changes to des.h

Michael Richardson Wed, 17 Oct 2001 18:25:15 -0700

-----BEGIN PGP SIGNED MESSAGE-----


  I'm in the process of cleaning up some of the FreeSWAN IPsec kernel code.
  I'm CC'ing Eric because he may still care, and openssl-dev since I suspect
that they are the current maintainers of the code.

  Specifically dealing with testing of various pieces of code. I was looking
around our key scheduling code, and the related error checking.

  One piece of code that bothered me was in our key scheduling
(freeswan-1.91, klips/net/ipsec/pfkey_v2_parser.c, line 1106)

        error = des_set_key((caddr_t)ekp + EMT_ESPDES_KEY_SZ * i,
                            (caddr_t)&((struct des_eks*)(tdbp->tdb_key_e))[i]);

  I wondered why we were casting to caddr_t, and why in the world we didn't
include des.h to get a proper prototype (we had a local prototype), and why
do we define "struct des_eks" instead of using des_key_schedule.
  [Our des.h is:  Copyright (C) 1995-1997 Eric Young ([EMAIL PROTECTED]),
although it appears the same in a recent openssl as found in NetBSD source]
 
  I've since understood.

  des_key_schedule is a pointer. 
  Despite the typedef at the top of des.h, it is in fact a pointer.
  So, one can't really really cast the "tdb_key_e" (which is the algorithm
neutral pointer to the keying material) to "des_key_schedule *", and access
the three pieces of the 3DES key. 
  Thus "struct des_eks" that we created that was in fact a char[16][2].
  
  My suggestion:

change the typedef, (or probably, add a new one):

  struct des_ks_struct
        {
        union   {
                des_cblock _;
                /* make sure things are correct size on machines with
                 * 8 byte longs */
                DES_LONG pad[2];
                } ks[16];
        };

  typedef struct des_ks_struct * des_key_schedule;

  Our copy also has this ghastly:

#undef _
#define _       ks._

  which I see is gone from a more recent des.h.

  This let us include des.h and use "struct des_ks_struct" as our object.
  
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBO84ziIqHRg3pndX9AQFsPwQAno6Onn6ollkSOl3BDMK9lP/5Gc2MhdEx
iNvVHM4h5BWmtqlcHVlXe9Kmwk9xwX7VePZtnIesBoL+qCg0aiV0A3mFFY29mXYW
DkUaG024VeSkdGQuyhNRO6CIPWIVNo1mrNVgtaTjmfca1I2kjLfUULsvlom9nfVW
z8Vo7HZQiXM=
=zLS8
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

changes to des.h

Reply via email to