From c1ff544eff3fe465870f239f2e268b8ad0f1dacf Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 8 Jul 2020 12:49:21 +0200 Subject: [PATCH] src/backup/crypt_config.rs - compute_digest: make it more secure --- src/backup/crypt_config.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/backup/crypt_config.rs b/src/backup/crypt_config.rs index bdf93680..72b56dd7 100644 --- a/src/backup/crypt_config.rs +++ b/src/backup/crypt_config.rs @@ -80,10 +80,9 @@ impl CryptConfig { /// chunk digest values do not clash with values computed for /// other sectret keys. pub fn compute_digest(&self, data: &[u8]) -> [u8; 32] { - // FIXME: use HMAC-SHA256 instead?? let mut hasher = openssl::sha::Sha256::new(); - hasher.update(&self.id_key); hasher.update(data); + hasher.update(&self.id_key); // at the end, to avoid length extensions attacks hasher.finish() } @@ -220,7 +219,7 @@ impl CryptConfig { created: DateTime, ) -> Result, Error> { - let modified = Local.timestamp(Local::now().timestamp(), 0); + let modified = Local.timestamp(Local::now().timestamp(), 0); let key_config = super::KeyConfig { kdf: None, created, modified, data: self.enc_key.to_vec() }; let data = serde_json::to_string(&key_config)?.as_bytes().to_vec();