2072. [bug] We were not generating valid HMAC SHA digests.

                        [RT #16320]

diff --git a/CHANGES b/CHANGES
index 29dcc82834df402e42ed9e993d8798f3acbbadc8..371c451a78548646fa0645fac132852fe7a8294c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2072.  [bug]           We were not generating valid HMAC SHA digests.
+                       [RT #16320]
+
 2071.  [port]          Test whether gcc accepts -fno-strict-aliasing.
                        [RT #16324]
 

diff --git a/bin/tests/hash_test.c b/bin/tests/hash_test.c
index 54ff363afb068e3548cefcce58ee73ea6cd1f540..84ee3400fde4a9c015490d41376df7c36e1fd4da 100644 (file)
--- a/bin/tests/hash_test.c
+++ b/bin/tests/hash_test.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: hash_test.c,v 1.15 2005/04/27 04:56:08 sra Exp $ */
+/* $Id: hash_test.c,v 1.16 2006/08/16 03:15:09 marka Exp $ */
 
 /*! \file */
 #include <config.h>
@@ -24,18 +24,19 @@
 #include <string.h>
 
 #include <isc/hmacmd5.h>
+#include <isc/hmacsha.h>
 #include <isc/md5.h>
 #include <isc/sha1.h>
 #include <isc/util.h>
 #include <isc/string.h>
 
 static void
-print_digest(unsigned char *s, const char *hash, unsigned char *d,
+print_digest(const char *s, const char *hash, unsigned char *d,
             unsigned int words)
 {
        unsigned int i, j;
 
-       printf("hash (%s) %s:\n\t", hash, (char *)s);
+       printf("hash (%s) %s:\n\t", hash, s);
        for (i = 0; i < words; i++) {
                printf(" ");
                for (j = 0; j < 4; j++)
@@ -47,9 +48,15 @@ print_digest(unsigned char *s, const char *hash, unsigned char *d,
 int
 main(int argc, char **argv) {
        isc_sha1_t sha1;
+       isc_sha224_t sha224;
        isc_md5_t md5;
        isc_hmacmd5_t hmacmd5;
-       unsigned char digest[20];
+       isc_hmacsha1_t hmacsha1;
+       isc_hmacsha224_t hmacsha224;
+       isc_hmacsha256_t hmacsha256;
+       isc_hmacsha384_t hmacsha384;
+       isc_hmacsha512_t hmacsha512;
+       unsigned char digest[ISC_SHA512_DIGESTLENGTH];
        unsigned char buffer[1024];
        const char *s;
        unsigned char key[20];
@@ -62,21 +69,35 @@ main(int argc, char **argv) {
        memcpy(buffer, s, strlen(s));
        isc_sha1_update(&sha1, buffer, strlen(s));
        isc_sha1_final(&sha1, digest);
-       print_digest(buffer, "sha1", digest, 5);
+       print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4);
 
        s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
        isc_sha1_init(&sha1);
        memcpy(buffer, s, strlen(s));
        isc_sha1_update(&sha1, buffer, strlen(s));
        isc_sha1_final(&sha1, digest);
-       print_digest(buffer, "sha1", digest, 5);
+       print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4);
+
+       s = "abc";
+       isc_sha224_init(&sha224);
+       memcpy(buffer, s, strlen(s));
+       isc_sha224_update(&sha224, buffer, strlen(s));
+       isc_sha224_final(digest, &sha224);
+       print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4);
+
+       s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+       isc_sha224_init(&sha224);
+       memcpy(buffer, s, strlen(s));
+       isc_sha224_update(&sha224, buffer, strlen(s));
+       isc_sha224_final(digest, &sha224);
+       print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4);
 
        s = "abc";
        isc_md5_init(&md5);
        memcpy(buffer, s, strlen(s));
        isc_md5_update(&md5, buffer, strlen(s));
        isc_md5_final(&md5, digest);
-       print_digest(buffer, "md5", digest, 4);
+       print_digest(s, "md5", digest, 4);
 
