Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -462,8 +462,20 @@ init_key_ctx (struct key_ctx *ctx, struct key *key, |
462 | 462 |
if (kt->digest && kt->hmac_length > 0) |
463 | 463 |
{ |
464 | 464 |
ALLOC_OBJ(ctx->hmac, hmac_ctx_t); |
465 |
- hmac_ctx_init (ctx->hmac, key->hmac, kt->hmac_length, kt->digest, |
|
466 |
- prefix); |
|
465 |
+ hmac_ctx_init (ctx->hmac, key->hmac, kt->hmac_length, kt->digest); |
|
466 |
+ |
|
467 |
+ msg (D_HANDSHAKE, |
|
468 |
+ "%s: Using %d bit message hash '%s' for HMAC authentication", |
|
469 |
+ prefix, md_kt_size(kt->digest) * 8, md_kt_name(kt->digest)); |
|
470 |
+ |
|
471 |
+ dmsg (D_SHOW_KEYS, "%s: HMAC KEY: %s", prefix, |
|
472 |
+ format_hex (key->hmac, kt->hmac_length, 0, &gc)); |
|
473 |
+ |
|
474 |
+ dmsg (D_CRYPTO_DEBUG, "%s: HMAC size=%d block_size=%d", |
|
475 |
+ prefix, |
|
476 |
+ md_kt_size(kt->digest), |
|
477 |
+ hmac_ctx_size(ctx->hmac)); |
|
478 |
+ |
|
467 | 479 |
} |
468 | 480 |
gc_free (&gc); |
469 | 481 |
} |
... | ... |
@@ -442,11 +442,10 @@ void md_ctx_final (md_ctx_t *ctx, uint8_t *dst); |
442 | 442 |
* @param key The key to use for the HMAC |
443 | 443 |
* @param key_len The key length to use |
444 | 444 |
* @param kt Static message digest parameters |
445 |
- * @param prefix Prefix to use when printing debug information. |
|
446 | 445 |
* |
447 | 446 |
*/ |
448 | 447 |
void hmac_ctx_init (hmac_ctx_t *ctx, const uint8_t *key, int key_length, |
449 |
- const md_kt_t *kt, const char *prefix); |
|
448 |
+ const md_kt_t *kt); |
|
450 | 449 |
|
451 | 450 |
/* |
452 | 451 |
* Free the given HMAC context. |
... | ... |
@@ -745,10 +745,8 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t *dst) |
745 | 745 |
|
746 | 746 |
void |
747 | 747 |
hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len, |
748 |
- const EVP_MD *kt, const char *prefix) |
|
748 |
+ const EVP_MD *kt) |
|
749 | 749 |
{ |
750 |
- struct gc_arena gc = gc_new (); |
|
751 |
- |
|
752 | 750 |
ASSERT(NULL != kt && NULL != ctx); |
753 | 751 |
|
754 | 752 |
CLEAR(*ctx); |
... | ... |
@@ -756,24 +754,8 @@ hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len, |
756 | 756 |
HMAC_CTX_init (ctx); |
757 | 757 |
HMAC_Init_ex (ctx, key, key_len, kt, NULL); |
758 | 758 |
|
759 |
- if (prefix) |
|
760 |
- msg (D_HANDSHAKE, |
|
761 |
- "%s: Using %d bit message hash '%s' for HMAC authentication", |
|
762 |
- prefix, HMAC_size (ctx) * 8, OBJ_nid2sn (EVP_MD_type (kt))); |
|
763 |
- |
|
764 | 759 |
/* make sure we used a big enough key */ |
765 | 760 |
ASSERT (HMAC_size (ctx) <= key_len); |
766 |
- |
|
767 |
- if (prefix) |
|
768 |
- dmsg (D_SHOW_KEYS, "%s: HMAC KEY: %s", prefix, |
|
769 |
- format_hex (key, key_len, 0, &gc)); |
|
770 |
- if (prefix) |
|
771 |
- dmsg (D_CRYPTO_DEBUG, "%s: HMAC size=%d block_size=%d", |
