[{"id":1752659,"web_url":"http://patchwork.ozlabs.org/comment/1752659/","msgid":"<447946d5-a124-f96b-83bb-80b446c16ecf@denx.de>","list_archive_url":null,"date":"2017-08-21T10:36:43","subject":"Re: [swupdate] [PATCH resent 1/2] crypt: add support for using salt","submitter":{"id":5771,"url":"http://patchwork.ozlabs.org/api/people/5771/","name":"Stefano Babic","email":"sbabic@denx.de"},"content":"On 17/08/2017 16:15, Christian Storm wrote:\n> Support OpenSSL symmetric image encryption using salt. For backwards\n> compatibility, also support symmetric image encryption without salt.\n> \n> Signed-off-by: Christian Storm \n> ---\n> core/cpio_utils.c | 4 +++-\n> core/util.c | 53 ++++++++++++++++++++++++++++++++---------\n> corelib/swupdate_decrypt.c | 20 ++++++++++++++--\n> doc/source/encrypted_images.rst | 28 ++++++++++++++--------\n> include/sslapi.h | 4 ++--\n> include/util.h | 1 +\n> 6 files changed, 84 insertions(+), 26 deletions(-)\n> \n> diff --git a/core/cpio_utils.c b/core/cpio_utils.c\n> index 7834a89..c3df86f 100644\n> --- a/core/cpio_utils.c\n> +++ b/core/cpio_utils.c\n> @@ -130,6 +130,7 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi\n> \tunsigned int md_len = 0;\n> \tunsigned char *aes_key;\n> \tunsigned char *ivt;\n> +\tunsigned char *salt;\n> \n> \tif (!callback) {\n> \t\tcallback = copy_write;\n> @@ -166,7 +167,8 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi\n> \n> \t\taes_key = get_aes_key();\n> \t\tivt = get_aes_ivt();\n> -\t\tdcrypt = swupdate_DECRYPT_init(aes_key, ivt);\n> +\t\tsalt = get_aes_salt();\n> +\t\tdcrypt = swupdate_DECRYPT_init(aes_key, ivt, salt);\n> \t\tif (!dcrypt) {\n> \t\t\tERROR(\"decrypt initialization failure, aborting\");\n> \t\t\tret = -EFAULT;\n> diff --git a/core/util.c b/core/util.c\n> index fc8e282..b714f29 100644\n> --- a/core/util.c\n> +++ b/core/util.c\n> @@ -31,9 +31,15 @@\n> #include \"util.h\"\n> #include \"generated/autoconf.h\"\n> \n> +/*\n> + * key is 256 bit for aes_256\n> + * ivt is 128 bit\n> + * salt is 64 bit\n> + */\n> struct decryption_key {\n> \tunsigned char key[32];\n> \tunsigned char ivt[16];\n> +\tunsigned char salt[8];\n> };\n> \n> static struct decryption_key *aes_key = NULL;\n> @@ -276,6 +282,10 @@ static int ascii_to_bin(unsigned char *hash, const char *s, size_t len)\n> \tunsigned int i;\n> \tunsigned int val;\n> \n> +\tif (s == NULL) {\n> +\t\treturn 0;\n> +\t}\n> +\n> \tif (len % 2)\n> \t\treturn -EINVAL;\n> \tif (strlen(s) == len) {\n> @@ -339,14 +349,29 @@ int count_elem_list(struct imglist *list)\n> int load_decryption_key(char *fname)\n> {\n> \tFILE *fp;\n> -\tchar *b1, *b2;\n> +\tchar *b1 = NULL, *b2 = NULL, *b3 = NULL;\n> \tint ret;\n> \n> \tfp = fopen(fname, \"r\");\n> \tif (!fp)\n> \t\treturn -EBADF;\n> \n> -\tret = fscanf(fp, \"%ms %ms\", &b1, &b2);\n> +\tret = fscanf(fp, \"%ms %ms %ms\", &b1, &b2, &b3);\n> +\tswitch (ret) {\n> +\t\tcase 2:\n> +\t\t\tb3 = NULL;\n> +\t\t\tDEBUG(\"Read decryption key and initialization vector from file %s.