From bfb029c82afc09f7a368e8d3c03d4f1901aef6bc Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 27 Mar 2015 15:48:29 +0100 Subject: [PATCH] hmac: Reset the underlying hasher before doing set_key() with longer keys The user might have done a non-complete append, having some state in the hasher. Fixes #909. --- src/libstrongswan/plugins/hmac/hmac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index 44cb46b4d9..96a14aed9f 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -103,7 +103,8 @@ METHOD(mac_t, set_key, bool, if (key.len > this->b) { /* if key is too long, it will be hashed */ - if (!this->h->get_hash(this->h, key, buffer)) + if (!this->h->reset(this->h) || + !this->h->get_hash(this->h, key, buffer)) { return FALSE; } -- 2.47.2