Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Jan 2009 15:40:48 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org,  svn-src-head@freebsd.org
Subject:   Re: svn commit: r187826 - head/sys/opencrypto
Message-ID:  <20090128153859.B45963@maildrop.int.zabbadoz.net>
In-Reply-To: <200901281531.n0SFVGvi024257@svn.freebsd.org>
References:  <200901281531.n0SFVGvi024257@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 28 Jan 2009, Bjoern A. Zeeb wrote:

> Author: bz
> Date: Wed Jan 28 15:31:16 2009
> New Revision: 187826
> URL: http://svn.freebsd.org/changeset/base/187826
>
> Log:
>  While OpenBSD's crypto/ framework has sha1 and md5 implementations that
>  can cope with a result buffer of NULL in the "Final" function, we cannot.
>  Thus pass in a temporary buffer long enough for either md5 or sha1 results
>  so that we do not panic.


There is on thing in the code I didn't want to change:

We are not interested in the result of the operation and MD5Final would
bzero the sw->sw_ictx as well.

So why are we (and every one else using similar code) doing the
calculation at all?

I feel like I must be missing something here...


>  PR:		bin/126468
>  MFC after:	1 week
>
> Modified:
>  head/sys/opencrypto/cryptosoft.c
>
> Modified: head/sys/opencrypto/cryptosoft.c
> ==============================================================================
> --- head/sys/opencrypto/cryptosoft.c	Wed Jan 28 15:22:44 2009	(r187825)
> +++ head/sys/opencrypto/cryptosoft.c	Wed Jan 28 15:31:16 2009	(r187826)
> @@ -433,12 +433,17 @@ swcr_authprepare(struct auth_hash *axf,
> 		break;
> 	case CRYPTO_MD5_KPDK:
> 	case CRYPTO_SHA1_KPDK:
> +	{
> +		/* We need a buffer that can hold an md5 and a sha1 result. */
> +		u_char buf[SHA1_RESULTLEN];
> +
> 		sw->sw_klen = klen;
> 		bcopy(key, sw->sw_octx, klen);
> 		axf->Init(sw->sw_ictx);
> 		axf->Update(sw->sw_ictx, key, klen);
> -		axf->Final(NULL, sw->sw_ictx);
> +		axf->Final(buf, sw->sw_ictx);
> 		break;
> +	}
> 	default:
> 		printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d "
> 		    "doesn't use keys.\n", __func__, axf->type);
>

-- 
Bjoern A. Zeeb                      The greatest risk is not taking one.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090128153859.B45963>