        /*
         * The 3 HMAC-MD5 examples from RFC2104
@@ -87,7 +108,7 @@ main(int argc, char **argv) {
        memcpy(buffer, s, strlen(s));
        isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
        isc_hmacmd5_sign(&hmacmd5, digest);
-       print_digest(buffer, "hmacmd5", digest, 4);
+       print_digest(s, "hmacmd5", digest, 4);
 
        s = "what do ya want for nothing?";
        strcpy((char *)key, "Jefe");
@@ -95,7 +116,7 @@ main(int argc, char **argv) {
        memcpy(buffer, s, strlen(s));
        isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
        isc_hmacmd5_sign(&hmacmd5, digest);
-       print_digest(buffer, "hmacmd5", digest, 4);
+       print_digest(s, "hmacmd5", digest, 4);
 
        s = "\335\335\335\335\335\335\335\335\335\335"
            "\335\335\335\335\335\335\335\335\335\335"
@@ -107,7 +128,162 @@ main(int argc, char **argv) {
        memcpy(buffer, s, strlen(s));
        isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
        isc_hmacmd5_sign(&hmacmd5, digest);
-       print_digest(buffer, "hmacmd5", digest, 4);
+       print_digest(s, "hmacmd5", digest, 4);
+
+       /*
+        * The 3 HMAC-SHA1 examples from RFC4634.
+        */
+       s = "Hi There";
+       memset(key, 0x0b, 20);
+       isc_hmacsha1_init(&hmacsha1, key, 20);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
+       isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
+       print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
+
+       s = "what do ya want for nothing?";
+       strcpy((char *)key, "Jefe");
+       isc_hmacsha1_init(&hmacsha1, key, 4);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
+       isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
+       print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
+
+       s = "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335";
+       memset(key, 0xaa, 20);
+       isc_hmacsha1_init(&hmacsha1, key, 20);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
+       isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
+       print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
+
+       /*
+        * The 3 HMAC-SHA224 examples from RFC4634.
+        */
+       s = "Hi There";
+       memset(key, 0x0b, 20);
+       isc_hmacsha224_init(&hmacsha224, key, 20);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
+       isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
+       print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
+
+       s = "what do ya want for nothing?";
+       strcpy((char *)key, "Jefe");
+       isc_hmacsha224_init(&hmacsha224, key, 4);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
+       isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
+       print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
+
+       s = "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335";
+       memset(key, 0xaa, 20);
+       isc_hmacsha224_init(&hmacsha224, key, 20);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
+       isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
+       print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
+
+       /*
+        * The 3 HMAC-SHA256 examples from RFC4634.
+        */
+       s = "Hi There";
+       memset(key, 0x0b, 20);
+       isc_hmacsha256_init(&hmacsha256, key, 20);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
+       isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
+       print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
+
+       s = "what do ya want for nothing?";
+       strcpy((char *)key, "Jefe");
+       isc_hmacsha256_init(&hmacsha256, key, 4);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
+       isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
+       print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
+
+       s = "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335";
+       memset(key, 0xaa, 20);
+       isc_hmacsha256_init(&hmacsha256, key, 20);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
+       isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
+       print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
+
+       /*
+        * The 3 HMAC-SHA384 examples from RFC4634.
+        */
+       s = "Hi There";
+       memset(key, 0x0b, 20);
+       isc_hmacsha384_init(&hmacsha384, key, 20);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
+       isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
+       print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
+
+       s = "what do ya want for nothing?";
+       strcpy((char *)key, "Jefe");
+       isc_hmacsha384_init(&hmacsha384, key, 4);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
+       isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
+       print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
+
+       s = "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335";
+       memset(key, 0xaa, 20);
+       isc_hmacsha384_init(&hmacsha384, key, 20);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
+       isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
+       print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
+
+       /*
+        * The 3 HMAC-SHA512 examples from RFC4634.
+        */
+       s = "Hi There";
+       memset(key, 0x0b, 20);
+       isc_hmacsha512_init(&hmacsha512, key, 20);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
+       isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
+       print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
+
+       s = "what do ya want for nothing?";
+       strcpy((char *)key, "Jefe");
+       isc_hmacsha512_init(&hmacsha512, key, 4);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
+       isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
+       print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
+
+       s = "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335"
+           "\335\335\335\335\335\335\335\335\335\335";
+       memset(key, 0xaa, 20);
+       isc_hmacsha512_init(&hmacsha512, key, 20);
+       memcpy(buffer, s, strlen(s));
+       isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
+       isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
+       print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
 
        return (0);
 }

diff --git a/lib/isc/hmacsha.c b/lib/isc/hmacsha.c
index 1dd2a11a00a8a0ea1abd1cb0fb4ca32ac0c095c3..ac4c0d663f6a77e3e8faa7bc05b18cfd87a841be 100644 (file)
--- a/lib/isc/hmacsha.c
+++ b/lib/isc/hmacsha.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: hmacsha.c,v 1.4 2006/01/31 00:35:21 marka Exp $ */
+/* $Id: hmacsha.c,v 1.5 2006/08/16 03:15:09 marka Exp $ */
 
