Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.1

Bug #2524 incorrectly truncates internal result when using SHA-1
Submitted: 2004-10-14 02:16 UTC
From: gary at commsecure dot com dot au Assigned: mfonda
Status: Closed Package: Crypt_HMAC
PHP Version: 4.3.3 OS: Fedora Core release 1 (Yarrow)
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 31 + 9 = ?

 
 [2004-10-14 02:16 UTC] gary at commsecure dot com dot au
Description: ------------ Using Crypt_HMAC 0.9, I tracked down that an incorrect HMAC was generated when using SHA1 (instead of MD5). The problem is the call to pack('H32', ...), which makes sense for MD5 (with 32-byte hash) but not for SHA1 (with 40-byte hash). I've changed my code to have something like: if ($method == 'md5') { $this->_pack = 'H32'; } else { $this->_pack = 'H40'; }; and ... $inner = pack($this->_pack, $func($this->_ipad . $data)); Ideally you would query the digest function itself to find out what digest-size it uses, but I don't know enough about PHP. Hope this helps, Gary.

Comments

 [2005-02-19 20:57 UTC] mfonda at dotgeek dot org
This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on pear.php.net. In case this was a pear.php.net website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better. bug fixed in CVS, will be updated in next release