Hi Martin, 2014-07-11 13:51 GMT+02:00 Martin Willi <[email protected]>: > Christophe, > >> However, the hash calculation is not reentrant because a single hasher >> is used for the whole IKE SA manager. It leads to bogus calculations >> under high load > > I agree, this bug should be addressed. Some hasher implementations, such > as the default, actually store hash context on the stack, so this is an > issue for IKEv1 only. Others, such as the one from the openssl plugin, > does not and can't handle multiple simultaneous users. > >> Don't share a single hasher in the IKE SA manager, create a transient >> one whenever a message must be hashed. > > Thanks for the patch, looks good. Not sure if it would be better > performance-wise to use locking instead, but I'm fine with that > approach. > >> - return FALSE; >> + goto end; > > I'm no fan of goto-programming, hence I took the liberty to adjust your > patch slightly [1].
Agreed, the manner you used is more elegant. > Queued for mainline. Great, thanks. Christophe > Regards > Martin > > [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=595389f9 _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
