X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fopenssl%2Fprf.c;h=4412529621abc3bd36c44f94be3b170ee94b0c6e;hb=d917c8cb6b69475d568ccbe82389b9f2b3eb5e80;hp=648a157b4eba96d1aa2796fbf9de0212c181fadd;hpb=3d75dbc0880484ff6d2f689a9b981def3cd75b5e;p=tinc

diff --git a/src/openssl/prf.c b/src/openssl/prf.c
index 648a157b..44125296 100644
--- a/src/openssl/prf.c
+++ b/src/openssl/prf.c
@@ -19,16 +19,18 @@
 
 #include "system.h"
 
+#include <openssl/obj_mac.h>
+
 #include "digest.h"
 #include "prf.h"
 
 /* Generate key material from a master secret and a seed, based on RFC 4346 section 5.
-   We use SHA512 and Whirlpool instead of MD5 and SHA1.
+   We use SHA512 instead of MD5 and SHA1.
  */
 
 static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, ssize_t outlen) {
 	digest_t digest;
-	
+
 	if(!digest_open_by_nid(&digest, nid, -1))
 		return false;
 
@@ -66,11 +68,8 @@ static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, s
 }
 
 bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) {
-	/* Split secret in half, generate outlen bits with two different hash algorithms,
-	   and XOR the results. */
-
+	/* This construction allows us to easily switch back to a scheme where the PRF is calculated using two different digest algorithms. */
 	memset(out, 0, outlen);
 
-	return prf_xor(NID_sha512, secret, (secretlen + 1) / 2, seed, seedlen, out, outlen)
-		&& prf_xor(NID_whirlpool, secret + secretlen / 2, (secretlen + 1) / 2, seed, seedlen, out, outlen);
+	return prf_xor(NID_sha512, secret, secretlen, seed, seedlen, out, outlen);
 }