\", fname);\n> +\t\t\tbreak;\n> +\t\tcase 3:\n> +\t\t\tDEBUG(\"Read decryption key, initialization vector, and salt from file %s.\", fname);\n> +\t\t\tbreak;\n> +\t\tdefault:\n> +\t\t\tif (b1 != NULL)\n> +\t\t\t\tfree(b1);\n> +\t\t\tfprintf(stderr, \"File with decryption key is not in the format nor \\n\");\n> +\t\t\tfclose(fp);\n> +\t\t\treturn -EINVAL;\n> +\t}\n> \tfclose(fp);\n> \n> \tif (aes_key)\n> @@ -356,16 +381,16 @@ int load_decryption_key(char *fname)\n> \tif (!aes_key)\n> \t\treturn -ENOMEM;\n> \n> -\tif (ret != 2) {\n> -\t\tfprintf(stderr, \"File with decryption key is in the format \\n\");\n> -\t\treturn -EINVAL;\n> -\t}\n> +\tret = ascii_to_bin(aes_key->key, b1, sizeof(aes_key->key) * 2) |\n> +\t ascii_to_bin(aes_key->ivt, b2, sizeof(aes_key->ivt) * 2) |\n> +\t ascii_to_bin(aes_key->salt, b3, sizeof(aes_key->salt) * 2);\n> \n> -\t/*\n> -\t * Key is for aes_256, it must be 256 bit\n> -\t * and IVT is 128 bit\n> -\t */\n> -\tret = ascii_to_bin(aes_key->key, b1, 64) | ascii_to_bin(aes_key->ivt, b2, 32); \n> +\tif (b1 != NULL)\n> +\t\tfree(b1);\n> +\tif (b2 != NULL)\n> +\t\tfree(b2);\n> +\tif (b3 != NULL)\n> +\t\tfree(b3);\n> \n> \tif (ret) {\n> \t\tfprintf(stderr, \"Keys are invalid\\n\");\n> @@ -387,6 +412,12 @@ unsigned char *get_aes_ivt(void) {\n> \treturn aes_key->ivt;\n> }\n> \n> +unsigned char *get_aes_salt(void) {\n> +\tif (!aes_key)\n> +\t\treturn NULL;\n> +\treturn aes_key->salt;\n> +}\n> +\n> char** string_split(char* s, const char d)\n> {\n> \tchar** result = 0;\n> diff --git a/corelib/swupdate_decrypt.c b/corelib/swupdate_decrypt.c\n> index 8e092c8..24a6c5c 100644\n> --- a/corelib/swupdate_decrypt.c\n> +++ b/corelib/swupdate_decrypt.c\n> @@ -28,7 +28,7 @@\n> #include \"sslapi.h\"\n> #include \"util.h\"\n> \n> -struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv)\n> +struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv, unsigned char *salt)\n> {\n> \tstruct swupdate_digest *dgst;\n> \tint ret;\n> @@ -38,11 +38,27 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char\n> \t\treturn NULL;\n> \t}\n> \n> +\tconst EVP_CIPHER *cipher = EVP_aes_256_cbc();\n> +\n> \tdgst = calloc(1, sizeof(*dgst));\n> \tif (!dgst) {\n> \t\treturn NULL;\n> \t}\n> \n> +\tif (salt != NULL) {\n> +\t\tunsigned char dummy_key[EVP_MAX_KEY_LENGTH];\n> +\t\tunsigned char dummy_iv[EVP_MAX_IV_LENGTH];\n> +\t\tunsigned char dummy_pwd[5] = \"DUMMY\";\n> +\t\tif (!EVP_BytesToKey(cipher, EVP_sha1(), salt,\n> +\t\t\t\t\t\t\tdummy_pwd, sizeof(dummy_pwd),\n> +\t\t\t\t\t\t\t1,\n> +\t\t\t\t\t\t\t(unsigned char *)&dummy_key, (unsigned char *)&dummy_iv)) {\n> +\t\t\tERROR(\"Cannot set salt.