2 files changed, 39 insertions, 20 deletions

diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index e14e7c898..3244a4371 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -561,19 +561,27 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
 void
 GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
                     const void *plaintext, size_t plaintext_len,
-                    struct GNUNET_HashCode * hmac)
+                    struct GNUNET_HashCode *hmac)
 {
-  gcry_md_hd_t md;
+  static int once;
+  static gcry_md_hd_t md;
   const unsigned char *mc;
 
-  GNUNET_assert (GPG_ERR_NO_ERROR ==
-                 gcry_md_open (&md, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC));
+  if (! once)
+  {
+    once = 1;
+    GNUNET_assert (GPG_ERR_NO_ERROR ==
+                   gcry_md_open (&md, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC));
+  }
+  else
+  {
+    gcry_md_reset (md);
+  }
   gcry_md_setkey (md, key->key, sizeof (key->key));
   gcry_md_write (md, plaintext, plaintext_len);
   mc = gcry_md_read (md, GCRY_MD_SHA512);
-  if (mc != NULL)
-    memcpy (hmac->bits, mc, sizeof (hmac->bits));
-  gcry_md_close (md);
+  GNUNET_assert (NULL != mc);
+  memcpy (hmac->bits, mc, sizeof (hmac->bits));
 }
 
 
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c
index 2b9387357..1fc13ceaa 100644
--- a/src/util/crypto_hkdf.c
+++ b/src/util/crypto_hkdf.c
@@ -135,33 +135,47 @@ dump (const char *src, const void *p, unsigned int l)
  * @param skm source key material
  * @param skm_len length of skm
  * @param argp va_list of void * & size_t pairs for context chunks
- * @return GNUNET_YES on success
+ * @return #GNUNET_YES on success
  */
 int
 GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo,
                       const void *xts, size_t xts_len, const void *skm,
                       size_t skm_len, va_list argp)
 {
+  static int once;
+  static gcry_md_hd_t xtr;
+  static gcry_md_hd_t prf;
   const void *hc;
-  unsigned long i, t, d;
+  unsigned long i;
+  unsigned long t;
+  unsigned long d;
   unsigned int k = gcry_md_get_algo_dlen (prf_algo);
   unsigned int xtr_len = gcry_md_get_algo_dlen (xtr_algo);
   char prk[xtr_len];
   int ret;
-  gcry_md_hd_t xtr, prf;
   size_t ctx_len;
   va_list args;
 
-  if (k == 0)
-    return GNUNET_SYSERR;
-
-  if (gcry_md_open (&xtr, xtr_algo, GCRY_MD_FLAG_HMAC) != GPG_ERR_NO_ERROR)
+  if (0 == k)
     return GNUNET_SYSERR;
+  if (! once)
+  {
+    if (GPG_ERR_NO_ERROR !=
+        gcry_md_open (&xtr, xtr_algo, GCRY_MD_FLAG_HMAC))
+      return GNUNET_SYSERR;
 
-  if (gcry_md_open (&prf, prf_algo, GCRY_MD_FLAG_HMAC) != GPG_ERR_NO_ERROR)
+    if (GPG_ERR_NO_ERROR !=
+        gcry_md_open (&prf, prf_algo, GCRY_MD_FLAG_HMAC))
+    {
+      gcry_md_close (xtr);
+      return GNUNET_SYSERR;
+    }
+    once = 1;
+  }
+  else
   {
-    gcry_md_close (xtr);
-    return GNUNET_SYSERR;
+    gcry_md_reset (xtr);
+    gcry_md_reset (prf);
   }
 
   va_copy (args, argp);
@@ -261,9 +275,6 @@ GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo,
 hkdf_error:
   ret = GNUNET_SYSERR;
 hkdf_ok:
-  gcry_md_close (prf);
-  gcry_md_close (xtr);
-
   return ret;
 }