diff --git a/Cargo.toml b/Cargo.toml index 2ed72e48..c953b6c9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,7 +17,7 @@ bzip2 = { version = "0.4", optional = true } constant_time_eq = { version = "0.1.5", optional = true } crc32fast = "1.1.1" flate2 = { version = "1.0.0", default-features = false, optional = true } -hmac = {version = "0.12.0", optional = true} +hmac = { version = "0.12.0", optional = true, features = ["reset"] } pbkdf2 = {version = "0.10.0", optional = true } sha1 = {version = "0.10.0", optional = true } time = { version = "0.3", features = ["formatting", "macros" ], optional = true } diff --git a/src/aes.rs b/src/aes.rs index 5f943571..8997705c 100644 --- a/src/aes.rs +++ b/src/aes.rs @@ -6,9 +6,8 @@ use crate::aes_ctr; use crate::types::AesMode; -use aes::cipher::generic_array::{typenum::Unsigned, GenericArray}; use constant_time_eq::constant_time_eq; -use hmac::{digest::crypto_common::KeySizeUser, Hmac, Mac}; +use hmac::{Hmac, Mac}; use sha1::Sha1; use std::io::{self, Read}; @@ -161,17 +160,7 @@ impl Read for AesReaderValid { // see https://www.winzip.com/win/en/aes_info.html#auth-faq let mut read_auth_code = [0; AUTH_CODE_LENGTH]; self.reader.read_exact(&mut read_auth_code)?; - - // The following call to `finalize` consumes `hmac` so we replace `self.hmac` with a - // dummy that uses a `Key` made up of only zeroes. `self.hmac` should not be used after - // this. - let hmac = std::mem::replace( - &mut self.hmac, - Hmac::new(GenericArray::from_slice( - &vec![0; as KeySizeUser>::KeySize::to_usize()], - )), - ); - let computed_auth_code = &hmac.finalize().into_bytes()[0..AUTH_CODE_LENGTH]; + let computed_auth_code = &self.hmac.finalize_reset().into_bytes()[0..AUTH_CODE_LENGTH]; // use constant time comparison to mitigate timing attacks if !constant_time_eq(computed_auth_code, &read_auth_code) {