D. Hugh Redelmeier hugh at mimosa.com
Fri Jul 24 09:23:37 EEST 2015

| From: Andrew Cagney <andrew.cagney at gmail.com>
| Did you consider deleting most of the macros (and instead in-lining
| the values used to constructing 'struct hash_desc' entries)?
| It would help take away some of the temptation to use those macros
| when code should be using 'struct hash_desc' fields.

I thought about it but I wasn't bold enough.  I actually think that
this would be an improvement.  So I've done it.

This required dealing with a case I don't really understand: sizing
the ckaid array in struct RSA_private_key.  It has to be large enough
to take the result of PK11_GetLowLevelKeyIDForCert.  I don't know of
documentation that would tell me what that size should be.  So I
hardwired 64, replacing HMAC_RFC2104_BLOCKSIZE (which isn't obviously
correct).  Do you know what the bound should be?

| I guess MAX_HMAC_BLOCKSIZE (paired with passert(hash_desc->xxx <=
| MAX_HMAC_BLOCKSIZE)) is a convenience we live with.

Yes, I just added those passerts.  There might be a more efficient

More information about the Swan-dev mailing list