[OPEN-ILS-DEV] PATCH: SHA1 using GNUTLS

Jason Stephenson jstephenson at mvlc.org
Thu Dec 24 19:44:49 EST 2009 

Quoting Scott McKellar <mck9 at swbell.net>:

>
>
> Thanks for the Christmas present.

You're welcome and thanks for looking at it.

>
> I've taken a look at the code but I haven't tried to run it.  So far
> it doesn't look like a drop-in replacement for the present shahash(),
> for two reasons:
>
> 1. It returns a 20-byte binary buffer (plus terminal nul) rather than
> a 40-byte hex string (plus terminal nul).

I just noticed this myself. I took a couple of minutes between dinner  
and dessert tonight and looked at the patch again. That was when I  
realized that the current shahash is returning the hash as a hex  
string. That's easily fixed in my code by doing a loop similar to the  
one in the existing strprintsha() function.


>
> 2. It returns a pointer to a dynamically allocated buffer, that the
> caller needs to free, instead of a pointer to a static internal buffer.
> This is arguably a better design but will leak memory unless the calling
> code is changed accordingly.

I actually missed that strprintsha() is writing to a static buffer. I  
saw the malloc() in shahash and remembered you talking about the  
return value not being checked and just made some (erroneous)  
assumptions there.

>
> Both of these issues can be readily resolved.  You've done the main
> legwork and I can do the rest.  Instead of overwriting shahash()
> directly I shall probably create a new function with a different name,
> and replace each call one at a time.
>
> As for MD5: I think the reason that's a little messier is that the
> existing code is designed for incremental hashing -- you feed it a
> series of chunks, and get the final result after the last chunk.
>
> In practice, we only feed it one chunk at a time anyway, in the function
> md5sum (in utils.c).  For our purposes we can probably use the same
> approach for MD5 that you have used for SHA1.
>
> It may be a while before any of this shows up in trunk.  For one thing,
> I want to take at least a cursory look at the gnutls source code to
> look for portability issues.  Then there's testing.  but it will get
> there, barring unexpected problems.  Thanks again.
>
> Scott McKellar
>
>

Cheers,
Jason Stephenson

More information about the Open-ils-dev mailing list