md5sum makes unaligned word accesses...

Andre armcc2000 at yahoo.com
Fri May 12 23:49:43 UTC 2006


--- Rob Landley <rob at landley.net> wrote:
> On Friday 12 May 2006 4:56 am, Andre wrote:
> >
> > Allocating a bounce buffer in md5_hash_block() would be a
> > solution if md5_hash_block() really needs to be public (it used
> > to be static in 1.1.0 ??)
> 
> My stalled passwd cleanup (too late to get it into 1.2.0) is
> calling that and sha1sum directly.  Then you can configure out
> support for legacy crypt and don't need libcrypt at all.

Any reason why your passwd cleanup can't use the higher level
function md5_hash_bytes() ??

Calling right down to the lowest level block transform function seems
like a pointless way to save a few cycles - not to mention being
broken if you ever need to hash data which doesn't come in an exact
multiple of the 64 bytes...

Actually, the current md5_hash(), md5_hash_bytes() and
md5_hash_block() API is broken anyway (regardless of alignment
issues). Mixing calls to md5_hash_bytes() and md5_hash_block() isn't
safe unless (ctx->buflen == 0) at the point you switch from the
former to the later. md5_hash() contains no such check.

Instead of 3 functions to do almost the same thing, maybe it would be
better to have a single function with no implicit restrictions on
input buffer length (or alignment) ??

Andre
--



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the busybox mailing list