Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[trac951] Revert "[trac951] we do have truncation support (at least in the api), so remove check and enable tests"

This reverts commit 76ae47d1f6061a09f4a8e20852a9874ea28a4e19.

We cannot yet remove the additional check and re-enable the corresponding
tests.  See my comment on ticket #951.
JINMEI Tatuya 14 years ago
parent
76ae47d1f6
commit
5637b1961a
2 changed files with 11 additions and 3 deletions
Split View Show Diff Stats
  1. 8 0
      src/lib/cryptolink/crypto_hmac.cc
  2. 3 3
      src/lib/cryptolink/tests/crypto_unittests.cc

+ 8 - 0
src/lib/cryptolink/crypto_hmac.cc
View File 

@@ -182,6 +182,14 @@ public:
 
         // SEE BELOW FOR TEMPORARY CHANGE
 
         try {
 
             Botan::SecureVector<Botan::byte> our_mac = hmac_->final();
 
+            if (len < getOutputLength()) {
 
+                // Currently we don't support truncated signature.  To avoid
 
+                // validating too short signature accidently, we enforce the
 
+                // standard signature size for the moment.
 
+                // Once we support truncation correctly, this if-clause should
 
+                // (and the capitalized comment above) be removed.
 
+                return (false);
 
+            }
 
             if (len == 0 || len > getOutputLength()) {
 
                 len = getOutputLength();
 
             }

+ 3 - 3
src/lib/cryptolink/tests/crypto_unittests.cc
View File 

@@ -250,7 +250,7 @@ TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN) {
 
 }
 
 
 // Temporarily disabled
 
-TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN_TRUNCATED) {
 
+TEST(CryptoLinkTest, DISABLED_HMAC_MD5_RFC2202_SIGN_TRUNCATED) {
 
     const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
 
                                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
 
                                 0x0c, 0x0c, 0x0c, 0x0c };
 
@@ -322,7 +322,7 @@ TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN) {
 
 }
 
 
 // Temporarily disabled
 
-TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN_TRUNCATED) {
 
+TEST(CryptoLinkTest, DISABLED_HMAC_SHA1_RFC2202_SIGN_TRUNCATED) {
 
     const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
 
                                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
 
                                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
 
@@ -650,7 +650,7 @@ TEST(CryptoLinkTest, HMAC_SHA512_RFC4231_SIGN) {
 
     RUN_NTH_TEST_CASE_FOR_ALG(7, SHA512); 
 }
 
 
-TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN_TRUNCATED) {
 
+TEST(CryptoLinkTest, DISABLED_HMAC_SHA256_RFC2202_SIGN_TRUNCATED) {
 
     const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
 
                                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
 
                                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,