Commit e981ca8f authored by Francis Dupont's avatar Francis Dupont
Browse files

[3908] Addressed comments (no code change)

parent b5970688
......@@ -180,9 +180,9 @@ public:
///
/// See @ref isc::cryptolink::HMAC::verify() for details.
bool verify(const void* sig, size_t len) {
/// @todo Botan's verify_mac checks if len matches the output_length,
/// which causes it to fail for truncated signatures, so we do
/// the check ourselves
// Botan's verify_mac checks if len matches the output_length,
// which causes it to fail for truncated signatures, so we do
// the check ourselves
try {
size_t size = getOutputLength();
if (len < 10 || len < size / 2) {
......@@ -194,6 +194,8 @@ public:
if (digest_.empty()) {
digest_ = hmac_->final();
}
// digest_.size() == size by construction
// if you are not convinced, add an assert()
return (Botan::same_mem(&digest_[0],
static_cast<const unsigned char*>(sig),
len));
......
......@@ -51,6 +51,8 @@ public:
~Hash();
/// \brief Returns the HashAlgorithm of the object
///
/// \return hash algorithm
HashAlgorithm getHashAlgorithm() const;
/// \brief Returns the output size of the digest
......
......@@ -61,6 +61,8 @@ public:
~HMAC();
/// \brief Returns the HashAlgorithm of the object
///
/// \return hash algorithm
HashAlgorithm getHashAlgorithm() const;
/// \brief Returns the output size of the digest
......@@ -126,7 +128,9 @@ public:
/// \param sig The signature to verify
/// \param len The length of the signature. If this is smaller
/// than the output length of the algorithm,
/// only len bytes will be checked
/// only len bytes will be checked. If this is
/// larger than the output length of the algorithm,
/// only output size bytes will be checked
/// \return true if the signature is correct, false otherwise
///
/// \note verify() does not destroy its context so it can be
......
......@@ -163,6 +163,8 @@ public:
if (len > size) {
len = size;
}
// digest.size() == size by construction
// if you are not convinced, add an assert()
return (digest.same(sig, len));
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment