After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 658725 - use GHmac instead of your own hmac implementation
use GHmac instead of your own hmac implementation
Status: RESOLVED FIXED
Product: librest
Classification: Platform
Component: oauth
git master
Other Linux
: Normal normal
: ---
Assigned To: librest-maint
librest-maint
Depends on:
Blocks:
 
 
Reported: 2011-09-11 03:18 UTC by Matthias Clasen
Modified: 2016-04-19 10:11 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Use HMAC glib implementation instead of rolling our own (7.42 KB, patch)
2012-06-17 11:41 UTC, Christophe Fergeau 		none Details | Review
Use GHmac in sha.c (2.73 KB, patch)
2015-10-05 13:10 UTC, Timm Bäder 		reviewed Details | Review

Description Matthias Clasen 2011-09-11 03:18:39 UTC 
GLib 2.30 comes with a hmac implementation that is meant to replace the various self-made ones throughout the stack. See bug 652480
Comment 1 Christophe Fergeau 2012-06-17 11:41:31 UTC 
Created attachment 216600 [details] [review]
Use HMAC glib implementation instead of rolling our own
Comment 2 Christophe Fergeau 2012-06-17 11:42:06 UTC 
I've only compile tested this patch, I'm not sure what to use to trigger hmac use in oauth.
Comment 3 Christophe Fergeau 2012-06-17 11:43:20 UTC 
And this is missing 
-PKG_CHECK_MODULES(GLIB, glib-2.0 >= 2.24)
+PKG_CHECK_MODULES(GLIB, glib-2.0 >= 2.30)
Comment 4 Christophe Fergeau 2012-06-17 11:46:48 UTC 
(In reply to comment #2)
> I've only compile tested this patch, I'm not sure what to use to trigger hmac
> use in oauth.

Looks like it's missing some base64 encoding
Comment 5 Ross Burton 2012-06-17 18:45:28 UTC 
OAuth uses it.  Running make check should exercise it.
Comment 6 Matthias Clasen 2015-10-02 11:20:37 UTC 
ping, how about it, after a few years ?
Comment 7 Christophe Fergeau 2015-10-02 12:29:45 UTC 
Iirc make check was totally failing with this patch, never investigated why. More work needed.. ;)
Comment 8 Timm Bäder 2015-10-05 13:10:33 UTC 
Created attachment 312673 [details] [review]
Use GHmac in sha.c

Basically does what the old implementation did, but usig GHmac and saving a few LOC. I'm not sure about the guchar casts, just tried this patch quickly. We can't use g_compute_hmac_for_string directly since we need the digest (and base64 encode that).
Comment 9 Timm Bäder 2015-10-05 13:16:28 UTC 
and yeah a missing g_hmac_unref :(
Comment 10 Christophe Fergeau 2015-10-05 15:13:18 UTC 
Review of attachment 312673 [details] [review]:

Looks fine/passes make dist.
Comment 11 Christophe Fergeau 2015-10-05 15:13:32 UTC 
Review of attachment 312673 [details] [review]:

Feel free to push with the change you mentioned.
Comment 12 Timm Bäder 2015-10-05 15:25:07 UTC 
Okay, pushed. Thanks.
Comment 13 Christophe Fergeau 2015-10-05 15:52:54 UTC 
Ah hmm this needs glib 2.30 :(
Comment 14 Timm Bäder 2015-10-05 17:03:04 UTC 
I assume that's some sort of problem? Do you want a patch for bumping the glib dep or should we just revert that and wait until after the 0.8 release?
Comment 15 Christophe Fergeau 2015-10-06 08:41:45 UTC 
I would have preferred to bump the glib req only in a new 0.9 series. I'll branch 0.8 and release, unless you prefer a revert/release/reapply
Comment 16 Timm Bäder 2015-10-07 07:45:54 UTC 
Do what you think is right, I don't have a strong opinion in any case and you have more experience. :)
Comment 17 Christophe Fergeau 2016-04-19 10:11:05 UTC 
I believe we can close this one as the code is in git master.