#1345 util.hashes: HMAC-SHA-512 implementation broken

Reporter Zash
Owner Zash
Created
Updated
Stars ★ (1)
Tags
  • Priority-Medium
  • Type-Defect
  • Milestone-0.11
  • Status-Fixed
  1. Zash on

    What steps will reproduce the problem? 1. Test util.hashes.hmac_sha512 using test vectors found inRFC 4231 What is the expected output? Tests passes. What do you see instead? Tests fail. Please provide any additional information below. The implementation in util-src/hashes.c uses a macro to implement all HMAC variants. Notably the inner hmac() function uses a fixed block size, which is the one used for HMAC-SHA-256, while HMAC-SHA-512 uses a larger block size. Thanks to darkrain42 for finding out about HMAC-SHA-512 block size.

  2. Zash on

    I have found no code that relies on hmac-sha-512. Fixing the C code has turned out to be tricky, so it seems easiest to change it to use the HMAC function provided by OpenSSL.

    Changes
    • owner Zash
    • tags Status-Started
  3. Zash on

    Fixed in https://hg.prosody.im/trunk/rev/29bc3dff3419

    Changes
    • tags Milestone-0.11 Status-Fixed

New comment

Not published. Used for spam prevention and optional update notifications.