diff options
| -rw-r--r-- | crypto.c | 16 | ||||
| -rw-r--r-- | crypto_backend.h | 3 | ||||
| -rw-r--r-- | crypto_openssl.c | 20 | ||||
| -rw-r--r-- | crypto_polarssl.c | 21 | ||||
| -rw-r--r-- | ntlm.c | 2 | ||||
| -rw-r--r-- | ssl.c | 4 |
6 files changed, 20 insertions, 46 deletions
@@ -462,8 +462,20 @@ init_key_ctx (struct key_ctx *ctx, struct key *key, if (kt->digest && kt->hmac_length > 0) { ALLOC_OBJ(ctx->hmac, hmac_ctx_t); - hmac_ctx_init (ctx->hmac, key->hmac, kt->hmac_length, kt->digest, - prefix); + hmac_ctx_init (ctx->hmac, key->hmac, kt->hmac_length, kt->digest); + + msg (D_HANDSHAKE, + "%s: Using %d bit message hash '%s' for HMAC authentication", + prefix, md_kt_size(kt->digest) * 8, md_kt_name(kt->digest)); + + dmsg (D_SHOW_KEYS, "%s: HMAC KEY: %s", prefix, + format_hex (key->hmac, kt->hmac_length, 0, &gc)); + + dmsg (D_CRYPTO_DEBUG, "%s: HMAC size=%d block_size=%d", + prefix, + md_kt_size(kt->digest), + hmac_ctx_size(ctx->hmac)); + } gc_free (&gc); } diff --git a/crypto_backend.h b/crypto_backend.h index 25d985b..f16dc35 100644 --- a/crypto_backend.h +++ b/crypto_backend.h @@ -442,11 +442,10 @@ void md_ctx_final (md_ctx_t *ctx, uint8_t *dst); * @param key The key to use for the HMAC * @param key_len The key length to use * @param kt Static message digest parameters - * @param prefix Prefix to use when printing debug information. * */ void hmac_ctx_init (hmac_ctx_t *ctx, const uint8_t *key, int key_length, - const md_kt_t *kt, const char *prefix); + const md_kt_t *kt); /* * Free the given HMAC context. diff --git a/crypto_openssl.c b/crypto_openssl.c index b94451a..7250782 100644 --- a/crypto_openssl.c +++ b/crypto_openssl.c @@ -745,10 +745,8 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t *dst) void hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len, - const EVP_MD *kt, const char *prefix) + const EVP_MD *kt) { - struct gc_arena gc = gc_new (); - ASSERT(NULL != kt && NULL != ctx); CLEAR(*ctx); @@ -756,24 +754,8 @@ hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len, HMAC_CTX_init (ctx); HMAC_Init_ex (ctx, key, key_len, kt, NULL); - if (prefix) - msg (D_HANDSHAKE, - "%s: Using %d bit message hash '%s' for HMAC authentication", - prefix, HMAC_size (ctx) * 8, OBJ_nid2sn (EVP_MD_type (kt))); - /* make sure we used a big enough key */ ASSERT (HMAC_size (ctx) <= key_len); - - if (prefix) - dmsg (D_SHOW_KEYS, "%s: HMAC KEY: %s", prefix, - format_hex (key, key_len, 0, &gc)); - if (prefix) - dmsg (D_CRYPTO_DEBUG, "%s: HMAC size=%d block_size=%d", - prefix, - EVP_MD_size (kt), - EVP_MD_block_size (kt)); - - gc_free (&gc); } void diff --git a/crypto_polarssl.c b/crypto_polarssl.c index 368e8f8..e4b9099 100644 --- a/crypto_polarssl.c +++ b/crypto_polarssl.c @@ -511,11 +511,8 @@ md_ctx_final (md_context_t *ctx, uint8_t *dst) * TODO: re-enable dmsg for crypto debug */ void -hmac_ctx_init (md_context_t *ctx, const uint8_t *key, int key_len, const md_info_t *kt, - const char *prefix) +hmac_ctx_init (md_context_t *ctx, const uint8_t *key, int key_len, const md_info_t *kt) { - struct gc_arena gc = gc_new (); - ASSERT(NULL != kt && NULL != ctx); CLEAR(*ctx); @@ -523,24 +520,8 @@ hmac_ctx_init (md_context_t *ctx, const uint8_t *key, int key_len, const md_info ASSERT(0 == md_init_ctx(ctx, kt)); ASSERT(0 == md_hmac_starts(ctx, key, key_len)); - if (prefix) - msg (D_HANDSHAKE, - "%s: Using %d bit message hash '%s' for HMAC authentication", - prefix, md_get_size(kt) * 8, md_get_name(kt)); - /* make sure we used a big enough key */ ASSERT (md_get_size(kt) <= key_len); - - if (prefix) - dmsg (D_SHOW_KEYS, "%s: HMAC KEY: %s", prefix, - format_hex (key, key_len, 0, &gc)); -// if (prefix) -// dmsg (D_CRYPTO_DEBUG, "%s: HMAC size=%d block_size=%d", -// prefix, -// md_get_size(md_info), -// EVP_MD_block_size (md_info)); - - gc_free (&gc); } void @@ -84,7 +84,7 @@ gen_hmac_md5 (const char* data, int data_len, const char* key, int key_len,char hmac_ctx_t hmac_ctx; CLEAR(hmac_ctx); - hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt, NULL); + hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt); hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len); hmac_ctx_final(&hmac_ctx, (unsigned char *)result); hmac_ctx_cleanup(&hmac_ctx); @@ -1188,8 +1188,8 @@ tls1_P_hash(const md_kt_t *md_kt, chunk = md_kt_size(md_kt); A1_len = md_kt_size(md_kt); - hmac_ctx_init(&ctx, sec, sec_len, md_kt, NULL); - hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt, NULL); + hmac_ctx_init(&ctx, sec, sec_len, md_kt); + hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt); hmac_ctx_update(&ctx,seed,seed_len); hmac_ctx_final(&ctx, A1); |