[PATCH 1/2] hmac-sha512: fix hash for keys > blocksize (128 bytes)

[Pádraig Brady]

* lib/hmac-sha512.c (hmac_sha512): Set the computed/shortened
key length to that output by sha512, not the blocksize.
Otherwise uninitialized data from the stack
is used when computing the hash.
* tests/test-hmac-sha512.c: Add a shortened key test case.
Reported at https://github.com/coreutils/gnulib/pull/5
---
 ChangeLog                | 10 ++++++++++
 lib/hmac-sha512.c        |  2 +-
 tests/test-hmac-sha512.c | 30 ++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 03aab33..6462d38 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2018-09-29  Pádraig Brady  <p...@draigbrady.com>
+
+       hmac-sha512: fix hash for keys > blocksize (128 bytes)
+       * lib/hmac-sha512.c (hmac_sha512): Set the computed/shortened
+       key length to that output by sha512, not the blocksize.
+       Otherwise uninitialized data from the stack
+       is used when computing the hash.
+       * tests/test-hmac-sha512.c: Add a shortened key test case.
+       Reported at https://github.com/coreutils/gnulib/pull/5
+
 2018-09-27  Akim Demaille  <a...@lrde.epita.fr>
 
        timevar: import from Bison.
diff --git a/lib/hmac-sha512.c b/lib/hmac-sha512.c
index 96f64d6..8fd57c1 100644
--- a/lib/hmac-sha512.c
+++ b/lib/hmac-sha512.c
@@ -49,7 +49,7 @@ hmac_sha512 (const void *key, size_t keylen,
       sha512_finish_ctx (&keyhash, optkeybuf);
 
       key = optkeybuf;
-      keylen = 128;
+      keylen = 64;
     }
 
   /* Compute INNERHASH from KEY and IN.  */
diff --git a/tests/test-hmac-sha512.c b/tests/test-hmac-sha512.c
index 4172d34..7e5efcb 100644
--- a/tests/test-hmac-sha512.c
+++ b/tests/test-hmac-sha512.c
@@ -118,5 +118,35 @@ main (int argc, char *argv[])
       }
   }
 
+  {
+    char key[129];
+    size_t key_len = sizeof key;
+    memset (key, '\x0b', sizeof key);
+    char *data = "Hi There";
+    size_t data_len = 8;
+    char *digest =
+      
"\xaa\x1c\x23\xfe\x04\x0c\x4f\x3e\x65\x45\xa9\x15\x4e\x33\x9d\x17\xff\xb5\x27\x2e\x0a\x54\x5b\x84\xd3\x8b\x9b\xf8\xe2\xc7\x46\x4d\xf2\xd6\x2b\xb5\x00\x05\x57\x68\x6f\x85\x10\xeb\x43\x02\xa0\xca\xe6\xb5\xdd\x1f\x37\x00\xbe\xae\xde\x75\x5f\x86\xfd\xbe\xb4\x8f";
+    char out[64];
+
+    if (hmac_sha512 (key, key_len, data, data_len, out) != 0)
+      {
+        printf ("call failure\n");
+        return 1;
+      }
+
+    if (memcmp (digest, out, 64) != 0)
+      {
+        size_t i;
+        printf ("hash 1 mismatch. expected:\n");
+        for (i = 0; i < 64; i++)
+          printf ("%02x ", digest[i] & 0xFF);
+        printf ("\ncomputed:\n");
+        for (i = 0; i < 64; i++)
+          printf ("%02x ", out[i] & 0xFF);
+        printf ("\n");
+        return 1;
+      }
+  }
+
   return 0;
 }
-- 
2.9.3