Description: ------------ Using Crypt_HMAC 0.9, I tracked down that an incorrect HMAC was generated when using SHA1 (instead of MD5). The problem is the call to pack('H32', ...), which makes sense for MD5 (with 32-byte hash) but not for SHA1 (with 40-byte hash). I've changed my code to have something like: if ($method == 'md5') { $this->_pack = 'H32'; } else { $this->_pack = 'H40'; }; and ... $inner = pack($this->_pack, $func($this->_ipad . $data)); Ideally you would query the digest function itself to find out what digest-size it uses, but I don't know enough about PHP. Hope this helps, Gary.

This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on pear.php.net. In case this was a pear.php.net website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better. bug fixed in CVS, will be updated in next release