[Linux-ha-dev] Re: [Linux-ha-cvs] Linux-HA CVS: lib by alan from 24.221.212.80

Alan Robertson alanr at unix.sh
Fri Sep 10 15:15:19 MDT 2004 

Lars Marowsky-Bree wrote:
> On 2004-09-10T01:55:42,
>    linux-ha-cvs at lists.community.tummy.com said:
> 
> 
>>linux-ha CVS committal
>>
>>Author  : alan
>>Host    : 24.221.212.80
>>Project : linux-ha
>>Module  : lib
>>
>>Dir     : linux-ha/lib/plugins/HBauth
>>
>>
>>Modified Files:
>>	md5.c 
>>
>>
>>Log Message:
>>BEAM FIX:  Parameters to MD5 hash macros were not properly parenthesized
>>
>>IMPORTANT:  If you see this fix please verify that it is correct.
>>
>>IMPORTANT:  If you see this fix please verify that it is correct.
>>
>>IMPORTANT:  If you see this fix please verify that it is correct.
> 
> 
> Hmmm, triple redundancy, I think I got the message.
> 
> 
>>	If we ship this wrong, many people will have problems.
>>
>>In fact, if it's right, and the old code generated incorrect code, then
>>we still have a problem on our hands.
>>
>>This would mean the old md5.o file was cryptographically unsound or
>>at least unproven, and the new one is necessarily incompatible with it.
>>This will mean we have to test mixed environments of old and new code
>>to know for sure.
> 
> 
> I think the fix is right. However, after reading the old code, I'm also
> confident that it generated correct code, as it was clearly not passed
> any potential troublesome parameters which could have screwed up the
> macro expansion.
> 
> Comparing the old code to the new one suggests that it is exactly
> equivalent.
> 
> 
>>===================================================================
>>RCS file: /home/cvs/linux-ha/linux-ha/lib/plugins/HBauth/md5.c,v
>>retrieving revision 1.10
>>retrieving revision 1.11
>>diff -u -3 -r1.10 -r1.11
>>--- md5.c	17 Feb 2004 22:11:59 -0000	1.10
>>+++ md5.c	10 Sep 2004 01:55:42 -0000	1.11
>>@@ -1,4 +1,4 @@
>>-/* $Id: md5.c,v 1.10 2004/02/17 22:11:59 lars Exp $ */
>>+/* $Id: md5.c,v 1.11 2004/09/10 01:55:42 alan Exp $ */
>> /*
>>  * This code implements the MD5 message-digest algorithm.
>>  * The algorithm is due to Ron Rivest.  This code was
>>@@ -242,14 +242,14 @@
>> /* The four core functions - F1 is optimized somewhat */
>> 
>> /* #define F1(x, y, z) (x & y | ~x & z) */
>>-#define F1(x, y, z) (z ^ (x & (y ^ z)))
>>+#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
>> #define F2(x, y, z) F1(z, x, y)
>>-#define F3(x, y, z) (x ^ y ^ z)
>>-#define F4(x, y, z) (y ^ (x | ~z))
>>+#define F3(x, y, z) ((x) ^ (y) ^ (z))
>>+#define F4(x, y, z) ((y) ^ ((x) | ~(z)))
>> 
>> /* This is the central step in the MD5 algorithm. */
>> #define MD5STEP(f,w,x,y,z,in,s) \
>>-	 (w += f(x,y,z) + in, w = (w<<s | w>>(32-s)) + x)
>>+	 (w += f(x,y,z) + (in), (w) = ((w)<<(s) | (w)>>(32-(s))) + (x))
> 
> 
> While we are on the topic of nitpicking, it may be appropriate to use
> f((x),(y),(z)) if we want to be that paranoid ;-)

Actually not necessary, since this check will get handled in the next lower 
function ;-)




-- 
     Alan Robertson <alanr at unix.sh>

"Openness is the foundation and preservative of friendship...  Let me claim 
from you at all times your undisguised opinions." - William Wilberforce

More information about the Linux-HA-Dev mailing list