updates.

[silc.git] / lib / silccore / silcchannel.c

diff --git a/lib/silccore/silcchannel.c b/lib/silccore/silcchannel.c
index 2a853548826575e08387eabd0d4c843de3ae7320..5254c9ed59eb23d9b51b94623a058ba5d271c749 100644 (file)
--- a/lib/silccore/silcchannel.c
+++ b/lib/silccore/silcchannel.c
@@ -299,11 +299,23 @@ bool silc_channel_message_payload_decrypt(unsigned char *data,
 
     /* Check the MAC of the message */
     SILC_LOG_DEBUG(("Checking channel message MACs"));
-    silc_hmac_make(hmac, dst, (data_len - iv_len - mac_len), mac2, &mac_len);
+    silc_hmac_init(hmac);
+    silc_hmac_update(hmac, dst, (data_len - iv_len - mac_len));
+    silc_hmac_update(hmac, data + (data_len - iv_len), iv_len);
+    silc_hmac_final(hmac, mac2, &mac_len);
     if (memcmp(mac, mac2, mac_len)) {
+#if 1
+      /* Backwards support for old mac checking, remove in 1.0 */
+      silc_hmac_make(hmac, dst, (data_len - iv_len - mac_len), mac2, &mac_len);
+      if (memcmp(mac, mac2, mac_len)) {
+#endif
+
       SILC_LOG_DEBUG(("Channel message MACs does not match"));
       silc_free(dst);
       return FALSE;
+#if 1
+      }
+#endif
     }
     SILC_LOG_DEBUG(("MAC is Ok"));
 
@@ -395,7 +407,10 @@ bool silc_channel_message_payload_encrypt(unsigned char *data,
   SilcBufferStruct buf;
 
   /* Compute the MAC of the channel message data */
-  silc_hmac_make(hmac, data, data_len, mac, &mac_len);
+  silc_hmac_init(hmac);
+  silc_hmac_update(hmac, data, data_len);
+  silc_hmac_update(hmac, iv, iv_len);
+  silc_hmac_final(hmac, mac, &mac_len);
 
   /* Put rest of the data to the payload */
   silc_buffer_set(&buf, data, true_len);