svn commit: r187826 - head/sys/opencrypto
Bjoern A. Zeeb
bz at FreeBSD.org
Wed Jan 28 07:45:08 PST 2009
On Wed, 28 Jan 2009, Bjoern A. Zeeb wrote:
> Author: bz
> Date: Wed Jan 28 15:31:16 2009
> New Revision: 187826
> URL: http://svn.freebsd.org/changeset/base/187826
>
> Log:
> While OpenBSD's crypto/ framework has sha1 and md5 implementations that
> can cope with a result buffer of NULL in the "Final" function, we cannot.
> Thus pass in a temporary buffer long enough for either md5 or sha1 results
> so that we do not panic.
There is on thing in the code I didn't want to change:
We are not interested in the result of the operation and MD5Final would
bzero the sw->sw_ictx as well.
So why are we (and every one else using similar code) doing the
calculation at all?
I feel like I must be missing something here...
> PR: bin/126468
> MFC after: 1 week
>
> Modified:
> head/sys/opencrypto/cryptosoft.c
>
> Modified: head/sys/opencrypto/cryptosoft.c
> ==============================================================================
> --- head/sys/opencrypto/cryptosoft.c Wed Jan 28 15:22:44 2009 (r187825)
> +++ head/sys/opencrypto/cryptosoft.c Wed Jan 28 15:31:16 2009 (r187826)
> @@ -433,12 +433,17 @@ swcr_authprepare(struct auth_hash *axf,
> break;
> case CRYPTO_MD5_KPDK:
> case CRYPTO_SHA1_KPDK:
> + {
> + /* We need a buffer that can hold an md5 and a sha1 result. */
> + u_char buf[SHA1_RESULTLEN];
> +
> sw->sw_klen = klen;
> bcopy(key, sw->sw_octx, klen);
> axf->Init(sw->sw_ictx);
> axf->Update(sw->sw_ictx, key, klen);
> - axf->Final(NULL, sw->sw_ictx);
> + axf->Final(buf, sw->sw_ictx);
> break;
> + }
> default:
> printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d "
> "doesn't use keys.\n", __func__, axf->type);
>
--
Bjoern A. Zeeb The greatest risk is not taking one.
More information about the svn-src-all
mailing list