From: Francis Dupont Date: Sat, 22 Oct 2016 09:29:54 +0000 (+0200) Subject: [3908] Addressed comments (no code change) X-Git-Tag: trac4631b_base~8^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e981ca8fe1773265c6a81d9846af9836ccb7203e;p=thirdparty%2Fkea.git [3908] Addressed comments (no code change) --- diff --git a/src/lib/cryptolink/botan_hmac.cc b/src/lib/cryptolink/botan_hmac.cc index ce90e9ff3a..27281f0cbc 100644 --- a/src/lib/cryptolink/botan_hmac.cc +++ b/src/lib/cryptolink/botan_hmac.cc @@ -180,9 +180,9 @@ public: /// /// See @ref isc::cryptolink::HMAC::verify() for details. bool verify(const void* sig, size_t len) { - /// @todo Botan's verify_mac checks if len matches the output_length, - /// which causes it to fail for truncated signatures, so we do - /// the check ourselves + // Botan's verify_mac checks if len matches the output_length, + // which causes it to fail for truncated signatures, so we do + // the check ourselves try { size_t size = getOutputLength(); if (len < 10 || len < size / 2) { @@ -194,6 +194,8 @@ public: if (digest_.empty()) { digest_ = hmac_->final(); } + // digest_.size() == size by construction + // if you are not convinced, add an assert() return (Botan::same_mem(&digest_[0], static_cast(sig), len)); diff --git a/src/lib/cryptolink/crypto_hash.h b/src/lib/cryptolink/crypto_hash.h index 58d4cc4d45..e674694632 100644 --- a/src/lib/cryptolink/crypto_hash.h +++ b/src/lib/cryptolink/crypto_hash.h @@ -51,6 +51,8 @@ public: ~Hash(); /// \brief Returns the HashAlgorithm of the object + /// + /// \return hash algorithm HashAlgorithm getHashAlgorithm() const; /// \brief Returns the output size of the digest diff --git a/src/lib/cryptolink/crypto_hmac.h b/src/lib/cryptolink/crypto_hmac.h index fdd78d33d4..48b0ef156f 100644 --- a/src/lib/cryptolink/crypto_hmac.h +++ b/src/lib/cryptolink/crypto_hmac.h @@ -61,6 +61,8 @@ public: ~HMAC(); /// \brief Returns the HashAlgorithm of the object + /// + /// \return hash algorithm HashAlgorithm getHashAlgorithm() const; /// \brief Returns the output size of the digest @@ -126,7 +128,9 @@ public: /// \param sig The signature to verify /// \param len The length of the signature. If this is smaller /// than the output length of the algorithm, - /// only len bytes will be checked + /// only len bytes will be checked. If this is + /// larger than the output length of the algorithm, + /// only output size bytes will be checked /// \return true if the signature is correct, false otherwise /// /// \note verify() does not destroy its context so it can be diff --git a/src/lib/cryptolink/openssl_hmac.cc b/src/lib/cryptolink/openssl_hmac.cc index 6d6a129672..57ed066a75 100644 --- a/src/lib/cryptolink/openssl_hmac.cc +++ b/src/lib/cryptolink/openssl_hmac.cc @@ -163,6 +163,8 @@ public: if (len > size) { len = size; } + // digest.size() == size by construction + // if you are not convinced, add an assert() return (digest.same(sig, len)); }