diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-04-27 00:37:07 +0300 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-08-25 12:23:19 +0300 |
commit | b69e3bd1e43ed99d4e3a1e3d8c1208ccdd4a4888 (patch) | |
tree | 3f6cbbf6a034b5067a34e6ec75f8b73c3fb8285b | |
parent | 4b634a3f3b4202d3273c8006f43f57c989e6b49c (diff) | |
download | gnutls-b69e3bd1e43ed99d4e3a1e3d8c1208ccdd4a4888.tar.gz |
Do not handle MAC and hash reset separately. It is implied by nettle's output functions.
-rw-r--r-- | lib/accelerated/x86/hmac-padlock.c | 23 | ||||
-rw-r--r-- | lib/accelerated/x86/sha-padlock.c | 10 | ||||
-rw-r--r-- | lib/crypto-backend.h | 2 | ||||
-rw-r--r-- | lib/gnutls_cipher_int.c | 3 | ||||
-rw-r--r-- | lib/gnutls_hash_int.c | 30 | ||||
-rw-r--r-- | lib/gnutls_hash_int.h | 27 | ||||
-rw-r--r-- | lib/nettle/mac.c | 34 |
7 files changed, 7 insertions, 122 deletions
diff --git a/lib/accelerated/x86/hmac-padlock.c b/lib/accelerated/x86/hmac-padlock.c index f8720f5ad2..455bacb39c 100644 --- a/lib/accelerated/x86/hmac-padlock.c +++ b/lib/accelerated/x86/hmac-padlock.c @@ -54,17 +54,6 @@ struct padlock_hmac_ctx struct hmac_sha1_ctx sha1; } ctx; - /* this is the context just after - * the set_key. Used in reset(). - */ - union - { - struct hmac_sha224_ctx sha224; - struct hmac_sha256_ctx sha256; - struct hmac_sha384_ctx sha384; - struct hmac_sha512_ctx sha512; - struct hmac_sha1_ctx sha1; - } init_ctx; void *ctx_ptr; gnutls_mac_algorithm_t algo; size_t length; @@ -244,19 +233,9 @@ wrap_padlock_hmac_setkey (void *_ctx, const void *key, size_t keylen) ctx->setkey (ctx->ctx_ptr, keylen, key); - memcpy (&ctx->init_ctx, &ctx->ctx, sizeof (ctx->ctx)); - return GNUTLS_E_SUCCESS; } -static void -wrap_padlock_hmac_reset (void *_ctx) -{ - struct padlock_hmac_ctx *ctx = _ctx; - - memcpy (&ctx->ctx, &ctx->init_ctx, sizeof (ctx->ctx)); -} - static int wrap_padlock_hmac_update (void *_ctx, const void *text, size_t textsize) { @@ -355,7 +334,6 @@ const gnutls_crypto_mac_st hmac_sha_padlock_struct = { .init = NULL, .setkey = NULL, .hash = NULL, - .reset = NULL, .output = NULL, .deinit = NULL, .fast = wrap_padlock_hmac_fast @@ -365,7 +343,6 @@ const gnutls_crypto_mac_st hmac_sha_padlock_nano_struct = { .init = wrap_padlock_hmac_init, .setkey = wrap_padlock_hmac_setkey, .hash = wrap_padlock_hmac_update, - .reset = wrap_padlock_hmac_reset, .output = wrap_padlock_hmac_output, .deinit = wrap_padlock_hmac_deinit, .fast = wrap_padlock_hmac_fast, diff --git a/lib/accelerated/x86/sha-padlock.c b/lib/accelerated/x86/sha-padlock.c index 80dbeaaa6d..968c8610c2 100644 --- a/lib/accelerated/x86/sha-padlock.c +++ b/lib/accelerated/x86/sha-padlock.c @@ -312,15 +312,6 @@ wrap_padlock_hash_output (void *src_ctx, void *digest, size_t digestsize) return 0; } -static void -wrap_padlock_hash_reset (void *src_ctx) -{ - struct padlock_hash_ctx *ctx; - ctx = src_ctx; - - _ctx_init(ctx->algo, ctx->ctx_ptr); -} - int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo, const void* text, size_t text_size, void* digest) @@ -384,7 +375,6 @@ const gnutls_crypto_digest_st sha_padlock_struct = { const gnutls_crypto_digest_st sha_padlock_nano_struct = { .init = wrap_padlock_hash_init, .hash = wrap_padlock_hash_update, - .reset = wrap_padlock_hash_reset, .output = wrap_padlock_hash_output, .deinit = wrap_padlock_hash_deinit, .fast = wrap_padlock_hash_fast, diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h index 1044f00ea9..944f811932 100644 --- a/lib/crypto-backend.h +++ b/lib/crypto-backend.h @@ -51,7 +51,6 @@ { int (*init) (gnutls_mac_algorithm_t, void **ctx); int (*setkey) (void *ctx, const void *key, size_t keysize); - void (*reset) (void *ctx); int (*hash) (void *ctx, const void *text, size_t textsize); int (*output) (void *src_ctx, void *digest, size_t digestsize); void (*deinit) (void *ctx); @@ -65,7 +64,6 @@ typedef struct { int (*init) (gnutls_digest_algorithm_t, void **ctx); - void (*reset) (void *ctx); int (*hash) (void *ctx, const void *src, size_t srcsize); int (*output) (void *src_ctx, void *digest, size_t digestsize); void (*deinit) (void *ctx); diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index cbb6a401ae..e71cf40e75 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -276,13 +276,10 @@ int ret = 0; ret = _gnutls_mac_output_ssl3 (&handle->mac, tag); if (ret < 0) return gnutls_assert_val(ret); - - _gnutls_mac_reset_ssl3 (&handle->mac); } else { _gnutls_hmac_output (&handle->mac, tag); - _gnutls_hmac_reset (&handle->mac); } } else if (_gnutls_cipher_is_aead(&handle->cipher)) diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 740e13b086..d8d73a2098 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -77,7 +77,6 @@ _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm) } dig->hash = cc->hash; - dig->reset = cc->reset; dig->output = cc->output; dig->deinit = cc->deinit; @@ -92,7 +91,6 @@ _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm) } dig->hash = _gnutls_digest_ops.hash; - dig->reset = _gnutls_digest_ops.reset; dig->output = _gnutls_digest_ops.output; dig->deinit = _gnutls_digest_ops.deinit; @@ -233,7 +231,6 @@ _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm, dig->hash = cc->hash; dig->output = cc->output; dig->deinit = cc->deinit; - dig->reset = cc->reset; return 0; } @@ -248,7 +245,6 @@ _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm, dig->hash = _gnutls_mac_ops.hash; dig->output = _gnutls_mac_ops.output; dig->deinit = _gnutls_mac_ops.deinit; - dig->reset = _gnutls_mac_ops.reset; if (_gnutls_mac_ops.setkey (dig->handle, key, keylen) < 0) { @@ -325,25 +321,6 @@ _gnutls_mac_init_ssl3 (digest_hd_st * ret, gnutls_mac_algorithm_t algorithm, return 0; } -void -_gnutls_mac_reset_ssl3 (digest_hd_st * handle) -{ - uint8_t ipad[48]; - int padsize; - - padsize = get_padsize (handle->algorithm); - - memset (ipad, 0x36, padsize); - - _gnutls_hash_reset(handle); - - if (handle->keysize > 0) - _gnutls_hash (handle, handle->key, handle->keysize); - _gnutls_hash (handle, ipad, padsize); - - return; -} - int _gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest) { @@ -379,6 +356,13 @@ _gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest) _gnutls_hash_deinit (&td, digest); + /* reset handle */ + memset (opad, 0x36, padsize); + + if (handle->keysize > 0) + _gnutls_hash (handle, handle->key, handle->keysize); + _gnutls_hash (handle, opad, padsize); + return 0; } diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index b91671c9a3..b835aaca1e 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -37,7 +37,6 @@ extern int crypto_digest_prio; extern