From 23e144daf4090659305e93decb4e1e496c28a884 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Mon, 25 Jul 2011 15:24:04 +0000 Subject: [PATCH] * Remove hash/hmac restart from crypto backend and make it part of hash/hmac final. Some backend implementation did reset context by default, so this should create backend api consistent. git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@578 36d66b0a-2a48-0410-832c-cd162a569da5 --- ChangeLog | 3 +++ lib/crypt_plain.c | 2 -- lib/crypto_backend/crypto_backend.h | 2 -- lib/crypto_backend/crypto_gcrypt.c | 10 ++++++---- lib/crypto_backend/crypto_kernel.c | 10 ---------- lib/crypto_backend/crypto_nettle.c | 7 ++++--- lib/crypto_backend/crypto_nss.c | 10 ++++++++-- lib/crypto_backend/crypto_openssl.c | 10 +++++++--- lib/luks1/pbkdf.c | 3 --- 9 files changed, 28 insertions(+), 29 deletions(-) diff --git a/ChangeLog b/ChangeLog index 97abf41..fd985ca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2011-07-25 Milan Broz + * Remove hash/hmac restart from crypto backend and make it part of hash/hmac final. + 2011-07-19 Milan Broz * Revert default initialisation of volume key in crypt_init_by_name(). * Do not allow key retrieval while suspended (key could be wiped). diff --git a/lib/crypt_plain.c b/lib/crypt_plain.c index c6d1b1d..31f6346 100644 --- a/lib/crypt_plain.c +++ b/lib/crypt_plain.c @@ -54,8 +54,6 @@ static int hash(const char *hash_name, size_t key_size, char *key, key += len; key_size -= len; - if (key_size && crypt_hash_restart(md)) - r = 1; } crypt_hash_destroy(md); diff --git a/lib/crypto_backend/crypto_backend.h b/lib/crypto_backend/crypto_backend.h index 85b8107..7524504 100644 --- a/lib/crypto_backend/crypto_backend.h +++ b/lib/crypto_backend/crypto_backend.h @@ -16,7 +16,6 @@ uint32_t crypt_backend_flags(void); /* HASH */ int crypt_hash_size(const char *name); int crypt_hash_init(struct crypt_hash **ctx, const char *name); -int crypt_hash_restart(struct crypt_hash *ctx); int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length); int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length); int crypt_hash_destroy(struct crypt_hash *ctx); @@ -25,7 +24,6 @@ int crypt_hash_destroy(struct crypt_hash *ctx); int crypt_hmac_size(const char *name); int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, const void *buffer, size_t length); -int crypt_hmac_restart(struct crypt_hmac *ctx); int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length); int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length); int crypt_hmac_destroy(struct crypt_hmac *ctx); diff --git a/lib/crypto_backend/crypto_gcrypt.c b/lib/crypto_backend/crypto_gcrypt.c index 3774d7e..2c9e72d 100644 --- a/lib/crypto_backend/crypto_gcrypt.c +++ b/lib/crypto_backend/crypto_gcrypt.c @@ -117,10 +117,9 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) return 0; } -int crypt_hash_restart(struct crypt_hash *ctx) +static void crypt_hash_restart(struct crypt_hash *ctx) { gcry_md_reset(ctx->hd); - return 0; } int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length) @@ -140,6 +139,8 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) if (!hash) return -EINVAL; + crypt_hash_restart(ctx); + memcpy(buffer, hash, length); return 0; } @@ -191,10 +192,9 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, return 0; } -int crypt_hmac_restart(struct crypt_hmac *ctx) +static void crypt_hmac_restart(struct crypt_hmac *ctx) { gcry_md_reset(ctx->hd); - return 0; } int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length) @@ -214,6 +214,8 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) if (!hash) return -EINVAL; + crypt_hmac_restart(ctx); + memcpy(buffer, hash, length); return 0; } diff --git a/lib/crypto_backend/crypto_kernel.c b/lib/crypto_backend/crypto_kernel.c index bb5dcfe..8f95d89 100644 --- a/lib/crypto_backend/crypto_kernel.c +++ b/lib/crypto_backend/crypto_kernel.c @@ -176,11 +176,6 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) return 