 /*
  * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
@@ -42,7 +42,7 @@ void
 isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
                  unsigned int len)
 {
-       unsigned char ipad[ISC_SHA1_DIGESTLENGTH];
+       unsigned char ipad[ISC_SHA1_BLOCK_LENGTH];
        unsigned int i;
 
        memset(ctx->key, 0, sizeof(ctx->key));
@@ -56,7 +56,7 @@ isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
 
        isc_sha1_init(&ctx->sha1ctx);
        memset(ipad, IPAD, sizeof(ipad));
-       for (i = 0; i < ISC_SHA1_DIGESTLENGTH; i++)
+       for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++)
                ipad[i] ^= ctx->key[i];
        isc_sha1_update(&ctx->sha1ctx, ipad, sizeof(ipad));
 }
@@ -84,7 +84,7 @@ isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
  */
 void
 isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
-       unsigned char opad[ISC_SHA1_DIGESTLENGTH];
+       unsigned char opad[ISC_SHA1_BLOCK_LENGTH];
        unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
        unsigned int i;
 
@@ -92,7 +92,7 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
        isc_sha1_final(&ctx->sha1ctx, newdigest);
 
        memset(opad, OPAD, sizeof(opad));
-       for (i = 0; i < ISC_SHA1_DIGESTLENGTH; i++)
+       for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++)
                opad[i] ^= ctx->key[i];
 
        isc_sha1_init(&ctx->sha1ctx);
@@ -101,7 +101,7 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
        isc_sha1_final(&ctx->sha1ctx, newdigest);
        isc_hmacsha1_invalidate(ctx);
        memcpy(digest, newdigest, len);
-       memset(newdigest, 0, len);
+       memset(newdigest, 0, sizeof(newdigest));
 }
 
 /*
@@ -112,7 +112,7 @@ isc_boolean_t
 isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
        unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
 
-       REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
+       REQUIRE(len <= ISC_SHA1_BLOCK_LENGTH);
        isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
        return (ISC_TF(memcmp(digest, newdigest, len) == 0));
 }
@@ -124,7 +124,7 @@ void
 isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
                    unsigned int len)
 {
-       unsigned char ipad[ISC_SHA224_DIGESTLENGTH];
+       unsigned char ipad[ISC_SHA224_BLOCK_LENGTH];
        unsigned int i;
 
        memset(ctx->key, 0, sizeof(ctx->key));
@@ -138,7 +138,7 @@ isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
 
        isc_sha224_init(&ctx->sha224ctx);
        memset(ipad, IPAD, sizeof(ipad));
-       for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++)
+       for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++)
                ipad[i] ^= ctx->key[i];
        isc_sha224_update(&ctx->sha224ctx, ipad, sizeof(ipad));
 }
@@ -165,7 +165,7 @@ isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
  */
 void
 isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
-       unsigned char opad[ISC_SHA224_DIGESTLENGTH];
+       unsigned char opad[ISC_SHA224_BLOCK_LENGTH];
        unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
        unsigned int i;
 
@@ -173,7 +173,7 @@ isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
        isc_sha224_final(newdigest, &ctx->sha224ctx);
 
        memset(opad, OPAD, sizeof(opad));
-       for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++)
+       for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++)
                opad[i] ^= ctx->key[i];
 
        isc_sha224_init(&ctx->sha224ctx);
@@ -181,7 +181,7 @@ isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
        isc_sha224_update(&ctx->sha224ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
        isc_sha224_final(newdigest, &ctx->sha224ctx);
        memcpy(digest, newdigest, len);
-       memset(newdigest, 0, len);
+       memset(newdigest, 0, sizeof(newdigest));
 }
 
 /*
@@ -204,7 +204,7 @@ void
 isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
                    unsigned int len)
 {
-       unsigned char ipad[ISC_SHA256_DIGESTLENGTH];
+       unsigned char ipad[ISC_SHA256_BLOCK_LENGTH];
        unsigned int i;
 
        memset(ctx->key, 0, sizeof(ctx->key));
@@ -218,7 +218,7 @@ isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
 
        isc_sha256_init(&ctx->sha256ctx);
        memset(ipad, IPAD, sizeof(ipad));
-       for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++)
+       for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++)
                ipad[i] ^= ctx->key[i];
        isc_sha256_update(&ctx->sha256ctx, ipad, sizeof(ipad));
 }
@@ -245,7 +245,7 @@ isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
  */
 void
 isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
-       unsigned char opad[ISC_SHA256_DIGESTLENGTH];
+       unsigned char opad[ISC_SHA256_BLOCK_LENGTH];
        unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
        unsigned int i;
 
