From 2e35c0d646c433bdddade3fec92ecc1f0c4c39f9 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Thu, 25 Sep 2014 10:51:39 -0700 Subject: receive-pack: truncate hmac early and convert only necessary bytes Instead of copying out 20-bytes of HMAC, format it into 40-bytes of hex and then chomping it to 20-bytes output when generating a nonce, copy out only HMAC_TRUNCATE (=10) bytes, convert it to text using the new bin_to_hex() helper to do the same. Signed-off-by: Junio C Hamano --- builtin/receive-pack.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index 42f25a5103..e0e7c75811 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -287,6 +287,7 @@ static int copy_to_sideband(int in, int out, void *arg) } #define HMAC_BLOCK_SIZE 64 +#define HMAC_TRUNCATE 10 /* in bytes */ static void hmac_sha1(unsigned char *out, const char *key_in, size_t key_len, @@ -323,21 +324,23 @@ static void hmac_sha1(unsigned char *out, /* RFC 2104 2. (6) & (7) */ git_SHA1_Init(&ctx); git_SHA1_Update(&ctx, k_opad, sizeof(k_opad)); - git_SHA1_Update(&ctx, out, 20); + git_SHA1_Update(&ctx, out, HMAC_TRUNCATE); git_SHA1_Final(out, &ctx); } static char *prepare_push_cert_nonce(const char *path, unsigned long stamp) { struct strbuf buf = STRBUF_INIT; - unsigned char sha1[20]; + unsigned char hmac[HMAC_TRUNCATE]; + char hmac_trunc[HMAC_TRUNCATE * 2 + 1]; strbuf_addf(&buf, "%s:%lu", path, stamp); - hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));; + hmac_sha1(hmac, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));; strbuf_release(&buf); /* RFC 2104 5. HMAC-SHA1-80 */ - strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1)); + bin_to_hex(hmac, HMAC_TRUNCATE, hmac_trunc); + strbuf_addf(&buf, "%lu-%s", stamp, hmac_trunc); return strbuf_detach(&buf, NULL); } -- cgit v1.2.1