From owner-svn-src-all@FreeBSD.ORG Sun Jan 17 13:36:40 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 999EF1065693; Sun, 17 Jan 2010 13:36:40 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 879B78FC1A; Sun, 17 Jan 2010 13:36:40 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o0HDae6m037764; Sun, 17 Jan 2010 13:36:40 GMT (envelope-from bz@svn.freebsd.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o0HDaesC037761; Sun, 17 Jan 2010 13:36:40 GMT (envelope-from bz@svn.freebsd.org) Message-Id: <201001171336.o0HDaesC037761@svn.freebsd.org> From: "Bjoern A. Zeeb" Date: Sun, 17 Jan 2010 13:36:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org X-SVN-Group: stable-6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r202479 - in stable/6: . sys/opencrypto X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jan 2010 13:36:40 -0000 Author: bz Date: Sun Jan 17 13:36:40 2010 New Revision: 202479 URL: http://svn.freebsd.org/changeset/base/202479 Log: MFC r201898: Add comments trying to explain what bad things happen here, i.e. how hashed MD5/SHA are implemented, abusing Final() for padding and sw_octx to transport the key from the beginning to the end. Enlightened about what was going on here by: cperciva Reviewed by: cperciva Modified: stable/6/Makefile (contents, props changed) stable/6/sys/opencrypto/cryptosoft.c Directory Properties: stable/6/sys/ (props changed) stable/6/sys/contrib/pf/ (props changed) stable/6/sys/dev/cxgb/ (props changed) Modified: stable/6/Makefile ============================================================================== --- stable/6/Makefile Sun Jan 17 13:36:25 2010 (r202478) +++ stable/6/Makefile Sun Jan 17 13:36:40 2010 (r202479) @@ -262,12 +262,14 @@ make: .PHONY # existing system is. # .if make(universe) +TARGETS?=alpha amd64 i386 ia64 pc98 powerpc sparc64 + universe: universe_prologue universe_prologue: @echo "--------------------------------------------------------------" @echo ">>> make universe started on ${STARTTIME}" @echo "--------------------------------------------------------------" -.for target in alpha amd64 i386 ia64 pc98 powerpc sparc64 +.for target in ${TARGETS} KERNCONFS!= cd ${.CURDIR}/sys/${target}/conf && \ find [A-Z]*[A-Z] -type f -maxdepth 0 \ ! -name DEFAULTS ! -name LINT @@ -275,22 +277,30 @@ KERNCONFS:= ${KERNCONFS:S/^NOTES$/LINT/} universe: universe_${target} .ORDER: universe_prologue universe_${target} universe_epilogue universe_${target}: +.if !defined(MAKE_JUST_KERNELS) @echo ">> ${target} started on `LC_ALL=C date`" - -cd ${.CURDIR} && ${MAKE} ${JFLAG} buildworld \ + @(cd ${.CURDIR} && env __MAKE_CONF=/dev/null \ + ${MAKE} ${JFLAG} buildworld \ TARGET=${target} \ - __MAKE_CONF=/dev/null \ - > _.${target}.buildworld 2>&1 + > _.${target}.buildworld 2>&1 || \ + echo "${target} world failed," \ + "check _.${target}.buildworld for details") @echo ">> ${target} buildworld completed on `LC_ALL=C date`" +.endif .if exists(${.CURDIR}/sys/${target}/conf/NOTES) - -cd ${.CURDIR}/sys/${target}/conf && ${MAKE} LINT \ - > ${.CURDIR}/_.${target}.makeLINT 2>&1 + @(cd ${.CURDIR}/sys/${target}/conf && env __MAKE_CONF=/dev/null \ + ${MAKE} LINT > ${.CURDIR}/_.${target}.makeLINT 2>&1 || \ + echo "${target} 'make LINT' failed," \ + "check _.${target}.makeLINT for details") .endif .for kernel in ${KERNCONFS} - -cd ${.CURDIR} && ${MAKE} ${JFLAG} buildkernel \ + @(cd ${.CURDIR} && env __MAKE_CONF=/dev/null \ + ${MAKE} ${JFLAG} buildkernel \ TARGET=${target} \ KERNCONF=${kernel} \ - __MAKE_CONF=/dev/null \ - > _.${target}.${kernel} 2>&1 + > _.${target}.${kernel} 2>&1 || \ + echo "${target} ${kernel} kernel failed," \ + "check _.${target}.${kernel} for details") .endfor @echo ">> ${target} completed on `LC_ALL=C date`" .endfor Modified: stable/6/sys/opencrypto/cryptosoft.c ============================================================================== --- stable/6/sys/opencrypto/cryptosoft.c Sun Jan 17 13:36:25 2010 (r202478) +++ stable/6/sys/opencrypto/cryptosoft.c Sun Jan 17 13:36:40 2010 (r202479) @@ -426,7 +426,16 @@ swcr_authprepare(struct auth_hash *axf, case CRYPTO_MD5_KPDK: case CRYPTO_SHA1_KPDK: { - /* We need a buffer that can hold an md5 and a sha1 result. */ + /* + * We need a buffer that can hold an md5 and a sha1 result + * just to throw it away. + * What we do here is the initial part of: + * ALGO( key, keyfill, .. ) + * adding the key to sw_ictx and abusing Final() to get the + * "keyfill" padding. + * In addition we abuse the sw_octx to save the key to have + * it to be able to append it at the end in swcr_authcompute(). + */ u_char buf[SHA1_RESULTLEN]; sw->sw_klen = klen; @@ -487,9 +496,17 @@ swcr_authcompute(struct cryptodesc *crd, case CRYPTO_MD5_KPDK: case CRYPTO_SHA1_KPDK: + /* If we have no key saved, return error. */ if (sw->sw_octx == NULL) return EINVAL; + /* + * Add the trailing copy of the key (see comment in + * swcr_authprepare()) after the data: + * ALGO( .., key, algofill ) + * and let Final() do the proper, natural "algofill" + * padding. + */ axf->Update(&ctx, sw->sw_octx, sw->sw_klen); axf->Final(aalg, &ctx); break;