|
772 |
- prefix, |
|
773 |
- EVP_MD_size (kt), |
|
774 |
- EVP_MD_block_size (kt)); |
|
775 |
- |
|
776 |
- gc_free (&gc); |
|
777 | 761 |
} |
778 | 762 |
|
779 | 763 |
void |
... | ... |
@@ -511,11 +511,8 @@ md_ctx_final (md_context_t *ctx, uint8_t *dst) |
511 | 511 |
* TODO: re-enable dmsg for crypto debug |
512 | 512 |
*/ |
513 | 513 |
void |
514 |
-hmac_ctx_init (md_context_t *ctx, const uint8_t *key, int key_len, const md_info_t *kt, |
|
515 |
- const char *prefix) |
|
514 |
+hmac_ctx_init (md_context_t *ctx, const uint8_t *key, int key_len, const md_info_t *kt) |
|
516 | 515 |
{ |
517 |
- struct gc_arena gc = gc_new (); |
|
518 |
- |
|
519 | 516 |
ASSERT(NULL != kt && NULL != ctx); |
520 | 517 |
|
521 | 518 |
CLEAR(*ctx); |
... | ... |
@@ -523,24 +520,8 @@ hmac_ctx_init (md_context_t *ctx, const uint8_t *key, int key_len, const md_info |
523 | 523 |
ASSERT(0 == md_init_ctx(ctx, kt)); |
524 | 524 |
ASSERT(0 == md_hmac_starts(ctx, key, key_len)); |
525 | 525 |
|
526 |
- if (prefix) |
|
527 |
- msg (D_HANDSHAKE, |
|
528 |
- "%s: Using %d bit message hash '%s' for HMAC authentication", |
|
529 |
- prefix, md_get_size(kt) * 8, md_get_name(kt)); |
|
530 |
- |
|
531 | 526 |
/* make sure we used a big enough key */ |
532 | 527 |
ASSERT (md_get_size(kt) <= key_len); |
533 |
- |
|
534 |
- if (prefix) |
|
535 |
- dmsg (D_SHOW_KEYS, "%s: HMAC KEY: %s", prefix, |
|
536 |
- format_hex (key, key_len, 0, &gc)); |
|
537 |
-// if (prefix) |
|
538 |
-// dmsg (D_CRYPTO_DEBUG, "%s: HMAC size=%d block_size=%d", |
|
539 |
-// prefix, |
|
540 |
-// md_get_size(md_info), |
|
541 |
-// EVP_MD_block_size (md_info)); |
|
542 |
- |
|
543 |
- gc_free (&gc); |
|
544 | 528 |
} |
545 | 529 |
|
546 | 530 |
void |
... | ... |
@@ -84,7 +84,7 @@ gen_hmac_md5 (const char* data, int data_len, const char* key, int key_len,char |
84 | 84 |
hmac_ctx_t hmac_ctx; |
85 | 85 |
CLEAR(hmac_ctx); |
86 | 86 |
|
87 |
- hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt, NULL); |
|
87 |
+ hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt); |
|
88 | 88 |
hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len); |
89 | 89 |
hmac_ctx_final(&hmac_ctx, (unsigned char *)result); |
90 | 90 |
hmac_ctx_cleanup(&hmac_ctx); |
... | ... |
@@ -1188,8 +1188,8 @@ tls1_P_hash(const md_kt_t *md_kt, |
1188 | 1188 |
chunk = md_kt_size(md_kt); |
1189 | 1189 |
A1_len = md_kt_size(md_kt); |
1190 | 1190 |
|
1191 |
- hmac_ctx_init(&ctx, sec, sec_len, md_kt, NULL); |
|
1192 |
- hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt, NULL); |
|
1191 |
+ hmac_ctx_init(&ctx, sec, sec_len, md_kt); |
|
1192 |
+ hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt); |
|
1193 | 1193 |
|
1194 | 1194 |
hmac_ctx_update(&ctx,seed,seed_len); |
1195 | 1195 |
hmac_ctx_final(&ctx, A1); |