Commit e981ca8f authored by Francis Dupont's avatar Francis Dupont
Browse files

[3908] Addressed comments (no code change)

parent b5970688
...@@ -180,9 +180,9 @@ public: ...@@ -180,9 +180,9 @@ public:
/// ///
/// See @ref isc::cryptolink::HMAC::verify() for details. /// See @ref isc::cryptolink::HMAC::verify() for details.
bool verify(const void* sig, size_t len) { bool verify(const void* sig, size_t len) {
/// @todo Botan's verify_mac checks if len matches the output_length, // Botan's verify_mac checks if len matches the output_length,
/// which causes it to fail for truncated signatures, so we do // which causes it to fail for truncated signatures, so we do
/// the check ourselves // the check ourselves
try { try {
size_t size = getOutputLength(); size_t size = getOutputLength();
if (len < 10 || len < size / 2) { if (len < 10 || len < size / 2) {
...@@ -194,6 +194,8 @@ public: ...@@ -194,6 +194,8 @@ public:
if (digest_.empty()) { if (digest_.empty()) {
digest_ = hmac_->final(); digest_ = hmac_->final();
} }
// digest_.size() == size by construction
// if you are not convinced, add an assert()
return (Botan::same_mem(&digest_[0], return (Botan::same_mem(&digest_[0],
static_cast<const unsigned char*>(sig), static_cast<const unsigned char*>(sig),
len)); len));
......
...@@ -51,6 +51,8 @@ public: ...@@ -51,6 +51,8 @@ public:
~Hash(); ~Hash();
/// \brief Returns the HashAlgorithm of the object /// \brief Returns the HashAlgorithm of the object
///
/// \return hash algorithm
HashAlgorithm getHashAlgorithm() const; HashAlgorithm getHashAlgorithm() const;
/// \brief Returns the output size of the digest /// \brief Returns the output size of the digest
......
...@@ -61,6 +61,8 @@ public: ...@@ -61,6 +61,8 @@ public:
~HMAC(); ~HMAC();
/// \brief Returns the HashAlgorithm of the object /// \brief Returns the HashAlgorithm of the object
///
/// \return hash algorithm
HashAlgorithm getHashAlgorithm() const; HashAlgorithm getHashAlgorithm() const;
/// \brief Returns the output size of the digest /// \brief Returns the output size of the digest
...@@ -126,7 +128,9 @@ public: ...@@ -126,7 +128,9 @@ public:
/// \param sig The signature to verify /// \param sig The signature to verify
/// \param len The length of the signature. If this is smaller /// \param len The length of the signature. If this is smaller
/// than the output length of the algorithm, /// than the output length of the algorithm,
/// only len bytes will be checked /// only len bytes will be checked. If this is
/// larger than the output length of the algorithm,
/// only output size bytes will be checked
/// \return true if the signature is correct, false otherwise /// \return true if the signature is correct, false otherwise
/// ///
/// \note verify() does not destroy its context so it can be /// \note verify() does not destroy its context so it can be
......
...@@ -163,6 +163,8 @@ public: ...@@ -163,6 +163,8 @@ public:
if (len > size) { if (len > size) {
len = size; len = size;
} }
// digest.size() == size by construction
// if you are not convinced, add an assert()
return (digest.same(sig, len)); return (digest.same(sig, len));
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment