BIND 10 trac951, updated. 5637b1961aafcdc6950d22aa7a3637221a57e99a [trac951] Revert "[trac951] we do have truncation support (at least in the api), so remove check and enable tests"
BIND 10 source code commits
bind10-changes at lists.isc.org
Fri May 27 18:00:25 UTC 2011
The branch, trac951 has been updated
via 5637b1961aafcdc6950d22aa7a3637221a57e99a (commit)
from 76ae47d1f6061a09f4a8e20852a9874ea28a4e19 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5637b1961aafcdc6950d22aa7a3637221a57e99a
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Fri May 27 10:58:58 2011 -0700
[trac951] Revert "[trac951] we do have truncation support (at least in the api), so remove check and enable tests"
This reverts commit 76ae47d1f6061a09f4a8e20852a9874ea28a4e19.
We cannot yet remove the additional check and re-enable the corresponding
tests. See my comment on ticket #951.
-----------------------------------------------------------------------
Summary of changes:
src/lib/cryptolink/crypto_hmac.cc | 8 ++++++++
src/lib/cryptolink/tests/crypto_unittests.cc | 6 +++---
2 files changed, 11 insertions(+), 3 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/cryptolink/crypto_hmac.cc b/src/lib/cryptolink/crypto_hmac.cc
index 65c56b9..14b43b3 100644
--- a/src/lib/cryptolink/crypto_hmac.cc
+++ b/src/lib/cryptolink/crypto_hmac.cc
@@ -182,6 +182,14 @@ public:
// SEE BELOW FOR TEMPORARY CHANGE
try {
Botan::SecureVector<Botan::byte> our_mac = hmac_->final();
+ if (len < getOutputLength()) {
+ // Currently we don't support truncated signature. To avoid
+ // validating too short signature accidently, we enforce the
+ // standard signature size for the moment.
+ // Once we support truncation correctly, this if-clause should
+ // (and the capitalized comment above) be removed.
+ return (false);
+ }
if (len == 0 || len > getOutputLength()) {
len = getOutputLength();
}
diff --git a/src/lib/cryptolink/tests/crypto_unittests.cc b/src/lib/cryptolink/tests/crypto_unittests.cc
index 243ac18..9cc4a14 100644
--- a/src/lib/cryptolink/tests/crypto_unittests.cc
+++ b/src/lib/cryptolink/tests/crypto_unittests.cc
@@ -250,7 +250,7 @@ TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN) {
}
// Temporarily disabled
-TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN_TRUNCATED) {
+TEST(CryptoLinkTest, DISABLED_HMAC_MD5_RFC2202_SIGN_TRUNCATED) {
const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
0x0c, 0x0c, 0x0c, 0x0c };
@@ -322,7 +322,7 @@ TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN) {
}
// Temporarily disabled
-TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN_TRUNCATED) {
+TEST(CryptoLinkTest, DISABLED_HMAC_SHA1_RFC2202_SIGN_TRUNCATED) {
const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
@@ -650,7 +650,7 @@ TEST(CryptoLinkTest, HMAC_SHA512_RFC4231_SIGN) {
RUN_NTH_TEST_CASE_FOR_ALG(7, SHA512);
}
-TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN_TRUNCATED) {
+TEST(CryptoLinkTest, DISABLED_HMAC_SHA256_RFC2202_SIGN_TRUNCATED) {
const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
More information about the bind10-changes
mailing list