From owner-svn-src-all@FreeBSD.ORG Wed Jan 28 15:45:07 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 403AC1065697; Wed, 28 Jan 2009 15:45:07 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id EAAF58FC21; Wed, 28 Jan 2009 15:45:06 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 31D1C41C733; Wed, 28 Jan 2009 16:45:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id oLGPsOTNN2vu; Wed, 28 Jan 2009 16:45:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id A8C4741C730; Wed, 28 Jan 2009 16:45:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0DD3F4448E6; Wed, 28 Jan 2009 15:40:49 +0000 (UTC) Date: Wed, 28 Jan 2009 15:40:48 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org In-Reply-To: <200901281531.n0SFVGvi024257@svn.freebsd.org> Message-ID: <20090128153859.B45963@maildrop.int.zabbadoz.net> References: <200901281531.n0SFVGvi024257@svn.freebsd.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: Re: svn commit: r187826 - head/sys/opencrypto X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2009 15:45:08 -0000 On Wed, 28 Jan 2009, Bjoern A. Zeeb wrote: > Author: bz > Date: Wed Jan 28 15:31:16 2009 > New Revision: 187826 > URL: http://svn.freebsd.org/changeset/base/187826 > > Log: > While OpenBSD's crypto/ framework has sha1 and md5 implementations that > can cope with a result buffer of NULL in the "Final" function, we cannot. > Thus pass in a temporary buffer long enough for either md5 or sha1 results > so that we do not panic. There is on thing in the code I didn't want to change: We are not interested in the result of the operation and MD5Final would bzero the sw->sw_ictx as well. So why are we (and every one else using similar code) doing the calculation at all? I feel like I must be missing something here... > PR: bin/126468 > MFC after: 1 week > > Modified: > head/sys/opencrypto/cryptosoft.c > > Modified: head/sys/opencrypto/cryptosoft.c > ============================================================================== > --- head/sys/opencrypto/cryptosoft.c Wed Jan 28 15:22:44 2009 (r187825) > +++ head/sys/opencrypto/cryptosoft.c Wed Jan 28 15:31:16 2009 (r187826) > @@ -433,12 +433,17 @@ swcr_authprepare(struct auth_hash *axf, > break; > case CRYPTO_MD5_KPDK: > case CRYPTO_SHA1_KPDK: > + { > + /* We need a buffer that can hold an md5 and a sha1 result. */ > + u_char buf[SHA1_RESULTLEN]; > + > sw->sw_klen = klen; > bcopy(key, sw->sw_octx, klen); > axf->Init(sw->sw_ictx); > axf->Update(sw->sw_ictx, key, klen); > - axf->Final(NULL, sw->sw_ictx); > + axf->Final(buf, sw->sw_ictx); > break; > + } > default: > printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d " > "doesn't use keys.\n", __func__, axf->type); > -- Bjoern A. Zeeb The greatest risk is not taking one.