@@ -253,7 +253,7 @@ isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
        isc_sha256_final(newdigest, &ctx->sha256ctx);
 
        memset(opad, OPAD, sizeof(opad));
-       for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++)
+       for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++)
                opad[i] ^= ctx->key[i];
 
        isc_sha256_init(&ctx->sha256ctx);
@@ -261,7 +261,7 @@ isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
        isc_sha256_update(&ctx->sha256ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
        isc_sha256_final(newdigest, &ctx->sha256ctx);
        memcpy(digest, newdigest, len);
-       memset(newdigest, 0, len);
+       memset(newdigest, 0, sizeof(newdigest));
 }
 
 /*
@@ -284,7 +284,7 @@ void
 isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
                    unsigned int len)
 {
-       unsigned char ipad[ISC_SHA384_DIGESTLENGTH];
+       unsigned char ipad[ISC_SHA384_BLOCK_LENGTH];
        unsigned int i;
 
        memset(ctx->key, 0, sizeof(ctx->key));
@@ -298,7 +298,7 @@ isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
 
        isc_sha384_init(&ctx->sha384ctx);
        memset(ipad, IPAD, sizeof(ipad));
-       for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++)
+       for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++)
                ipad[i] ^= ctx->key[i];
        isc_sha384_update(&ctx->sha384ctx, ipad, sizeof(ipad));
 }
@@ -325,7 +325,7 @@ isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
  */
 void
 isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
-       unsigned char opad[ISC_SHA384_DIGESTLENGTH];
+       unsigned char opad[ISC_SHA384_BLOCK_LENGTH];
        unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
        unsigned int i;
 
@@ -333,7 +333,7 @@ isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
        isc_sha384_final(newdigest, &ctx->sha384ctx);
 
        memset(opad, OPAD, sizeof(opad));
-       for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++)
+       for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++)
                opad[i] ^= ctx->key[i];
 
        isc_sha384_init(&ctx->sha384ctx);
@@ -341,7 +341,7 @@ isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
        isc_sha384_update(&ctx->sha384ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
        isc_sha384_final(newdigest, &ctx->sha384ctx);
        memcpy(digest, newdigest, len);
-       memset(newdigest, 0, len);
+       memset(newdigest, 0, sizeof(newdigest));
 }
 
 /*
@@ -364,7 +364,7 @@ void
 isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
                    unsigned int len)
 {
-       unsigned char ipad[ISC_SHA512_DIGESTLENGTH];
+       unsigned char ipad[ISC_SHA512_BLOCK_LENGTH];
        unsigned int i;
 
        memset(ctx->key, 0, sizeof(ctx->key));
@@ -378,7 +378,7 @@ isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
 
        isc_sha512_init(&ctx->sha512ctx);
        memset(ipad, IPAD, sizeof(ipad));
-       for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++)
+       for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++)
                ipad[i] ^= ctx->key[i];
        isc_sha512_update(&ctx->sha512ctx, ipad, sizeof(ipad));
 }
@@ -405,7 +405,7 @@ isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
  */
 void
 isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
-       unsigned char opad[ISC_SHA512_DIGESTLENGTH];
+       unsigned char opad[ISC_SHA512_BLOCK_LENGTH];
        unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
        unsigned int i;
 
@@ -413,7 +413,7 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
        isc_sha512_final(newdigest, &ctx->sha512ctx);
 
        memset(opad, OPAD, sizeof(opad));
-       for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++)
+       for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++)
                opad[i] ^= ctx->key[i];
 
        isc_sha512_init(&ctx->sha512ctx);
@@ -421,7 +421,7 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
        isc_sha512_update(&ctx->sha512ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
        isc_sha512_final(newdigest, &ctx->sha512ctx);
        memcpy(digest, newdigest, len);
-       memset(newdigest, 0, len);
+       memset(newdigest, 0, sizeof(newdigest));
 }
 
 /*

diff --git a/lib/isc/include/isc/hmacsha.h b/lib/isc/include/isc/hmacsha.h
index 2ff0d7b1ee58b8b953163e22d2c1b74cfe841730..1261cf2777953356cb52a2fc319936f757a3c987 100644 (file)
--- a/lib/isc/include/isc/hmacsha.h
+++ b/lib/isc/include/isc/hmacsha.h
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: hmacsha.h,v 1.3 2006/01/27 23:57:46 marka Exp $ */
+/* $Id: hmacsha.h,v 1.4 2006/08/16 03:15:09 marka Exp $ */
 
 /*
  * This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
@@ -29,11 +29,11 @@
 #include <isc/sha2.h>
 #include <isc/types.h>
 
