From 9501edb960be55aa92f962ac3988239e51b75455 Mon Sep 17 00:00:00 2001
From: Steve Atherton <stevea@apple.com>
Date: Sun, 25 Oct 2020 21:11:04 -0700
Subject: [PATCH] Bug fix, blob client was not correctly using keys longer than
 64 bytes in request signing.

---
 fdbclient/BlobStore.actor.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fdbclient/BlobStore.actor.cpp b/fdbclient/BlobStore.actor.cpp
index 4cba0297f0..1fb34f642f 100644
--- a/fdbclient/BlobStore.actor.cpp
+++ b/fdbclient/BlobStore.actor.cpp
@@ -873,7 +873,12 @@ Future<BlobStoreEndpoint::ListResult> BlobStoreEndpoint::listBucket(std::string
 std::string BlobStoreEndpoint::hmac_sha1(std::string const &msg) {
 	std::string key = secret;
 
-	// First pad the key to 64 bytes.
+	// Hash key to shorten it if it is longer than SHA1 block size
+	if(key.size() > 64) {
+		key = SHA1::from_string(key);
+	}
+
+	// Pad key up to SHA1 block size if needed
 	key.append(64 - key.size(), '\0');
 
 	std::string kipad = key;