src/backup/crypt_config.rs - compute_digest: make it more secure

This commit is contained in:
Dietmar Maurer 2020-07-08 12:49:21 +02:00
parent 69e5d71961
commit c1ff544eff

View File

@ -80,10 +80,9 @@ impl CryptConfig {
/// chunk digest values do not clash with values computed for
/// other sectret keys.
pub fn compute_digest(&self, data: &[u8]) -> [u8; 32] {
// FIXME: use HMAC-SHA256 instead??
let mut hasher = openssl::sha::Sha256::new();
hasher.update(&self.id_key);
hasher.update(data);
hasher.update(&self.id_key); // at the end, to avoid length extensions attacks
hasher.finish()
}