Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.1

Bug #2524 incorrectly truncates internal result when using SHA-1
Submitted: 2004-10-14 02:16 UTC
From: gary at commsecure dot com dot au Assigned: mfonda
Status: Closed Package: Crypt_HMAC
PHP Version: 4.3.3 OS: Fedora Core release 1 (Yarrow)
Roadmaps: (Not assigned)    

 [2004-10-14 02:16 UTC] gary at commsecure dot com dot au
Description: ------------ Using Crypt_HMAC 0.9, I tracked down that an incorrect HMAC was generated when using SHA1 (instead of MD5). The problem is the call to pack('H32', ...), which makes sense for MD5 (with 32-byte hash) but not for SHA1 (with 40-byte hash). I've changed my code to have something like: if ($method == 'md5') { $this->_pack = 'H32'; } else { $this->_pack = 'H40'; }; and ... $inner = pack($this->_pack, $func($this->_ipad . $data)); Ideally you would query the digest function itself to find out what digest-size it uses, but I don't know enough about PHP. Hope this helps, Gary.


 [2005-02-19 20:57 UTC] mfonda at dotgeek dot org
This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on In case this was a website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better. bug fixed in CVS, will be updated in next release