\");\n> +\t\t\tfree(dgst);\n> +\t\t\treturn NULL;\n> +\t\t}\n> +\t}\n> +\n> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)\n> \tEVP_CIPHER_CTX_init(&dgst->ctxdec);\n> #else\n> @@ -63,7 +79,7 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char\n> \t/*\n> \t * Check openSSL documentation for return errors\n> \t */\n> -\tret = EVP_DecryptInit_ex(SSL_GET_CTXDEC(dgst), EVP_aes_256_cbc(), NULL, key, iv);\n> +\tret = EVP_DecryptInit_ex(SSL_GET_CTXDEC(dgst), cipher, NULL, key, iv);\n> \tif (ret != 1) {\n> \t\tERROR(\"Decrypt Engine not initialized, error 0x%lx\\n\", ERR_get_error());\n> \t\tfree(dgst);\n> diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst\n> index 4358126..a7d85a2 100644\n> --- a/doc/source/encrypted_images.rst\n> +++ b/doc/source/encrypted_images.rst\n> @@ -14,35 +14,43 @@ A complete documentation can be found at the\n> \n> ::\n> \n> - openssl enc -aes-256-cbc -k -nosalt -P -md sha1\n> + openssl enc -aes-256-cbc -k -P -md sha1\n> \n> The key and initialization vector is generated based on the given ````.\n> The output of the above command looks like this:\n> \n> ::\n> \n> - key=B60D121B438A380C343D5EC3C2037564B82FFEF3542808AB5694FA93C3179140\n> - iv =20578C4FEF1AEE907B1DC95C776F8160\n> -\n> + salt=CE7B0488EFBF0D1B\n> + key=B78CC67DD3DC13042A1B575184D4E16D6A09412C242CE253ACEE0F06B5AD68FC\n> + iv =65D793B87B6724BB27954C7664F15FF3\n> \n> Then, encrypt an image using this information via\n> \n> ::\n> \n> - openssl enc -aes-256-cbc -in -out -K -iv \n> + openssl enc -aes-256-cbc -in -out -K -iv -S \n> \n> where ```` is the unencrypted source image file and ```` is the\n> encrypted output image file to be referenced in ``sw-description``.\n> -```` is the hex value part of the first line of output from the key generation\n> -command above and ```` is the hex value part of the second line. \n> +```` is the hex value part of the 2nd line of output from the key generation\n> +command above, ```` is the hex value part of the 3rd line, and ```` is\n> +the hex value part of the 1st line.\n> \n> Then, create a key file to be supplied to SWUpdate via the `-K` switch by \n> -putting the key and initialization vector hex values on one line separated by\n> -whitespace, e.g., for above example values\n> +putting the key, initialization vector, and salt hex values on one line\n> +separated by whitespace, e.g., for above example values\n> \n> ::\n> \n> - B60D121B438A380C343D5EC3C2037564B82FFEF3542808AB5694FA93C3179140 20578C4FEF1AEE907B1DC95C776F8160\n> + B78CC67DD3DC13042A1B575184D4E16D6A09412C242CE253ACEE0F06B5AD68FC 65D793B87B6724BB27954C7664F15FF3 CE7B0488EFBF0D1B\n> +\n> +\n> +Note that, while not recommended and for backwards compatibility, OpenSSL may be\n> +used without salt. For disabling salt, add the ``-nosalt`` parameter to the key\n> +generation command above. Accordingly, drop the ``-S `` parameter in the\n> +encryption command and omit the 3rd field of the key file to be supplied to\n> +SWUpdate being the salt.