[PATCH CIFS] use CryptoAPI MD4/MD5
Matt Mackall
mpm at selenic.com
Sun Oct 5 00:08:57 GMT 2003
On Sat, Oct 04, 2003 at 11:51:57AM -0700, dean gaudet wrote:
> On Sat, 4 Oct 2003, Matt Mackall wrote:
>
> > On Sat, Oct 04, 2003 at 11:00:01AM -0700, dean gaudet wrote:
> > > what about CryptoAPI is so expensive that you can't use a stack-based
> > > context?
> >
> > The alloc functions hide a bunch of module lookup details and the size
> > of the context structures vary from one alg to the next. They also
> > tend to hide block-sized buffers to deal with fragments. So it's a
> > little ugly but not insurmountable.
>
> by "block-sized" you mean like 64 bytes for MD5 and SHA1, 16 bytes for
> AES, and so forth? if so that's no biggie, those are already present
> in most simple library implementations of these algos. but if "block"
> means 4096 bytes then, aiee.
Cipher-block-sized.
> if module lookup is expensive then perhaps a much better api would be one
> which yields a module handle -- and the module handle can be used in a
> much less expensive allocator to create contexts where they're required.
> it seems that the module handle could be a read-only structure and
> therefore shared without locking.
Indeed, I've proposed such an interface.
> this CIFS patch alone replaces 89 lines with 250 lines of code!
My experience is that aside from the context allocation/locking
issues, the thing is otherwise pretty painless to work with.
--
Matt Mackall : http://www.selenic.com : of or relating to the moon
More information about the samba-technical
mailing list