0; } -int crypt_hash_restart(struct crypt_hash *ctx) -{ - return 0; -} - int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length) { ssize_t r; @@ -261,11 +256,6 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, return 0; } -int crypt_hmac_restart(struct crypt_hmac *ctx) -{ - return 0; -} - int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length) { ssize_t r; diff --git a/lib/crypto_backend/crypto_nettle.c b/lib/crypto_backend/crypto_nettle.c index 37c9b85..b8d000b 100644 --- a/lib/crypto_backend/crypto_nettle.c +++ b/lib/crypto_backend/crypto_nettle.c @@ -159,10 +159,9 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) return 0; } -int crypt_hash_restart(struct crypt_hash *ctx) +static void crypt_hash_restart(struct crypt_hash *ctx) { ctx->hash->init(&ctx->nettle_ctx); - return 0; } int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length) @@ -177,6 +176,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) return -EINVAL; ctx->hash->digest(&ctx->nettle_ctx, length, (uint8_t *)buffer); + crypt_hash_restart(ctx); return 0; } @@ -225,7 +225,7 @@ bad: return -EINVAL; } -int crypt_hmac_restart(struct crypt_hmac *ctx) +static void crypt_hmac_restart(struct crypt_hmac *ctx) { ctx->hash->hmac_set_key(&ctx->nettle_ctx, ctx->key_length, ctx->key); return 0; @@ -243,6 +243,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) return -EINVAL; ctx->hash->hmac_digest(&ctx->nettle_ctx, length, (uint8_t *)buffer); + crypt_hmac_restart(ctx); return 0; } diff --git a/lib/crypto_backend/crypto_nss.c b/lib/crypto_backend/crypto_nss.c index 4dd1ce0..aaad274 100644 --- a/lib/crypto_backend/crypto_nss.c +++ b/lib/crypto_backend/crypto_nss.c @@ -121,7 +121,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) return 0; } -int crypt_hash_restart(struct crypt_hash *ctx) +static int crypt_hash_restart(struct crypt_hash *ctx) { if (PK11_DigestBegin(ctx->md) != SECSuccess) return -EINVAL; @@ -154,6 +154,9 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) if (tmp_len < length) return -EINVAL; + if (crypt_hash_restart(ctx)) + return -EINVAL; + return 0; } @@ -220,7 +223,7 @@ bad: return -EINVAL; } -int crypt_hmac_restart(struct crypt_hmac *ctx) +static int crypt_hmac_restart(struct crypt_hmac *ctx) { if (PK11_DigestBegin(ctx->md) != SECSuccess) return -EINVAL; @@ -253,6 +256,9 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) if (tmp_len < length) return -EINVAL; + if (crypt_hmac_restart(ctx)) + return -EINVAL; + return 0; } diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c index caf0c20..8b377fa 100644 --- a/lib/crypto_backend/crypto_openssl.c +++ b/lib/crypto_backend/crypto_openssl.c @@ -98,7 +98,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) return 0; } -int crypt_hash_restart(struct crypt_hash *ctx) +static int crypt_hash_restart(struct crypt_hash *ctx) { if (EVP_DigestInit(&ctx->md, ctx->hash_id) != 1) return -EINVAL; @@ -131,6 +131,9 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) if (tmp_len < length) return -EINVAL; + if (crypt_hash_restart(ctx)) + return -EINVAL; + return 0; } @@ -171,10 +174,9 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, return 0; } -int crypt_hmac_restart(struct crypt_hmac *ctx) +static void crypt_hmac_restart(struct crypt_hmac *ctx) { HMAC_Init_ex(&ctx->md, NULL, 0, ctx->hash_id, NULL); - return 0; } int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length) @@ -199,6 +201,8 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) if (tmp_len < length) return -EINVAL; + crypt_hmac_restart(ctx); + return 0; } diff --git a/lib/luks1/pbkdf.c b/lib/luks1/pbkdf.c index 0e7e8c0..c78ecd9 100644 --- a/lib/luks1/pbkdf.c +++ b/lib/luks1/pbkdf.c @@ -167,9 +167,6 @@ static int pkcs5_pbkdf2(const char *hash, memset(T, 0, hLen); for (u = 1; u <= c ; u++) { - if (crypt_hmac_restart(hmac)) - goto out; - if (u == 1) { memcpy(tmp, S, Slen); tmp[Slen + 0] = (i & 0xff000000) >> 24; -- 2.7.4