1
From pkg-gnutls-maint-bounces+ametzler=debian.org@lists.alioth.debian.org Wed Nov 5 20:40:25 2008
2
From: Werner Koch <wk@gnupg.org>
3
To: pkg-gnutls-maint@lists.alioth.debian.org
4
Date: Wed, 05 Nov 2008 20:38:27 +0100
5
Message-ID: <87tzamq7yk.fsf@wheatstone.g10code.de>
7
Content-Type: multipart/mixed;
8
boundary="=lynch-SHA-espionage-Comirex-asset-world-domination-tempest-M-14=Sund"
9
Subject: [Werner Koch] Important fix for HMAC-SHA-384/512
14
--=lynch-SHA-espionage-Comirex-asset-world-domination-tempest-M-14=Sund
15
Content-Type: message/rfc822
16
Content-Disposition: inline
18
From: Werner Koch <wk@gnupg.org>
19
To: gcrypt-devel@gnupg.org
20
Subject: Important fix for HMAC-SHA-384/512
21
Organisation: g10 Code GmbH
22
OpenPGP: id=5B0358A2; url=finger:wk@g10code.com
23
Mail-Followup-To: gcrypt-devel@gnupg.org
24
Date: Wed, 05 Nov 2008 19:47:21 +0100
25
Gnus-Warning: This is a duplicate of message <87iqr2row6.fsf@wheatstone.g10code.de>
26
Message-ID: <87iqr2row6.fsf@wheatstone.g10code.de>
27
User-Agent: Gnus/5.110007 (No Gnus v0.7)
28
X-BeenThere: gcrypt-devel@gnupg.org
29
X-Sender-Host: lists.gnupg.org
33
a bug has in found in the HMAC computation when using a key size of 64
34
to 128 bytes with SHA-384 or SHA-512. The result is a wrong HMAC value.
35
Given that such key seizes are not very common, it should not give any
36
real world problems but it needs to be fixed anyway.
38
The fix below is for libgcrypt 1.4.3 but it should apply to all 1.4
48
* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
50
--- libgcrypt-1.4.1/cipher/md.c.orig 2007-08-13 18:46:51.000000000 +0200
51
+++ libgcrypt-1.4.1/cipher/md.c 2008-11-08 10:14:27.000000000 +0100
54
return GPG_ERR_DIGEST_ALGO; /* i.e. no algo enabled */
57
+ if ( keylen > hd->ctx->macpads_Bsize )
59
helpkey = gcry_malloc_secure ( md_digest_length( algo ) );
62
gcry_md_hash_buffer ( algo, helpkey, key, keylen );
64
keylen = md_digest_length( algo );
65
- assert ( keylen <= 64 );
66
+ assert ( keylen <= hd->ctx->macpads_Bsize );
69
memset ( hd->ctx->macpads, 0, 2*(hd->ctx->macpads_Bsize) );
73
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
76
_______________________________________________
77
Gcrypt-devel mailing list
78
Gcrypt-devel@gnupg.org
79
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
82
--=lynch-SHA-espionage-Comirex-asset-world-domination-tempest-M-14=Sund
86
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
88
--=lynch-SHA-espionage-Comirex-asset-world-domination-tempest-M-14=Sund
89
Content-Type: text/plain; charset="us-ascii"
91
Content-Transfer-Encoding: 7bit
92
Content-Disposition: inline
94
Pkg-gnutls-maint mailing list
95
Pkg-gnutls-maint@lists.alioth.debian.org
96
http://lists.alioth.debian.org/mailman/listinfo/pkg-gnutls-maint
97
--=lynch-SHA-espionage-Comirex-asset-world-domination-tempest-M-14=Sund--