svn commit: r266060 - stable/9/sys/netinet

[Michael Tuexen]

Author: tuexen
Date: Wed May 14 17:45:10 2014
New Revision: 266060
URL: http://svnweb.freebsd.org/changeset/base/266060

Log:
  MFC r257804:
  
  Get rid of the artification limitation enforced by
  SCTP_AUTH_RANDOM_SIZE_MAX.
  This was suggested by Andrew Galante.

Modified:
  stable/9/sys/netinet/sctp_auth.c
  stable/9/sys/netinet/sctp_auth.h
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/netinet/sctp_auth.c
==============================================================================
--- stable/9/sys/netinet/sctp_auth.c	Wed May 14 17:43:49 2014	(r266059)
+++ stable/9/sys/netinet/sctp_auth.c	Wed May 14 17:45:10 2014	(r266060)
@@ -333,10 +333,6 @@ sctp_generate_random_key(uint32_t keylen
 {
 	sctp_key_t *new_key;
 
-	/* validate keylen */
-	if (keylen > SCTP_AUTH_RANDOM_SIZE_MAX)
-		keylen = SCTP_AUTH_RANDOM_SIZE_MAX;
-
 	new_key = sctp_alloc_key(keylen);
 	if (new_key == NULL) {
 		/* out of memory */
@@ -374,7 +370,7 @@ sctp_compare_key(sctp_key_t * key1, sctp
 	uint32_t i;
 	uint32_t key1len, key2len;
 	uint8_t *key_1, *key_2;
-	uint8_t temp[SCTP_AUTH_RANDOM_SIZE_MAX];
+	uint8_t val1, val2;
 
 	/* sanity/length check */
 	key1len = sctp_get_keylen(key1);
@@ -386,38 +382,24 @@ sctp_compare_key(sctp_key_t * key1, sctp
 	else if (key2len == 0)
 		return (1);
 
-	if (key1len != key2len) {
-		if (key1len >= key2len)
-			maxlen = key1len;
-		else
-			maxlen = key2len;
-		bzero(temp, maxlen);
-		if (key1len < maxlen) {
-			/* prepend zeroes to key1 */
-			bcopy(key1->key, temp + (maxlen - key1len), key1len);
-			key_1 = temp;
-			key_2 = key2->key;
-		} else {
-			/* prepend zeroes to key2 */
-			bcopy(key2->key, temp + (maxlen - key2len), key2len);
-			key_1 = key1->key;
-			key_2 = temp;
-		}
+	if (key1len < key2len) {
+		maxlen = key2len;
 	} else {
 		maxlen = key1len;
-		key_1 = key1->key;
-		key_2 = key2->key;
 	}
-
+	key_1 = key1->key;
+	key_2 = key2->key;
+	/* check for numeric equality */
 	for (i = 0; i < maxlen; i++) {
-		if (*key_1 > *key_2)
+		/* left-pad with zeros */
+		val1 = (i < (maxlen - key1len)) ? 0 : *(key_1++);
+		val2 = (i < (maxlen - key2len)) ? 0 : *(key_2++);
+		if (val1 > val2) {
 			return (1);
-		else if (*key_1 < *key_2)
+		} else if (val1 < val2) {
 			return (-1);
-		key_1++;
-		key_2++;
+		}
 	}
-
 	/* keys are equal value, so check lengths */
 	if (key1len == key2len)
 		return (0);

Modified: stable/9/sys/netinet/sctp_auth.h
==============================================================================
--- stable/9/sys/netinet/sctp_auth.h	Wed May 14 17:43:49 2014	(r266059)
+++ stable/9/sys/netinet/sctp_auth.h	Wed May 14 17:45:10 2014	(r266060)
@@ -46,7 +46,6 @@ __FBSDID("$FreeBSD$");
 /* random sizes */
 #define SCTP_AUTH_RANDOM_SIZE_DEFAULT	32
 #define SCTP_AUTH_RANDOM_SIZE_REQUIRED	32
-#define SCTP_AUTH_RANDOM_SIZE_MAX	256
 
 /* union of all supported HMAC algorithm contexts */
 typedef union sctp_hash_context {