From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun, 12 Jul 2015 14:31:32 +0000 (+0200)
Subject: Fix the PRF function when compiling without OpenSSL.
X-Git-Tag: release-1.1pre12~101
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=9ca1750245b28ed8306f150b6371139c656be111

Fix the PRF function when compiling without OpenSSL.
---

diff --git a/src/nolegacy/prf.c b/src/nolegacy/prf.c
index 3c4c27ed..55c9923d 100644
--- a/src/nolegacy/prf.c
+++ b/src/nolegacy/prf.c
@@ -28,36 +28,38 @@ static void memxor(char *buf, char c, size_t len) {
 }
 
 static const size_t mdlen = 64;
+static const size_t blklen = 128;
 
 static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t msglen, char *out) {
-	char tmp[2 * mdlen];
+	char tmp[blklen + mdlen];
 	sha512_context md;
 
-	if(keylen <= mdlen) {
+	if(keylen <= blklen) {
 		memcpy(tmp, key, keylen);
-		memset(tmp + keylen, 0, mdlen - keylen);
+		memset(tmp + keylen, 0, blklen - keylen);
 	} else {
 		if(sha512(key, keylen, tmp) != 0)
 			return false;
+		memset(tmp + mdlen, 0, blklen - mdlen);
 	}
 
 	if(sha512_init(&md) != 0)
 		return false;
 
 	// ipad
-	memxor(tmp, 0x36, mdlen);
-	if(sha512_update(&md, tmp, mdlen) != 0)
+	memxor(tmp, 0x36, blklen);
+	if(sha512_update(&md, tmp, blklen) != 0)
 		return false;
 
 	// message
 	if(sha512_update(&md, msg, msglen) != 0)
 		return false;
 
-	if(sha512_final(&md, tmp + mdlen) != 0)
+	if(sha512_final(&md, tmp + blklen) != 0)
 		return false;
 
 	// opad
-	memxor(tmp, 0x36 ^ 0x5c, mdlen);
+	memxor(tmp, 0x36 ^ 0x5c, blklen);
 	if(sha512(tmp, sizeof tmp, out) != 0)
 		return false;
 
@@ -82,17 +84,17 @@ bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char
 
 	while(outlen > 0) {
 		/* Inner HMAC */
-		if(!hmac_sha512(data, sizeof data, secret, secretlen, data))
+		if(!hmac_sha512(secret, secretlen, data, sizeof data, data))
 			return false;
 
 		/* Outer HMAC */
 		if(outlen >= mdlen) {
-			if(!hmac_sha512(data, sizeof data, secret, secretlen, out))
+			if(!hmac_sha512(secret, secretlen, data, sizeof data, out))
 				return false;
 			out += mdlen;
 			outlen -= mdlen;
 		} else {
-			if(!hmac_sha512(data, sizeof data, secret, secretlen, hash))
+			if(!hmac_sha512(secret, secretlen, data, sizeof data, hash))
 				return false;
 			memcpy(out, hash, outlen);
 			out += outlen;