\n> \n> \n> Example sw-description with Encrypted Image\n> diff --git a/include/sslapi.h b/include/sslapi.h\n> index 500db7c..1df656d 100644\n> --- a/include/sslapi.h\n> +++ b/include/sslapi.h\n> @@ -106,7 +106,7 @@ int swupdate_HASH_compare(unsigned char *hash1, unsigned char *hash2);\n> #endif\n> \n> #ifdef CONFIG_ENCRYPTED_IMAGES\n> -struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv);\n> +struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv, unsigned char *salt);\n> int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf, \n> \t\t\t\tint *outlen, unsigned char *cryptbuf, int inlen);\n> int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf,\n> @@ -117,7 +117,7 @@ void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst);\n> * Note: macro for swupdate_DECRYPT_init is\n> * just to avoid compiler warnings\n> */\n> -#define swupdate_DECRYPT_init(key, iv) (((key != NULL) | (ivt != NULL)) ? NULL : NULL)\n> +#define swupdate_DECRYPT_init(key, iv, salt) (((key != NULL) | (ivt != NULL) | (salt != NULL)) ? NULL : NULL)\n> #define swupdate_DECRYPT_update(p, buf, len, cbuf, inlen) (-1)\n> #define swupdate_DECRYPT_final(p, buf, len) (-1)\n> #define swupdate_DECRYPT_cleanup(p)\n> diff --git a/include/util.h b/include/util.h\n> index 2d6f047..70a0acc 100644\n> --- a/include/util.h\n> +++ b/include/util.h\n> @@ -173,6 +173,7 @@ int count_elem_list(struct imglist *list);\n> int load_decryption_key(char *fname);\n> unsigned char *get_aes_key(void);\n> unsigned char *get_aes_ivt(void);\n> +unsigned char *get_aes_salt(void);\n> \n> /* Getting global information */\n> int get_install_info(sourcetype *source, char *buf, size_t len);\n> \n\nApplied to -master, thanks !\n\nBest regards,\nStefano Babic","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=googlegroups.com\n\t(client-ip=2a00:1450:400c:c0c::23a;\n\thelo=mail-wr0-x23a.google.com;\n\tenvelope-from=swupdate+bncbaabbqhp5lgakgqenixl5vq@googlegroups.com;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=googlegroups.com header.i=@googlegroups.com\n\theader.b=\"CK4iBk/O\"; dkim-atps=neutral"],"Received":["from mail-wr0-x23a.google.com (mail-wr0-x23a.google.com\n\t[IPv6:2a00:1450:400c:c0c::23a])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xbVVW56sdz9sR8\n\tfor ;\n\tMon, 21 Aug 2017 20:36:51 +1000 (AEST)","by mail-wr0-x23a.google.com with SMTP id f27sf1961315wrf.7\n\tfor ;\n\tMon, 21 Aug 2017 03:36:51 -0700 (PDT)","by 10.28.140.199 with SMTP id o190ls26408wmd.19.gmail; Mon, 21 Aug\n\t2017 03:36:48 -0700 (PDT)","from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9])\n\tby gmr-mx.google.com with ESMTPS id\n\tb125si2426478wmc.1.2017.08.21.03.36.48\n\tfor \n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tMon, 