Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 17 Jan 2010 13:36:40 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org
Subject:   svn commit: r202479 - in stable/6: . sys/opencrypto
Message-ID:  <201001171336.o0HDaesC037761@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bz
Date: Sun Jan 17 13:36:40 2010
New Revision: 202479
URL: http://svn.freebsd.org/changeset/base/202479

Log:
  MFC r201898:
    Add comments trying to explain what bad things happen here, i.e.
    how hashed MD5/SHA are implemented, abusing Final() for padding and
    sw_octx to transport the key from the beginning to the end.
  
    Enlightened about what was going on here by: cperciva
    Reviewed by:  cperciva

Modified:
  stable/6/Makefile   (contents, props changed)
  stable/6/sys/opencrypto/cryptosoft.c
Directory Properties:
  stable/6/sys/   (props changed)
  stable/6/sys/contrib/pf/   (props changed)
  stable/6/sys/dev/cxgb/   (props changed)

Modified: stable/6/Makefile
==============================================================================
--- stable/6/Makefile	Sun Jan 17 13:36:25 2010	(r202478)
+++ stable/6/Makefile	Sun Jan 17 13:36:40 2010	(r202479)
@@ -262,12 +262,14 @@ make: .PHONY
 # existing system is.
 #
 .if make(universe)
+TARGETS?=alpha amd64 i386 ia64 pc98 powerpc sparc64
+
 universe: universe_prologue
 universe_prologue:
 	@echo "--------------------------------------------------------------"
 	@echo ">>> make universe started on ${STARTTIME}"
 	@echo "--------------------------------------------------------------"
-.for target in alpha amd64 i386 ia64 pc98 powerpc sparc64
+.for target in ${TARGETS}
 KERNCONFS!=	cd ${.CURDIR}/sys/${target}/conf && \
 		find [A-Z]*[A-Z] -type f -maxdepth 0 \
 		! -name DEFAULTS ! -name LINT
@@ -275,22 +277,30 @@ KERNCONFS:=	${KERNCONFS:S/^NOTES$/LINT/}
 universe: universe_${target}
 .ORDER: universe_prologue universe_${target} universe_epilogue
 universe_${target}:
+.if !defined(MAKE_JUST_KERNELS)
 	@echo ">> ${target} started on `LC_ALL=C date`"
-	-cd ${.CURDIR} && ${MAKE} ${JFLAG} buildworld \
+	@(cd ${.CURDIR} && env __MAKE_CONF=/dev/null \
+	    ${MAKE} ${JFLAG} buildworld \
 	    TARGET=${target} \
-	    __MAKE_CONF=/dev/null \
-	    > _.${target}.buildworld 2>&1
+	    > _.${target}.buildworld 2>&1 || \
+	    echo "${target} world failed," \
+	    "check _.${target}.buildworld for details")
 	@echo ">> ${target} buildworld completed on `LC_ALL=C date`"
+.endif
 .if exists(${.CURDIR}/sys/${target}/conf/NOTES)
-	-cd ${.CURDIR}/sys/${target}/conf && ${MAKE} LINT \
-	    > ${.CURDIR}/_.${target}.makeLINT 2>&1
+	@(cd ${.CURDIR}/sys/${target}/conf && env __MAKE_CONF=/dev/null \
+	    ${MAKE} LINT > ${.CURDIR}/_.${target}.makeLINT 2>&1 || \
+	    echo "${target} 'make LINT' failed," \
+	    "check _.${target}.makeLINT for details")
 .endif
 .for kernel in ${KERNCONFS}
-	-cd ${.CURDIR} && ${MAKE} ${JFLAG} buildkernel \
+	@(cd ${.CURDIR} && env __MAKE_CONF=/dev/null \
+	    ${MAKE} ${JFLAG} buildkernel \
 	    TARGET=${target} \
 	    KERNCONF=${kernel} \
-	    __MAKE_CONF=/dev/null \
-	    > _.${target}.${kernel} 2>&1
+	    > _.${target}.${kernel} 2>&1 || \
+	    echo "${target} ${kernel} kernel failed," \
+	    "check _.${target}.${kernel} for details")
 .endfor
 	@echo ">> ${target} completed on `LC_ALL=C date`"
 .endfor

Modified: stable/6/sys/opencrypto/cryptosoft.c
==============================================================================
--- stable/6/sys/opencrypto/cryptosoft.c	Sun Jan 17 13:36:25 2010	(r202478)
+++ stable/6/sys/opencrypto/cryptosoft.c	Sun Jan 17 13:36:40 2010	(r202479)
@@ -426,7 +426,16 @@ swcr_authprepare(struct auth_hash *axf, 
 	case CRYPTO_MD5_KPDK:
 	case CRYPTO_SHA1_KPDK:
 	{
-		/* We need a buffer that can hold an md5 and a sha1 result. */
+		/* 
+		 * We need a buffer that can hold an md5 and a sha1 result
+		 * just to throw it away.
+		 * What we do here is the initial part of:
+		 *   ALGO( key, keyfill, .. )
+		 * adding the key to sw_ictx and abusing Final() to get the
+		 * "keyfill" padding.
+		 * In addition we abuse the sw_octx to save the key to have
+		 * it to be able to append it at the end in swcr_authcompute().
+		 */
 		u_char buf[SHA1_RESULTLEN];
 
 		sw->sw_klen = klen;
@@ -487,9 +496,17 @@ swcr_authcompute(struct cryptodesc *crd,
 
 	case CRYPTO_MD5_KPDK:
 	case CRYPTO_SHA1_KPDK:
+		/* If we have no key saved, return error. */
 		if (sw->sw_octx == NULL)
 			return EINVAL;
 
+		/*
+		 * Add the trailing copy of the key (see comment in
+		 * swcr_authprepare()) after the data:
+		 *   ALGO( .., key, algofill )
+		 * and let Final() do the proper, natural "algofill"
+		 * padding.
+		 */
 		axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
 		axf->Final(aalg, &ctx);
 		break;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001171336.o0HDaesC037761>