mac: change preimage_insecure to be a flag

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

diff --git a/lib/algorithms.h b/lib/algorithms.h
index 7f27b2270d560a7e567a84f2f78a32313ea595d9..5bca9cd8f6f049a6fba1b861eaf291de8a7b1242 100644 (file)
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -183,7 +183,7 @@ inline static int _gnutls_digest_is_secure(const mac_entry_st * e)
        if (unlikely(e == NULL))
                return 0;
        else
-               return (e->preimage_insecure==0);
+               return !(e->flags & GNUTLS_MAC_FLAG_PREIMAGE_INSECURE);
 }
 
 /* Functions for cipher suites. */

diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index fc2e99b186c06cab9e48c4d6a396ff0c09f4df54..7c7cf462150af6314a103c88ffe8d1f739182e4a 100644 (file)
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -49,7 +49,7 @@ mac_entry_st hash_algorithms[] = {
         .id = GNUTLS_MAC_MD5_SHA1,
         .output_size = 36,
         .key_size = 36,
-        .preimage_insecure = 1,
+        .flags = GNUTLS_MAC_FLAG_PREIMAGE_INSECURE,
         .block_size = 64},
        {.name = "SHA256",
         .oid = HASH_OID_SHA256,
@@ -121,11 +121,11 @@ mac_entry_st hash_algorithms[] = {
         .id = GNUTLS_MAC_MD5,
         .output_size = 16,
         .key_size = 16,
-        .preimage_insecure = 1,
+        .flags = GNUTLS_MAC_FLAG_PREIMAGE_INSECURE,
         .block_size = 64},
        {.name = "MD2",
         .oid = HASH_OID_MD2,
-        .preimage_insecure = 1,
+        .flags = GNUTLS_MAC_FLAG_PREIMAGE_INSECURE,
         .id = GNUTLS_MAC_MD2},
        {.name = "RIPEMD160",
         .oid = HASH_OID_RMD160,
@@ -276,7 +276,7 @@ int _gnutls_digest_mark_insecure(const char *name)
 
        for(p = hash_algorithms; p->name != NULL; p++) {
                if (p->oid != NULL && c_strcasecmp(p->name, name) == 0) {
-                       p->preimage_insecure = 1;
+                       p->flags |= GNUTLS_MAC_FLAG_PREIMAGE_INSECURE;
                        return 0;
                }
        }
@@ -291,7 +291,7 @@ unsigned _gnutls_digest_is_insecure(gnutls_digest_algorithm_t dig)
 
        for(p = hash_algorithms; p->name != NULL; p++) {
                if (p->oid != NULL && p->id == (gnutls_mac_algorithm_t)dig) {
-                       return p->preimage_insecure;
+                       return p->flags & GNUTLS_MAC_FLAG_PREIMAGE_INSECURE;
                }
        }
 

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 33c2318030653dfa98f28bafc740dd738db50fab..ea9d00852ab0e9a8ad6ac40585832e7cd2927167 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -693,6 +693,7 @@ typedef struct gnutls_group_entry_st {
        unsigned tls_id;                /* The RFC4492 namedCurve ID or TLS 1.3 group ID */
 } gnutls_group_entry_st;
 
+#define GNUTLS_MAC_FLAG_PREIMAGE_INSECURE      1  /* if this algorithm should not be trusted for pre-image attacks */
 /* This structure is used both for MACs and digests
  */
 typedef struct mac_entry_st {
@@ -705,7 +706,7 @@ typedef struct mac_entry_st {
        unsigned nonce_size;
        unsigned placeholder;   /* if set, then not a real MAC */
        unsigned block_size;    /* internal block size for HMAC */
-       unsigned preimage_insecure; /* if this algorithm should not be trusted for pre-image attacks */
+       unsigned flags;
 } mac_entry_st;
 
 typedef struct {