42,7 @@ void isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key, unsigned int len) { - unsigned char ipad[ISC_SHA1_DIGESTLENGTH]; + unsigned char ipad[ISC_SHA1_BLOCK_LENGTH]; unsigned int i; memset(ctx->key, 0, sizeof(ctx->key)); @@ -56,7 +56,7 @@ isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key, isc_sha1_init(&ctx->sha1ctx); memset(ipad, IPAD, sizeof(ipad)); - for (i = 0; i < ISC_SHA1_DIGESTLENGTH; i++) + for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++) ipad[i] ^= ctx->key[i]; isc_sha1_update(&ctx->sha1ctx, ipad, sizeof(ipad)); } @@ -84,7 +84,7 @@ isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf, */ void isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { - unsigned char opad[ISC_SHA1_DIGESTLENGTH]; + unsigned char opad[ISC_SHA1_BLOCK_LENGTH]; unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; unsigned int i; @@ -92,7 +92,7 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { isc_sha1_final(&ctx->sha1ctx, newdigest); memset(opad, OPAD, sizeof(opad)); - for (i = 0; i < ISC_SHA1_DIGESTLENGTH; i++) + for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++) opad[i] ^= ctx->key[i]; isc_sha1_init(&ctx->sha1ctx); @@ -101,7 +101,7 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { isc_sha1_final(&ctx->sha1ctx, newdigest); isc_hmacsha1_invalidate(ctx); memcpy(digest, newdigest, len); - memset(newdigest, 0, len); + memset(newdigest, 0, sizeof(newdigest)); } /* @@ -112,7 +112,7 @@ isc_boolean_t isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; - REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); + REQUIRE(len <= ISC_SHA1_BLOCK_LENGTH); isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH); return (ISC_TF(memcmp(digest, newdigest, len) == 0)); } @@ -124,7 +124,7 @@ void isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key, unsigned int len) { - unsigned char ipad[ISC_SHA224_DIGESTLENGTH]; + unsigned char ipad[ISC_SHA224_BLOCK_LENGTH]; unsigned int i; memset(ctx->key, 0, sizeof(ctx->key)); @@ -138,7 +138,7 @@ isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key, isc_sha224_init(&ctx->sha224ctx); memset(ipad, IPAD, sizeof(ipad)); - for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) + for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++) ipad[i] ^= ctx->key[i]; isc_sha224_update(&ctx->sha224ctx, ipad, sizeof(ipad)); } @@ -165,7 +165,7 @@ isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf, */ void isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { - unsigned char opad[ISC_SHA224_DIGESTLENGTH]; + unsigned char opad[ISC_SHA224_BLOCK_LENGTH]; unsigned char newdigest[ISC_SHA224_DIGESTLENGTH]; unsigned int i; @@ -173,7 +173,7 @@ isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { isc_sha224_final(newdigest, &ctx->sha224ctx); memset(opad, OPAD, sizeof(opad)); - for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) + for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++) opad[i] ^= ctx->key[i]; isc_sha224_init(&ctx->sha224ctx); @@ -181,7 +181,7 @@ isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { isc_sha224_update(&ctx->sha224ctx, newdigest, ISC_SHA224_DIGESTLENGTH); isc_sha224_final(newdigest, &ctx->sha224ctx); memcpy(digest, newdigest, len); - memset(newdigest, 0, len); + memset(newdigest, 0, sizeof(newdigest)); } /* @@ -204,7 +204,7 @@ void isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key, unsigned int len) { - unsigned char ipad[ISC_SHA256_DIGESTLENGTH]; + unsigned char ipad[ISC_SHA256_BLOCK_LENGTH]; unsigned int i; memset(ctx->key, 0, sizeof(ctx->key)); @@ -218,7 +218,7 @@ isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key, isc_sha256_init(&ctx->sha256ctx); memset(ipad, IPAD, sizeof(ipad)); - for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) + for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++) ipad[i] ^= ctx->key[i]; isc_sha256_update(&ctx->sha256ctx, ipad, sizeof(ipad)); } @@ -245,7 +245,7 @@ isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf, */ void isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { - unsigned char opad[ISC_SHA256_DIGESTLENGTH]; + unsigned char opad[ISC_SHA256_BLOCK_LENGTH]; unsigned char newdigest[ISC_SHA256_DIGESTLENGTH]; unsigned int i; @@ -253,7 +253,7 @@ isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { isc_sha256_final(newdigest, &ctx->sha256ctx); memset(opad, OPAD, sizeof(opad)); - for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) + for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++) opad[i] ^= ctx->key[i]; isc_sha256_init(&ctx->sha256ctx); @@ -261,7 +261,7 @@ isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { isc_sha256_update(&ctx->sha256ctx, newdigest, ISC_SHA256_DIGESTLENGTH); isc_sha256_final(newdigest, &ctx->sha256ctx); memcpy(digest, newdigest, len); - memset(newdigest, 0, len); + memset(newdigest, 0, sizeof(newdigest)); } /* @@ -284,7 +284,7 @@ void isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key, unsigned int len) { - unsigned char ipad[ISC_SHA384_DIGESTLENGTH]; + unsigned char ipad[ISC_SHA384_BLOCK_LENGTH]; unsigned int i; memset(ctx->key, 0, sizeof(ctx->key)); @@ -298,7 +298,7 @@ isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key, isc_sha384_init(&ctx->sha384ctx); memset(ipad, IPAD, sizeof(ipad)); - for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) + for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++) ipad[i] ^= ctx->key[i]; isc_sha384_update(&ctx->sha384ctx, ipad, sizeof(ipad)); } @@ -325,7 +325,7 @@ isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf, */ void isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { - unsigned char opad[ISC_SHA384_DIGESTLENGTH]; + unsigned char opad[ISC_SHA384_BLOCK_LENGTH]; unsigned char newdigest[ISC_SHA384_DIGESTLENGTH]; unsigned int i; @@ -333,7 +333,7 @@ isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { isc_sha384_final(newdigest, &ctx->sha384ctx); memset(opad, OPAD, sizeof(opad)); - for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) + for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++) opad[i] ^= ctx->key[i]; isc_sha384_init(&ctx->sha384ctx); @@ -341,7 +341,7 @@ isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { isc_sha384_update(&ctx->sha384ctx, newdigest, ISC_SHA384_DIGESTLENGTH); isc_sha384_final(newdigest, &ctx->sha384ctx); memcpy(digest, newdigest, len); - memset(newdigest, 0, len); + memset(newdigest, 0, sizeof(newdigest)); } /* @@ -364,7 +364,7 @@ void isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key, unsigned int len) { - unsigned char ipad[ISC_SHA512_DIGESTLENGTH]; + unsigned char ipad[ISC_SHA512_BLOCK_LENGTH]; unsigned int i; memset(ctx->key, 0, sizeof(ctx->key)); @@ -378,7 +378,7 @@ isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key, isc_sha512_init(&ctx->sha512ctx); memset(ipad, IPAD, sizeof(ipad)); - for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) + for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++) ipad[i] ^= ctx->key[i]; isc_sha512_update(&ctx->sha512ctx, ipad, sizeof(ipad)); } @@ -405,7 +405,7 @@ isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf, */ void isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { - unsigned char opad[ISC_SHA512_DIGESTLENGTH]; + unsigned char opad[ISC_SHA512_BLOCK_LENGTH]; unsigned char newdigest[ISC_SHA512_DIGESTLENGTH]; unsigned int i; @@ -413,7 +413,7 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { