[Dovecot] [PATCH] Generalize HMAC implementation
Timo Sirainen
tss at iki.fi
Tue Sep 11 19:02:33 EEST 2012
On 4.9.2012, at 21.25, Florian Zeitz wrote:
> Hello everyone and Timo in particular,
>
> about a year ago I implemented a SHA-1 variant of the HMAC(-MD5) present
> in Dovecot.
> I had always disliked this a bit, because it replicates a lot of code.
> This patch generalizes the HMAC function to take a hash_method struct as
> parameter, and changes existing code which uses the "old" HMAC function
> to use this new one.
>
> I'm not really sure this is actually a good idea, but I still felt I
> should provide the code in case you would want to merge it upstream.
It's otherwise good, but this isn't safe:
+ ctx->ctx = t_malloc(meth->context_size);
+ ctx->ctxo = t_malloc(meth->context_size);
It assumes that the hmac_init() + hmac_final() is called close to each others. I think we could simply #define the largest allowed context_size, use it for these buffers' sizes and then add i_assert(meth->context_size <= HMAC_MAX_CONTEXT_SIZE)
More information about the dovecot
mailing list