Author: tuexen Date: Thu Nov 7 18:50:11 2013 New Revision: 257804 URL: http://svnweb.freebsd.org/changeset/base/257804
Log: Get rid of the artification limitation enforced by SCTP_AUTH_RANDOM_SIZE_MAX. This was suggested by Andrew Galante. MFC after: 3 days Modified: head/sys/netinet/sctp_auth.c head/sys/netinet/sctp_auth.h Modified: head/sys/netinet/sctp_auth.c ============================================================================== --- head/sys/netinet/sctp_auth.c Thu Nov 7 17:08:09 2013 (r257803) +++ head/sys/netinet/sctp_auth.c Thu Nov 7 18:50:11 2013 (r257804) @@ -333,10 +333,6 @@ sctp_generate_random_key(uint32_t keylen { sctp_key_t *new_key; - /* validate keylen */ - if (keylen > SCTP_AUTH_RANDOM_SIZE_MAX) - keylen = SCTP_AUTH_RANDOM_SIZE_MAX; - new_key = sctp_alloc_key(keylen); if (new_key == NULL) { /* out of memory */ @@ -374,7 +370,7 @@ sctp_compare_key(sctp_key_t * key1, sctp uint32_t i; uint32_t key1len, key2len; uint8_t *key_1, *key_2; - uint8_t temp[SCTP_AUTH_RANDOM_SIZE_MAX]; + uint8_t val1, val2; /* sanity/length check */ key1len = sctp_get_keylen(key1); @@ -386,38 +382,24 @@ sctp_compare_key(sctp_key_t * key1, sctp else if (key2len == 0) return (1); - if (key1len != key2len) { - if (key1len >= key2len) - maxlen = key1len; - else - maxlen = key2len; - bzero(temp, maxlen); - if (key1len < maxlen) { - /* prepend zeroes to key1 */ - bcopy(key1->key, temp + (maxlen - key1len), key1len); - key_1 = temp; - key_2 = key2->key; - } else { - /* prepend zeroes to key2 */ - bcopy(key2->key, temp + (maxlen - key2len), key2len); - key_1 = key1->key; - key_2 = temp; - } + if (key1len < key2len) { + maxlen = key2len; } else { maxlen = key1len; - key_1 = key1->key; - key_2 = key2->key; } - + key_1 = key1->key; + key_2 = key2->key; + /* check for numeric equality */ for (i = 0; i < maxlen; i++) { - if (*key_1 > *key_2) + /* left-pad with zeros */ + val1 = (i < (maxlen - key1len)) ? 0 : *(key_1++); + val2 = (i < (maxlen - key2len)) ? 0 : *(key_2++); + if (val1 > val2) { return (1); - else if (*key_1 < *key_2) + } else if (val1 < val2) { return (-1); - key_1++; - key_2++; + } } - /* keys are equal value, so check lengths */ if (key1len == key2len) return (0); Modified: head/sys/netinet/sctp_auth.h ============================================================================== --- head/sys/netinet/sctp_auth.h Thu Nov 7 17:08:09 2013 (r257803) +++ head/sys/netinet/sctp_auth.h Thu Nov 7 18:50:11 2013 (r257804) @@ -46,7 +46,6 @@ __FBSDID("$FreeBSD$"); /* random sizes */ #define SCTP_AUTH_RANDOM_SIZE_DEFAULT 32 #define SCTP_AUTH_RANDOM_SIZE_REQUIRED 32 -#define SCTP_AUTH_RANDOM_SIZE_MAX 256 /* union of all supported HMAC algorithm contexts */ typedef union sctp_hash_context { _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"