minor flaws

[Juergen Buchmueller]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I sent these to the maintainers of the respective source (obriend and phk) 
some days ago. I think my mails were hidden by some noise.

The first flaw was imported from OpenBSD and is confirmed and fixed there. The 
second is a FBSD only source.

*** sys/crypt/sha2/sha2.c
Replace all 6 occurences of
	bzero(context, sizeof(context));
with
	bzero(context, sizeof(*context));
As it is now, you're zapping only the first 4 bytes of context, i.e. 
sizeof(pointer), not the entire context.

*** sys/dev/random/randomdev.c
in the function random_write_internal(void *buf, int count);

I think there's a leak, where parts of the "void *buf" would be inserted into 
the entropy harvest list. The leaking would happen whenever "int count" was 
less than HARVESTSIZE. In this case the first loop would still put a chunk of 
HARVESTSIZE bytes into the list... reading beyond what it was told to do.

To make the code much simpler I'd suggest to write it like this:

static void
random_write_internal(void *buf, int count)
{
    int i;

    /* Break the input up into HARVESTSIZE chunks.
     * The writer has too much control here, so "estimate" the
     * the entropy as zero.
     */
    for (i = 0; i < count; i += HARVESTSIZE) {
        u_int chunk = HARVESTSIZE;
        if (i + chunk >= count)
            chunk = (u_int)(count - i);
        random_harvest_internal(get_cyclecount(), (char *)buf + i,
            chunk, 0, 0, RANDOM_WRITE);
    }
}

I'm not sure if "buf" can contain anything else but zeroes beyond "count", so 
changing the code might not be too important. You decide :)

HTH
Ciao,
Juergen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/V7slpazEcUzoV+ARAuXNAJ4xc1HltrvdiYNGgFILZoro6f1fNACfRxG/
IAES9wqQGPKm1FwCO+H5rR8=
=+c24
-----END PGP SIGNATURE-----