* Remove hash/hmac restart from crypto backend and make it part of hash/hmac final.

Some backend implementation did reset context by default, so this
should create backend api consistent.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@578 36d66b0a-2a48-0410-832c-cd162a569da5

diff --git a/ChangeLog b/ChangeLog
index 97abf41..fd985ca 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2011-07-25  Milan Broz  <mbroz@redhat.com>
+       * Remove hash/hmac restart from crypto backend and make it part of hash/hmac final.
+
 2011-07-19  Milan Broz  <mbroz@redhat.com>
        * Revert default initialisation of volume key in crypt_init_by_name().
        * Do not allow key retrieval while suspended (key could be wiped).

diff --git a/lib/crypt_plain.c b/lib/crypt_plain.c
index c6d1b1d..31f6346 100644 (file)
--- a/lib/crypt_plain.c
+++ b/lib/crypt_plain.c
@@ -54,8 +54,6 @@ static int hash(const char *hash_name, size_t key_size, char *key,
 
                key += len;
                key_size -= len;
-               if (key_size && crypt_hash_restart(md))
-                       r = 1;
        }
 
        crypt_hash_destroy(md);

diff --git a/lib/crypto_backend/crypto_backend.h b/lib/crypto_backend/crypto_backend.h
index 85b8107..7524504 100644 (file)
--- a/lib/crypto_backend/crypto_backend.h
+++ b/lib/crypto_backend/crypto_backend.h
@@ -16,7 +16,6 @@ uint32_t crypt_backend_flags(void);
 /* HASH */
 int crypt_hash_size(const char *name);
 int crypt_hash_init(struct crypt_hash **ctx, const char *name);
-int crypt_hash_restart(struct crypt_hash *ctx);
 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length);
 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length);
 int crypt_hash_destroy(struct crypt_hash *ctx);
@@ -25,7 +24,6 @@ int crypt_hash_destroy(struct crypt_hash *ctx);
 int crypt_hmac_size(const char *name);
 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
                    const void *buffer, size_t length);
-int crypt_hmac_restart(struct crypt_hmac *ctx);
 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length);
 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length);
 int crypt_hmac_destroy(struct crypt_hmac *ctx);

diff --git a/lib/crypto_backend/crypto_gcrypt.c b/lib/crypto_backend/crypto_gcrypt.c
index 3774d7e..2c9e72d 100644 (file)
--- a/lib/crypto_backend/crypto_gcrypt.c
+++ b/lib/crypto_backend/crypto_gcrypt.c
@@ -117,10 +117,9 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
        return 0;
 }
 
-int crypt_hash_restart(struct crypt_hash *ctx)
+static void crypt_hash_restart(struct crypt_hash *ctx)
 {
        gcry_md_reset(ctx->hd);
-       return 0;
 }
 
 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
@@ -140,6 +139,8 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
        if (!hash)
                return -EINVAL;
 
+       crypt_hash_restart(ctx);
+
        memcpy(buffer, hash, length);
        return 0;
 }
@@ -191,10 +192,9 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
        return 0;
 }
 
-int crypt_hmac_restart(struct crypt_hmac *ctx)
+static void crypt_hmac_restart(struct crypt_hmac *ctx)
 {
        gcry_md_reset(ctx->hd);
-       return 0;
 }
 
 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
@@ -214,6 +214,8 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
        if (!hash)
                return -EINVAL;
 
+       crypt_hmac_restart(ctx);
+
        memcpy(buffer, hash, length);
        return 0;
 }

diff --git a/lib/crypto_backend/crypto_kernel.c b/lib/crypto_backend/crypto_kernel.c
index bb5dcfe..8f95d89 100644 (file)
--- a/lib/crypto_backend/crypto_kernel.c
+++ b/lib/crypto_backend/crypto_kernel.c
@@ -176,11 +176,6 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
        return 0;
 }
 
-int crypt_hash_restart(struct crypt_hash *ctx)
-{
-       return 0;
-}
-
 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
 {
        ssize_t r;
@@ -261,11 +256,6 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
        return 0;
 }
 
-int crypt_hmac_restart(struct crypt_hmac *ctx)
-{
-       return 0;
-}
-
 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
 {
        ssize_t r;

diff --git a/lib/crypto_backend/crypto_nettle.c b/lib/crypto_backend/crypto_nettle.c
index 37c9b85..b8d000b 100644 (file)
--- a/lib/crypto_backend/crypto_nettle.c
+++ b/lib/crypto_backend/crypto_nettle.c
@@ -159,10 +159,9 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
        return 0;
 }
 