-#define ISC_HMACSHA1_KEYLENGTH ISC_SHA1_DIGESTLENGTH
-#define ISC_HMACSHA224_KEYLENGTH ISC_SHA224_DIGESTLENGTH
-#define ISC_HMACSHA256_KEYLENGTH ISC_SHA256_DIGESTLENGTH
-#define ISC_HMACSHA384_KEYLENGTH ISC_SHA384_DIGESTLENGTH
-#define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_DIGESTLENGTH
+#define ISC_HMACSHA1_KEYLENGTH ISC_SHA1_BLOCK_LENGTH
+#define ISC_HMACSHA224_KEYLENGTH ISC_SHA224_BLOCK_LENGTH
+#define ISC_HMACSHA256_KEYLENGTH ISC_SHA256_BLOCK_LENGTH
+#define ISC_HMACSHA384_KEYLENGTH ISC_SHA384_BLOCK_LENGTH
+#define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_BLOCK_LENGTH
 
 typedef struct {
        isc_sha1_t sha1ctx;

diff --git a/lib/isc/include/isc/sha1.h b/lib/isc/include/isc/sha1.h
index fe52637d4e4cc48d0689a82594069e52076ba156..21e8e321c80c97b70472c1542b26daad69b4d7b9 100644 (file)
--- a/lib/isc/include/isc/sha1.h
+++ b/lib/isc/include/isc/sha1.h
@@ -18,7 +18,7 @@
 #ifndef ISC_SHA1_H
 #define ISC_SHA1_H 1
 
-/* $Id: sha1.h,v 1.13 2006/02/01 00:10:35 marka Exp $ */
+/* $Id: sha1.h,v 1.14 2006/08/16 03:15:09 marka Exp $ */
 
 /*     $NetBSD: sha1.h,v 1.2 1998/05/29 22:55:44 thorpej Exp $ */
 
@@ -32,11 +32,12 @@
 #include <isc/types.h>
 
 #define ISC_SHA1_DIGESTLENGTH 20U
+#define ISC_SHA1_BLOCK_LENGTH 64U
 
 typedef struct {
        isc_uint32_t state[5];
        isc_uint32_t count[2];
-       unsigned char buffer[64];
+       unsigned char buffer[ISC_SHA1_BLOCK_LENGTH];
 } isc_sha1_t;
 
 ISC_LANG_BEGINDECLS

diff --git a/lib/isc/include/isc/sha2.h b/lib/isc/include/isc/sha2.h
index 511d75ce01dec33051b4382267caa3e273e78664..4d5d07b22ce65e5fc7948fae4cb8441486fc520c 100644 (file)
--- a/lib/isc/include/isc/sha2.h
+++ b/lib/isc/include/isc/sha2.h
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sha2.h,v 1.6 2006/02/24 00:03:15 marka Exp $ */
+/* $Id: sha2.h,v 1.7 2006/08/16 03:15:09 marka Exp $ */
 
 /*     $FreeBSD: src/sys/crypto/sha2/sha2.h,v 1.1.2.1 2001/07/03 11:01:36 ume Exp $    */
 /*     $KAME: sha2.h,v 1.3 2001/03/12 08:27:48 itojun Exp $    */
@@ -62,6 +62,7 @@
 
 /*** SHA-224/256/384/512 Various Length Definitions ***********************/
 
+#define ISC_SHA224_BLOCK_LENGTH                64U
 #define ISC_SHA224_DIGESTLENGTH        28U
 #define ISC_SHA224_DIGESTSTRINGLENGTH  (ISC_SHA224_DIGESTLENGTH * 2 + 1)
 #define ISC_SHA256_BLOCK_LENGTH                64U

diff --git a/lib/isc/sha2.c b/lib/isc/sha2.c
index 67fe3d0b09363a8b15866420e96bd8e14212ea7e..8bd325a072f3e395d3c6fc6d751ff04e4d7adb28 100644 (file)
--- a/lib/isc/sha2.c
+++ b/lib/isc/sha2.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sha2.c,v 1.9 2006/03/10 03:49:57 marka Exp $ */
+/* $Id: sha2.c,v 1.10 2006/08/16 03:15:09 marka Exp $ */
 
 /*     $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $    */
 /*     $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $    */
@@ -420,7 +420,7 @@ isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
 }
 
 void 
-isc_sha224_final(isc_uint8_t digest[], isc_sha256_t *context) {
+isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
        isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH];
        isc_sha256_final(sha256_digest, (isc_sha256_t *)context);
        memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);