Wrong hmac values from crypto_data_hash

Posting here to get attentions to the issue that I filed :slight_smile: : Wrong hmac values when the key contains "null" bytes 路 Issue #170 路 SWI-Prolog/packages-ssl 路 GitHub.

When crypto_data_hash is called with the hmac(Key) option, and when Key contains null bytes, the resulting value is wrong. That鈥檚 because the underlying C code treats the key as a C-string and uses strlen to calculate the key length. strlen thinks the key is terminated by the null byte.

The key can contain null bytes when the key is a binary data, especially when the key is derived from key-derivation-functions such as scrypt, bcrypt, etc.

Would anyone familiar with the code base be kind enough to fix this? :slight_smile:

Pushed a fix. I don鈥檛 know much about the crypto predicates. The code suggests the key is expected to be a normal key without 0-bytes. Anyway, it works fine with 0-bytes now. The choice was between supporting them or raising an error when the key contains 0-bytes. Just returning the wrong result is not an option :slight_smile:

2 Likes

Woohoo! It was quick! Thank you, Jan.