SHA-1 HMAC signature is now computed over concatenation of TEXT and RODATA segments
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 29 Aug 2007 09:13:08 +0000 (09:13 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 29 Aug 2007 09:13:08 +0000 (09:13 -0000)
src/libstrongswan/fips/fips.c

index d97e51c..3135a77 100644 (file)
@@ -74,8 +74,8 @@ bool fips_compute_hmac_signature(const char *key, char *signature)
                chunk_t signature_chunk = chunk_empty;
 
                signer->set_key(signer, hmac_key);
-               /* TODO include rodata_chunk in HMAC */
-               signer->allocate_signature(signer, text_chunk, &signature_chunk);
+               signer->allocate_signature(signer, text_chunk, NULL);
+               signer->allocate_signature(signer, rodata_chunk, &signature_chunk);
                signer->destroy(signer);
 
                sprintf(signature, "%#B", &signature_chunk);