|
We are currently modifying OpenSSL to use a different crypto
lib (for license and export reasons). In the process, we have discovered a few
places where the SSL code depends on the way the crypto lib works. This patch
addresses one of those issues.
Basically, in tls1_P_hash() (in ssl/t1_enc.c), the assumption
is made that an HMAC_CTX can be used multiple times by simply memcpy'ing it into
a temporary structure. This works if the context is a complete
representation of the entire state of the HMAC. It may not work if the ctx
has pointers or references to additional information that is not copied by this
process (as is the case with the crypto lib we are using). This problem is
fairly simple to fix in this case because the temporary context can simply be
computed along side the other rather than memcpy to it. (This may be slightly
less efficient, but is certainly a cleaner implementation.)
This patch also includes a couple of fixes to code that use
HMAC, but never call HMAC_cleanup. This is critical, again, if the HMAC_CTX
contains any references to other objects that must be cleaned up.
Note that this patch has also been sent to: [EMAIL PROTECTED].
I hope that I have submitted this patch correctly. Please let
me know if there is anything more I need to do. I hope the diff is OK. I am
developing on Windows 2000 and my version of diff does not have a -u option. I
hope the slightly different format is OK.
Any questions, comments or concerns, please contact me.
Thanks.
Verdon Walker
(801) 861-2633 [EMAIL PROTECTED] Novell Inc., the leading provider of Net Services Software www.novell.com |
diff.out- Re: [PATCH] HMAC Processing Verdon Walker
- Re: [PATCH] HMAC Processing Dr S N Henson
- Re: [PATCH] HMAC Processing Verdon Walker
