X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=src%2Fopenssl%2Fprf.c;h=1c432c7dd5a399ffe4cb4a5aaa2369597ad5821f;hb=3fba80174dbe29bcfe0d121a2a1d2e61be5ee57b;hp=df7f445c4940adda32449a944009cb8febda2a85;hpb=b99656d84a88dad7935d5981fcdb43a5b2bfa417;p=meshlink

diff --git a/src/openssl/prf.c b/src/openssl/prf.c
index df7f445c..1c432c7d 100644
--- a/src/openssl/prf.c
+++ b/src/openssl/prf.c
@@ -19,14 +19,16 @@
 
 #include "system.h"
 
+#include <openssl/obj_mac.h>
+
 #include "digest.h"
 #include "prf.h"
 
 /* Generate key material from a master secret and a seed, based on RFC 4346 section 5.
-   We use SHA512 and Whirlpool instead of MD5 and SHA1.
+   We use SHA512 instead of MD5 and SHA1.
  */
 
-static bool prf_xor(int nid, char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, ssize_t outlen) {
+static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, ssize_t outlen) {
 	digest_t digest;
 	
 	if(!digest_open_by_nid(&digest, nid, -1))
@@ -65,12 +67,9 @@ static bool prf_xor(int nid, char *secret, size_t secretlen, char *seed, size_t
 	return true;
 }
 
-bool prf(char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) {
-	/* Split secret in half, generate outlen bits with two different hash algorithms,
-	   and XOR the results. */
-
+bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) {
+	/* This construction allows us to easily switch back to a scheme where the PRF is calculated using two different digest algorithms. */
 	memset(out, 0, outlen);
 
-	return prf_xor(NID_sha512, secret, (secretlen + 1) / 2, seed, seedlen, out, outlen)
-		&& prf_xor(NID_whirlpool, secret + secretlen / 2, (secretlen + 1) / 2, seed, seedlen, out, outlen);
+	return prf_xor(NID_sha512, secret, secretlen, seed, seedlen, out, outlen);
 }