-int crypt_hash_restart(struct crypt_hash *ctx)
+static void crypt_hash_restart(struct crypt_hash *ctx)
 {
        ctx->hash->init(&ctx->nettle_ctx);
-       return 0;
 }
 
 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
@@ -177,6 +176,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
                return -EINVAL;
 
        ctx->hash->digest(&ctx->nettle_ctx, length, (uint8_t *)buffer);
+       crypt_hash_restart(ctx);
        return 0;
 }
 
@@ -225,7 +225,7 @@ bad:
        return -EINVAL;
 }
 
-int crypt_hmac_restart(struct crypt_hmac *ctx)
+static void crypt_hmac_restart(struct crypt_hmac *ctx)
 {
        ctx->hash->hmac_set_key(&ctx->nettle_ctx, ctx->key_length, ctx->key);
        return 0;
@@ -243,6 +243,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
                return -EINVAL;
 
        ctx->hash->hmac_digest(&ctx->nettle_ctx, length, (uint8_t *)buffer);
+       crypt_hmac_restart(ctx);
        return 0;
 }
 

diff --git a/lib/crypto_backend/crypto_nss.c b/lib/crypto_backend/crypto_nss.c
index 4dd1ce0..aaad274 100644 (file)
--- a/lib/crypto_backend/crypto_nss.c
+++ b/lib/crypto_backend/crypto_nss.c
@@ -121,7 +121,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
        return 0;
 }
 
-int crypt_hash_restart(struct crypt_hash *ctx)
+static int crypt_hash_restart(struct crypt_hash *ctx)
 {
        if (PK11_DigestBegin(ctx->md) != SECSuccess)
                return -EINVAL;
@@ -154,6 +154,9 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
        if (tmp_len < length)
                return -EINVAL;
 
+       if (crypt_hash_restart(ctx))
+               return -EINVAL;
+
        return 0;
 }
 
@@ -220,7 +223,7 @@ bad:
        return -EINVAL;
 }
 
-int crypt_hmac_restart(struct crypt_hmac *ctx)
+static int crypt_hmac_restart(struct crypt_hmac *ctx)
 {
        if (PK11_DigestBegin(ctx->md) != SECSuccess)
                return -EINVAL;
@@ -253,6 +256,9 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
        if (tmp_len < length)
                return -EINVAL;
 
+       if (crypt_hmac_restart(ctx))
+               return -EINVAL;
+
        return 0;
 }
 

diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c
index caf0c20..8b377fa 100644 (file)
--- a/lib/crypto_backend/crypto_openssl.c
+++ b/lib/crypto_backend/crypto_openssl.c
@@ -98,7 +98,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
        return 0;
 }
 
-int crypt_hash_restart(struct crypt_hash *ctx)
+static int crypt_hash_restart(struct crypt_hash *ctx)
 {
        if (EVP_DigestInit(&ctx->md, ctx->hash_id) != 1)
                return -EINVAL;
@@ -131,6 +131,9 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
        if (tmp_len < length)
                return -EINVAL;
 
+       if (crypt_hash_restart(ctx))
+               return -EINVAL;
+
        return 0;
 }
 
@@ -171,10 +174,9 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
        return 0;
 }
 
-int crypt_hmac_restart(struct crypt_hmac *ctx)
+static void crypt_hmac_restart(struct crypt_hmac *ctx)
 {
        HMAC_Init_ex(&ctx->md, NULL, 0, ctx->hash_id, NULL);
-       return 0;
 }
 
 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
@@ -199,6 +201,8 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
        if (tmp_len < length)
                return -EINVAL;
 
+       crypt_hmac_restart(ctx);
+
        return 0;
 }
 

diff --git a/lib/luks1/pbkdf.c b/lib/luks1/pbkdf.c
index 0e7e8c0..c78ecd9 100644 (file)
--- a/lib/luks1/pbkdf.c
+++ b/lib/luks1/pbkdf.c
@@ -167,9 +167,6 @@ static int pkcs5_pbkdf2(const char *hash,
                memset(T, 0, hLen);
 
                for (u = 1; u <= c ; u++) {
-                       if (crypt_hmac_restart(hmac))
-                               goto out;
-
                        if (u == 1) {
                                memcpy(tmp, S, Slen);
                                tmp[Slen + 0] = (i & 0xff000000) >> 24;