From f33b8c1e8d66f959f124331aaf2cefe68682139a Mon Sep 17 00:00:00 2001
From: bz <bz@FreeBSD.org>
Date: Wed, 28 Jan 2009 15:31:16 +0000
Subject: [PATCH] While OpenBSD's crypto/ framework has sha1 and md5
 implementations that can cope with a result buffer of NULL in the "Final"
 function, we cannot. Thus pass in a temporary buffer long enough for either
 md5 or sha1 results so that we do not panic.

PR:		bin/126468
MFC after:	1 week
---
 sys/opencrypto/cryptosoft.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index 6a802a1f062c..606746595d1c 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -433,12 +433,17 @@ swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key,
 		break;
 	case CRYPTO_MD5_KPDK:
 	case CRYPTO_SHA1_KPDK:
+	{
+		/* We need a buffer that can hold an md5 and a sha1 result. */
+		u_char buf[SHA1_RESULTLEN];
+
 		sw->sw_klen = klen;
 		bcopy(key, sw->sw_octx, klen);
 		axf->Init(sw->sw_ictx);
 		axf->Update(sw->sw_ictx, key, klen);
-		axf->Final(NULL, sw->sw_ictx);
+		axf->Final(buf, sw->sw_ictx);
 		break;
+	}
 	default:
 		printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d "
 		    "doesn't use keys.\n", __func__, axf->type);