The unified diff between revisions [5466dca0..] and [a3802f74..] is displayed below. It can also be downloaded as a raw diff.

#
#
# patch "src/wccp2.c"
#  from [76558b486cfbc63ff101f3b65efd60c49956b0b5]
#    to [a1761d5b6b937698f6ddfd87488c885f730d2adb]
#
============================================================
--- src/wccp2.c	76558b486cfbc63ff101f3b65efd60c49956b0b5
+++ src/wccp2.c	a1761d5b6b937698f6ddfd87488c885f730d2adb
@@ -386,11 +386,18 @@ char
  * This should be tidied up later on.
  */
 char
-wccp2_update_md5_security(char *packet, int len)
+wccp2_update_md5_security(char *password, char *packet, int len)
 {
+	u_int8_t md5_digest[16];
+	char pwd[8];
+	MD5_CTX M;
 	struct wccp2_security_md5_t *ws;
 	char *p = packet + 8;	/* Skip the 8-byte Type/version/length header */

+	/* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */
+	bzero(pwd, sizeof(pwd));
+	strncpy(pwd, password, sizeof(pwd));
+	/* Search for the security section */
 	while (p < (packet+len)) {
 		/* p should point at the type/length header */
 		ws = (struct wccp2_security_md5_t *) p;
@@ -404,16 +411,18 @@ wccp2_update_md5_security(char *packet,
 			return 0;
 		}
 		/* And now its the MD5 section! */
-
-		/* Zero the Security implementation part */
-		bzero(ws->security_implementation, sizeof(ws->security_implementation));
-
 		/* According to the draft, the MD5 security hash is the combination of
 		 * the 8-octet password (padded w/ NUL bytes) and the entire WCCP packet,
 		 * including the WCCP message header. The WCCP security implementation
 		 * area should be zero'ed before calculating the MD5 hash.
 		 */
-
+		/* XXX eventually we should be able to kill md5_digest and blit it directly in */
+		bzero(ws->security_implementation, sizeof(ws->security_implementation));
+		MD5Init(&M);
+		MD5Update(&M, pwd, 8);
+		MD5Update(&M, packet, len);
+		MD5Final(md5_digest, &M);
+		memcpy(ws->security_implementation, md5_digest, sizeof(md5_digest));
 		/* Finished! */
 		return 1;
 	}