gnutls_crypto_digest_st _gnutls_digest_ops; typedef int (*hash_func) (void *handle, const void *text, size_t size); -typedef void (*reset_func) (void *ctx); typedef int (*output_func) (void *src_ctx, void *digest, size_t digestsize); typedef void (*deinit_func) (void *handle); @@ -48,7 +47,6 @@ typedef struct int keysize; hash_func hash; - reset_func reset; output_func output; deinit_func deinit; @@ -91,18 +89,6 @@ _gnutls_hmac_output (digest_hd_st * handle, void *digest) void _gnutls_hmac_deinit (digest_hd_st * handle, void *digest); -inline static void -_gnutls_hmac_reset (digest_hd_st * handle) -{ - if (handle->handle == NULL) - { - return; - } - - handle->reset (handle->handle); -} - - /* Hash interface */ int _gnutls_hash_init (digest_hd_st *, gnutls_digest_algorithm_t algorithm); @@ -131,17 +117,6 @@ _gnutls_hash_output (digest_hd_st * handle, void *digest) } } -inline static void -_gnutls_hash_reset (digest_hd_st * handle) -{ - if (handle->handle == NULL) - { - return; - } - - handle->reset (handle->handle); -} - void _gnutls_hash_deinit (digest_hd_st * handle, void *digest); @@ -162,8 +137,6 @@ int _gnutls_ssl3_hash_md5 (const void *first, int first_len, const void *second, int second_len, int ret_len, uint8_t * ret); -void _gnutls_mac_reset_ssl3 (digest_hd_st * handle); - int _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, void *digest, uint8_t * key, uint32_t key_size); diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index acaacf4a84..ac10fd7ccb 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -68,18 +68,6 @@ struct nettle_hmac_ctx struct hmac_sha1_ctx sha1; } ctx; - /* this is the context just after - * the set_key. Used in reset(). - */ - union - { - struct hmac_md5_ctx md5; - struct hmac_sha224_ctx sha224; - struct hmac_sha256_ctx sha256; - struct hmac_sha384_ctx sha384; - struct hmac_sha512_ctx sha512; - struct hmac_sha1_ctx sha1; - } init_ctx; void *ctx_ptr; gnutls_mac_algorithm_t algo; size_t length; @@ -210,19 +198,9 @@ wrap_nettle_hmac_setkey (void *_ctx, const void *key, size_t keylen) ctx->setkey (ctx->ctx_ptr, keylen, key); - memcpy(&ctx->init_ctx, &ctx->ctx, sizeof(ctx->ctx)); - return GNUTLS_E_SUCCESS; } -static void -wrap_nettle_hmac_reset (void *_ctx) -{ - struct nettle_hmac_ctx *ctx = _ctx; - - memcpy(&ctx->ctx, &ctx->init_ctx, sizeof(ctx->ctx)); -} - static int wrap_nettle_hmac_update (void *_ctx, const void *text, size_t textsize) { @@ -413,21 +391,10 @@ wrap_nettle_hash_output (void *src_ctx, void *digest, size_t digestsize) return 0; } -static void -wrap_nettle_hash_reset (void *src_ctx) -{ - struct nettle_hash_ctx *ctx; - ctx = src_ctx; - - _ctx_init(ctx->algo, ctx->ctx_ptr); -} - - gnutls_crypto_mac_st _gnutls_mac_ops = { .init = wrap_nettle_hmac_init, .setkey = wrap_nettle_hmac_setkey, .hash = wrap_nettle_hmac_update, - .reset = wrap_nettle_hmac_reset, .output = wrap_nettle_hmac_output, .deinit = wrap_nettle_hmac_deinit, .fast = wrap_nettle_hmac_fast, @@ -437,7 +404,6 @@ gnutls_crypto_mac_st _gnutls_mac_ops = { gnutls_crypto_digest_st _gnutls_digest_ops = { .init = wrap_nettle_hash_init, .hash = wrap_nettle_hash_update, - .reset = wrap_nettle_hash_reset, .output = wrap_nettle_hash_output, .deinit = wrap_nettle_hash_deinit, .fast = wrap_nettle_hash_fast, |