isc_sha512_final(newdigest, &ctx->sha512ctx); memset(opad, OPAD, sizeof(opad)); - for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) + for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++) opad[i] ^= ctx->key[i]; isc_sha512_init(&ctx->sha512ctx); @@ -421,7 +421,7 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { isc_sha512_update(&ctx->sha512ctx, newdigest, ISC_SHA512_DIGESTLENGTH); isc_sha512_final(newdigest, &ctx->sha512ctx); memcpy(digest, newdigest, len); - memset(newdigest, 0, len); + memset(newdigest, 0, sizeof(newdigest)); } /* diff --git a/lib/isc/include/isc/hmacsha.h b/lib/isc/include/isc/hmacsha.h index 2ff0d7b1ee..1261cf2777 100644 --- a/lib/isc/include/isc/hmacsha.h +++ b/lib/isc/include/isc/hmacsha.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacsha.h,v 1.3 2006/01/27 23:57:46 marka Exp $ */ +/* $Id: hmacsha.h,v 1.4 2006/08/16 03:15:09 marka Exp $ */ /* * This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, @@ -29,11 +29,11 @@ #include #include -#define ISC_HMACSHA1_KEYLENGTH ISC_SHA1_DIGESTLENGTH -#define ISC_HMACSHA224_KEYLENGTH ISC_SHA224_DIGESTLENGTH -#define ISC_HMACSHA256_KEYLENGTH ISC_SHA256_DIGESTLENGTH -#define ISC_HMACSHA384_KEYLENGTH ISC_SHA384_DIGESTLENGTH -#define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_DIGESTLENGTH +#define ISC_HMACSHA1_KEYLENGTH ISC_SHA1_BLOCK_LENGTH +#define ISC_HMACSHA224_KEYLENGTH ISC_SHA224_BLOCK_LENGTH +#define ISC_HMACSHA256_KEYLENGTH ISC_SHA256_BLOCK_LENGTH +#define ISC_HMACSHA384_KEYLENGTH ISC_SHA384_BLOCK_LENGTH +#define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_BLOCK_LENGTH typedef struct { isc_sha1_t sha1ctx; diff --git a/lib/isc/include/isc/sha1.h b/lib/isc/include/isc/sha1.h index fe52637d4e..21e8e321c8 100644 --- a/lib/isc/include/isc/sha1.h +++ b/lib/isc/include/isc/sha1.h @@ -18,7 +18,7 @@ #ifndef ISC_SHA1_H #define ISC_SHA1_H 1 -/* $Id: sha1.h,v 1.13 2006/02/01 00:10:35 marka Exp $ */ +/* $Id: sha1.h,v 1.14 2006/08/16 03:15:09 marka Exp $ */ /* $NetBSD: sha1.h,v 1.2 1998/05/29 22:55:44 thorpej Exp $ */ @@ -32,11 +32,12 @@ #include #define ISC_SHA1_DIGESTLENGTH 20U +#define ISC_SHA1_BLOCK_LENGTH 64U typedef struct { isc_uint32_t state[5]; isc_uint32_t count[2]; - unsigned char buffer[64]; + unsigned char buffer[ISC_SHA1_BLOCK_LENGTH]; } isc_sha1_t; ISC_LANG_BEGINDECLS diff --git a/lib/isc/include/isc/sha2.h b/lib/isc/include/isc/sha2.h index 511d75ce01..4d5d07b22c 100644 --- a/lib/isc/include/isc/sha2.h +++ b/lib/isc/include/isc/sha2.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha2.h,v 1.6 2006/02/24 00:03:15 marka Exp $ */ +/* $Id: sha2.h,v 1.7 2006/08/16 03:15:09 marka Exp $ */ /* $FreeBSD: src/sys/crypto/sha2/sha2.h,v 1.1.2.1 2001/07/03 11:01:36 ume Exp $ */ /* $KAME: sha2.h,v 1.3 2001/03/12 08:27:48 itojun Exp $ */ @@ -62,6 +62,7 @@ /*** SHA-224/256/384/512 Various Length Definitions ***********************/ +#define ISC_SHA224_BLOCK_LENGTH 64U #define ISC_SHA224_DIGESTLENGTH 28U #define ISC_SHA224_DIGESTSTRINGLENGTH (ISC_SHA224_DIGESTLENGTH * 2 + 1) #define ISC_SHA256_BLOCK_LENGTH 64U diff --git a/lib/isc/sha2.c b/lib/isc/sha2.c index 67fe3d0b09..8bd325a072 100644 --- a/lib/isc/sha2.c +++ b/lib/isc/sha2.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha2.c,v 1.9 2006/03/10 03:49:57 marka Exp $ */ +/* $Id: sha2.c,v 1.10 2006/08/16 03:15:09 marka Exp $ */ /* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */ /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */ @@ -420,7 +420,7 @@ isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) { } void -isc_sha224_final(isc_uint8_t digest[], isc_sha256_t *context) { +isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH]; isc_sha256_final(sha256_digest, (isc_sha256_t *)context); memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);