[freenet-cvs] r17343 - trunk/freenet/src/freenet/node
nextgens at freenetproject.org
nextgens at freenetproject.org
Mon Jan 28 10:22:33 UTC 2008
Author: nextgens
Date: 2008-01-28 10:22:33 +0000 (Mon, 28 Jan 2008)
New Revision: 17343
Modified:
trunk/freenet/src/freenet/node/FNPPacketMangler.java
Log:
JFK: explain why we are doing the things right ... and why we are immune to hashmap DoSes (https://bugs.freenetproject.org/view.php?id=1604)
Modified: trunk/freenet/src/freenet/node/FNPPacketMangler.java
===================================================================
--- trunk/freenet/src/freenet/node/FNPPacketMangler.java 2008-01-28 09:31:08 UTC (rev 17342)
+++ trunk/freenet/src/freenet/node/FNPPacketMangler.java 2008-01-28 10:22:33 UTC (rev 17343)
@@ -1034,8 +1034,8 @@
System.arraycopy(payload, inputOffset, authenticator, 0, HASH_LENGTH);
inputOffset += HASH_LENGTH;
- // FIXME: check the cache before or after the hmac verification ?
- // is it cheaper to wait for the lock on authenticatorCache or to verify the hmac ?
+ // We *WANT* to check the hmac before we do the lookup on the hashmap
+ // @see https://bugs.freenetproject.org/view.php?id=1604
HMAC mac = new HMAC(SHA256.getInstance());
if(!mac.verify(getTransientKey(), assembleJFKAuthenticator(responderExponential, initiatorExponential, nonceResponder, nonceInitiator, replyTo.getAddress().getAddress()) , authenticator)) {
if(shouldLogErrorInHandshake(t1))
More information about the cvs
mailing list