svn commit: r202475 - stable/7/sys/opencrypto

[Bjoern A. Zeeb]

Author: bz
Date: Sun Jan 17 13:31:48 2010
New Revision: 202475
URL: http://svn.freebsd.org/changeset/base/202475

Log:
  MFC r187826:
    While OpenBSD's crypto/ framework has sha1 and md5 implementations that
    can cope with a result buffer of NULL in the "Final" function, we cannot.
    Thus pass in a temporary buffer long enough for either md5 or sha1 results
    so that we do not panic.
  
  PR:		bin/126468
  Reviewed by:	cperciva

Modified:
  stable/7/sys/opencrypto/cryptosoft.c
Directory Properties:
  stable/7/sys/   (props changed)
  stable/7/sys/cddl/contrib/opensolaris/   (props changed)
  stable/7/sys/contrib/dev/acpica/   (props changed)
  stable/7/sys/contrib/pf/   (props changed)

Modified: stable/7/sys/opencrypto/cryptosoft.c
==============================================================================
--- stable/7/sys/opencrypto/cryptosoft.c	Sun Jan 17 13:28:25 2010	(r202474)
+++ stable/7/sys/opencrypto/cryptosoft.c	Sun Jan 17 13:31:48 2010	(r202475)
@@ -429,12 +429,17 @@ swcr_authprepare(struct auth_hash *axf, 
 		break;
 	case CRYPTO_MD5_KPDK:
 	case CRYPTO_SHA1_KPDK:
+	{
+		/* We need a buffer that can hold an md5 and a sha1 result. */
+		u_char buf[SHA1_RESULTLEN];
+
 		sw->sw_klen = klen;
 		bcopy(key, sw->sw_octx, klen);
 		axf->Init(sw->sw_ictx);
 		axf->Update(sw->sw_ictx, key, klen);
-		axf->Final(NULL, sw->sw_ictx);
+		axf->Final(buf, sw->sw_ictx);
 		break;
+	}
 	default:
 		printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d "
 		    "doesn't use keys.\n", __func__, axf->type);