diff options
| author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-10-21 13:57:55 +0300 |
|---|---|---|
| committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-10-21 14:17:26 +0300 |
| commit | 673422755dcc2327d6c8850de17e68ae05e08e29 (patch) | |
| tree | 25ea5d6573400d940cb1f90c0549aa9966336b8e | |
| parent | 9e6d30751c911a64cc0bbe37f65ca124a9ec51cc (diff) | |
| download | gnutls-673422755dcc2327d6c8850de17e68ae05e08e29.tar.gz | |
mac: change preimage_insecure to be a flag
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| -rw-r--r-- | lib/algorithms.h | 2 | ||||
| -rw-r--r-- | lib/algorithms/mac.c | 10 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 3 |
3 files changed, 8 insertions, 7 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h index 7f27b2270d..5bca9cd8f6 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -183,7 +183,7 @@ inline static int _gnutls_digest_is_secure(const mac_entry_st * e) if (unlikely(e == NULL)) return 0; else - return (e->preimage_insecure==0); + return !(e->flags & GNUTLS_MAC_FLAG_PREIMAGE_INSECURE); } /* Functions for cipher suites. */ diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index fc2e99b186..7c7cf46215 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -49,7 +49,7 @@ mac_entry_st hash_algorithms[] = { .id = GNUTLS_MAC_MD5_SHA1, .output_size = 36, .key_size = 36, - .preimage_insecure = 1, + .flags = GNUTLS_MAC_FLAG_PREIMAGE_INSECURE, .block_size = 64}, {.name = "SHA256", .oid = HASH_OID_SHA256, @@ -121,11 +121,11 @@ mac_entry_st hash_algorithms[] = { .id = GNUTLS_MAC_MD5, .output_size = 16, .key_size = 16, - .preimage_insecure = 1, + .flags = GNUTLS_MAC_FLAG_PREIMAGE_INSECURE, .block_size = 64}, {.name = "MD2", .oid = HASH_OID_MD2, - .preimage_insecure = 1, + .flags = GNUTLS_MAC_FLAG_PREIMAGE_INSECURE, .id = GNUTLS_MAC_MD2}, {.name = "RIPEMD160", .oid = HASH_OID_RMD160, @@ -276,7 +276,7 @@ int _gnutls_digest_mark_insecure(const char *name) for(p = hash_algorithms; p->name != NULL; p++) { if (p->oid != NULL && c_strcasecmp(p->name, name) == 0) { - p->preimage_insecure = 1; + p->flags |= GNUTLS_MAC_FLAG_PREIMAGE_INSECURE; return 0; } } @@ -291,7 +291,7 @@ unsigned _gnutls_digest_is_insecure(gnutls_digest_algorithm_t dig) for(p = hash_algorithms; p->name != NULL; p++) { if (p->oid != NULL && p->id == (gnutls_mac_algorithm_t)dig) { - return p->preimage_insecure; + return p->flags & GNUTLS_MAC_FLAG_PREIMAGE_INSECURE; } } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 33c2318030..ea9d00852a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -693,6 +693,7 @@ typedef struct gnutls_group_entry_st { unsigned tls_id; /* The RFC4492 namedCurve ID or TLS 1.3 group ID */ } gnutls_group_entry_st; +#define GNUTLS_MAC_FLAG_PREIMAGE_INSECURE 1 /* if this algorithm should not be trusted for pre-image attacks */ /* This structure is used both for MACs and digests */ typedef struct mac_entry_st { @@ -705,7 +706,7 @@ typedef struct mac_entry_st { unsigned nonce_size; unsigned placeholder; /* if set, then not a real MAC */ unsigned block_size; /* internal block size for HMAC */ - unsigned preimage_insecure; /* if this algorithm should not be trusted for pre-image attacks */ + unsigned flags; } mac_entry_st; typedef struct { |