From 0cf03528c553e6f5458b7e9ce06c02f6a56bb5ed Mon Sep 17 00:00:00 2001
From: Kyle <kyle@tyrfingr.is>
Date: Tue, 22 Dec 2015 21:41:05 -0800
Subject: [PATCH] Fix comparison test in hash_equal, release 1.0.1.

The result in the loop was being reset each iteration; only the last
element in the byte array was being checked for equality.
---
 CHANGELOG         |  6 ++++++
 README.rst        |  2 +-
 configure.ac      |  2 +-
 doc/libemsha.rst  |  2 +-
 src/emsha.cc      |  2 +-
 src/test_emsha.cc | 23 +++++++++++++++++++++++
 6 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 9826dfe..78ab27b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,11 @@
 LIBEMSHA CHANGELOG
 ==================
 
+1.0.1 (2015-12-22):
+
+Fixed:
+	+ hash_equal was improperly performing its comparison.
+
+------------------
 1.0.0 (2015-12-18):
 Initial release.
diff --git a/README.rst b/README.rst
index df9e7c1..8db499f 100644
--- a/README.rst
+++ b/README.rst
@@ -24,7 +24,7 @@ The source code is available via `Github
     git clone https://github.com/kisom/libemsha
     git clone git@github.com:kisom/libemsha
 
-The current release is `1.0.0 <https://github.com/kisom/libemsha/archive/1.0.0.zip>`_.
+The current release is `1.0.1 <https://github.com/kisom/libemsha/releases/tag/v1.0.1>`_.
 
 The project is built using Autotools and ``make``.
 
diff --git a/configure.ac b/configure.ac
index 973c75d..511cc6e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # versions that can be used with Travis right now.
 AC_PREREQ([2.68])
 AC_INIT([libemsha],
-	[1.0.0],
+	[1.0.1],
 	[coder@kyleisom.net],
 	[libemsha],
 	[https://kyleisom.net/projects/libemsha/])
diff --git a/doc/libemsha.rst b/doc/libemsha.rst
index e39b5e9..aadd78e 100644
--- a/doc/libemsha.rst
+++ b/doc/libemsha.rst
@@ -2,7 +2,7 @@
 libemsha
 ========
 
-Version: 1.0.0
+Version: 1.0.1
 
 Date:    2015-12-22
 
diff --git a/src/emsha.cc b/src/emsha.cc
index c5f955a..dfccdcf 100644
--- a/src/emsha.cc
+++ b/src/emsha.cc
@@ -55,7 +55,7 @@ hash_equal(const uint8_t *a, const uint8_t *b)
 	EMSHA_CHECK(b != NULL, false);
 
 	for (uint32_t i = 0; i < SHA256_HASH_SIZE; i++) {
-		res = a[i] ^ b[i];
+		res += a[i] ^ b[i];
 	}
 
 	return res == 0;
diff --git a/src/test_emsha.cc b/src/test_emsha.cc
index f6cb9ea..d46a5e1 100644
--- a/src/test_emsha.cc
+++ b/src/test_emsha.cc
@@ -106,6 +106,29 @@ hash_equal_test(void)
 		exit(1);
 	}
 
+	// This catches the bug in the initial version where the code was
+	//         res = a[i] ^ b[i];
+	// instead of
+	//         res += a[i] ^ b[i];
+	for (uint32_t i = 0; i < emsha::SHA256_HASH_SIZE; i++) {
+		a[i] = static_cast<uint8_t>(i);
+		b[i] = static_cast<uint8_t>(i+1);
+	}
+
+	b[emsha::SHA256_HASH_SIZE - 1]--;
+	if (emsha::hash_equal(a, b)) {
+		string	s;
+		cerr << "FAILED: hash_equal\n";
+		cerr << "\tREGRESSION: hash_equal should not have succeeded comparing a and b.\n";
+		dump_hexstring(s, a, emsha::SHA256_HASH_SIZE);
+		cerr << "\ta <- " << s << std::endl;
+		dump_hexstring(s, b, emsha::SHA256_HASH_SIZE);
+		cerr << "\tb <- " << s << std::endl;
+		exit(1);
+	}
+
+
+
 	cout << "PASSED: hash_equal\n";
 }