21 Aug 2017 03:36:48 -0700 (PDT)","from frontend01.mail.m-online.net (unknown [192.168.8.182])\n\tby mail-out.m-online.net (Postfix) with ESMTP id 3xbVVR6QLMz1rCgK;\n\tMon, 21 Aug 2017 12:36:47 +0200 (CEST)","from localhost (dynscan1.mnet-online.de [192.168.6.70])\n\tby mail.m-online.net (Postfix) with ESMTP id 3xbVVR5szSz3j379;\n\tMon, 21 Aug 2017 12:36:47 +0200 (CEST)","from mail.mnet-online.de ([192.168.8.182])\n\tby localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new,\n\tport 10024)\n\twith ESMTP id lLKVhtIxXzvf; Mon, 21 Aug 2017 12:36:46 +0200 (CEST)","from babic.homelinux.org\n\t(host-88-217-136-221.customer.m-online.net [88.217.136.221])\n\t(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mail.mnet-online.de (Postfix) with ESMTPS;\n\tMon, 21 Aug 2017 12:36:46 +0200 (CEST)","from localhost (mail.babic.homelinux.org [127.0.0.1])\n\tby babic.homelinux.org (Postfix) with ESMTP id E0C1F45404AE;\n\tMon, 21 Aug 2017 12:36:45 +0200 (CEST)","from babic.homelinux.org ([127.0.0.1])\n\tby localhost (mail.babic.homelinux.org [127.0.0.1]) (amavisd-new,\n\tport 10024)\n\twith ESMTP id 2DSyuKvL6Ukz; Mon, 21 Aug 2017 12:36:43 +0200 (CEST)","from [192.168.178.132] (papero.fritz.box [192.168.178.132])\n\tby babic.homelinux.org (Postfix) with ESMTP id 1A26B454019C;\n\tMon, 21 Aug 2017 12:36:43 +0200 (CEST)"],"ARC-Seal":["i=2; a=rsa-sha256; t=1503311809; cv=pass;\n\td=google.com; s=arc-20160816;\n\tb=kit74FPQMJc5RGom7wa3FdZ1AYIVrBTUKIsReWCXJbQEUGVZ0tcQcNBtCkQ75iFWkW\n\tHzYPN91mzxdQ5VKJuBTfVNw+8UyZGRbiVVPD4fy91tQD8IM5o4tWCJmgqFc1wu2hOfvG\n\tYdz6EgmrFd9DUU/9S6y+OWrECdu/G6wwndcfs4txgzelPJGl2njTF71mLVnNTNiB1gHZ\n\tp8/Ksc/elF6VKGsCbLQ9Ckf3baLSEACo3H2q6V7sqZDQvOauWGEAg6t9SEEclS5YaH+M\n\tgdRLk9mtHD5jh0Lt9fSQXIB/odt2Pv5DqOkiTRvIkZrY2jOgZJhWv4Q+JNSIsdeSIHa+\n\tl1Rg==","i=1; a=rsa-sha256; t=1503311808; cv=none;\n\td=google.com; s=arc-20160816;\n\tb=rYGfzMVUnSVr3qr7tO1A4API1gYYQTz24t0cVOEeu4yTuUCiNz6YYFfiqz9zj4oGfz\n\txvruJGsOzCMuD3DvFOTSGmtmt35aHUFxrH7VxfhR1W5bdbd7BkJVNb5WmYaDlynwyAfU\n\tHPxUN2kr2xbdOvV8tIfgzTOupl2+jZG7rF35zFpZfrcWOmbt+dUNTnolsK/OJpGJ7JxR\n\tl/Tli8yq5VzG4zVHsLt4koB9r5A8qi/oZBplFxNCd0mULEwkP8N2QApHXitrLXqmnxgu\n\tCRXCA5PpzL72cAQka92f1/1bgOZezPhnWFMURfjBolRc+oTyPwTzd5J4hLAN+B1lHsrZ\n\tXmlw=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n\t:list-id:mailing-list:precedence:content-language:in-reply-to\n\t:mime-version:user-agent:date:message-id:from:references:to:subject\n\t:arc-authentication-results:arc-message-signature:sender\n\t:dkim-signature:arc-authentication-results;\n\tbh=gWomof75yPHzf7f86RYmUC5O99AA4e6u6gH6HkT0JAY=;\n\tb=HGMr9pXzw+qYuuyq7d4UYodT1zcWakOoY7Jbudz9oN0zKWgoLQo4dzzhb2dnlmN6ix\n\tjjrFJUzx5NE3HCKnzroukmDK9HfUSF8a/y2UN28Qgb/pahwUuaKfhgjJ/rtDV+AeQzDf\n\t0b5f/+v8G47zZG82niDW9yNtQld+J3jiA9ysmEoUIKfBMtiv8bCFsX7WFBnWAecPY7BU\n\tNGGw3HkIK5jhqXfW0b6HH9gkjU/vHDBZPOTvoDfmEEwAVTyLIglHi7iF2nKE6VJVQP9c\n\tTn5i5mKdQvs0bXxcjRG+f2yYladlNvi1CUhAgzA2M1xKkpWh0XWdV9fZVRCCZLqo6snY\n\tzFYw==","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=content-transfer-encoding:content-language:in-reply-to:mime-version\n\t:user-agent:date:message-id:from:references:to:subject\n\t:arc-authentication-results;\n\tbh=Ys4ygU9jZ6DtcPQUYnNyiMrGXnoENcHKKwkCPOU7Rz0=;\n\tb=cBTY9WjECpsL9m7l5gTWDGWJ+sQIpnbX4y+w/1vME8h7iYhYffPOmNjpMZZQAaZo9p\n\t/Npq5HbFB8ZpDJAeroGns66KPCjWE/aIYWsIHB1wE8ZPPBA0zkisWXVDvROOA8alUZbr\n\t5ro1p+FVQyPEgbVF5c012IzPHO4ph4U+CA6DH2AVuxBJoXLo2jhfWsK1vfip4AqBdfle\n\t0DwmXcFPtEP+p75MPsTQ3WRczx3v/XpxentDJX1VEG0LLPEMjFZHF397GvV0azF1gKXv\n\t4vMicSRAaPuWD5AHmvY62GtuerTzifJpZ8iqQ7IfBDWCYblhebRyMXvM8V6+50USjBFr\n\t+Bpg=="],"ARC-Authentication-Results":["i=2; gmr-mx.google.com;\n\tspf=neutral (google.com: 212.18.0.9 is neither permitted nor denied\n\tby best guess record for domain of sbabic@denx.de)\n\tsmtp.mailfrom=sbabic@denx.de","i=1; gmr-mx.google.com;\n\tspf=neutral (google.com: 212.18.0.9 is neither permitted nor denied\n\tby best guess record for domain of sbabic@denx.de)\n\tsmtp.mailfrom=sbabic@denx.de"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=googlegroups.com; s=20161025;\n\th=sender:subject:to:references:from:message-id:date:user-agent\n\t:mime-version:in-reply-to:content-language:x-original-sender\n\t:x-original-authentication-results:precedence:mailing-list:list-id\n\t:list-post:list-help:list-archive:list-subscribe:list-unsubscribe;\n\tbh=gWomof75yPHzf7f86RYmUC5O99AA4e6u6gH6HkT0JAY=;\n\tb=CK4iBk/OGBVZbc37vHyMDRFiwyPpGadlvyiDPkeCV04OuNo2r7CTt1nM1L96zvFhKn\n\tvkKTq9L08wwl2r0juNbrvSXB+4O7IsGFmyeLPhwFLm2n7p4ymYKK+1QXqcN893kty7tY\n\tIArewa6KI1t2g5ZeH9jrPm4AzuCTN5ziKO6f61HXRGvg0o6pZbKLhac4ImSgbiQ3OfSv\n\tlsZb1PovLRnuFIfVBMzM8uM/h8CfYAu/s1I9N3BOoSHtWlV0KlMCtML9KSoBioHNm5VD\n\t9pRwTNF13xbbm4Tamqdrl9+JemCIYywG2eQAfxIkTKy5LHS/yyg7K+GidAy0jb/z4sTk\n\tjGzA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=sender:x-gm-message-state:subject:to:references:from:message-id\n\t:date:user-agent:mime-version:in-reply-to:content-language\n\t:x-original-sender:x-original-authentication-results:precedence\n\t:mailing-list:list-id:x-spam-checked-in-group:list-post:list-help\n\t:list-archive:list-subscribe:list-unsubscribe;\n\tbh=gWomof75yPHzf7f86RYmUC5O99AA4e6u6gH6HkT0JAY=;\n\tb=tRGXoNKQbWZ2S3qEahYh6pObvHwU0K97owJp2N4sGgyH3DS2vMrXTRSCO8BF49CVvr\n\tO6EWjXYcjsnWtAElGZTR0+liEzURzUQ9J4BiAqApet/t9Lbtt65kf0Q7/yAplGxTsyGV\n\thjiFMH9SGW7+8flfSBpEUSU/mE+XwEs8QUfpjP+SiVEIrbNESyp1OKErK/KKMnECWz8J\n\tYm3t81tRYfuj6bZVt4C27l8nAConLCEqtqoQcR6B7DT1dU7X2iQjIrLGos1FDa4IFMgf\n\tNUalx2vgcSCme37rs96p4VSFslmOJC2X87vi79AQdlgRyI4T7dZ76dScON0yWRC4famS\n\tDVOA==","Sender":"swupdate@googlegroups.com","X-Gm-Message-State":"AHYfb5jNjaJNyvi77C2MKvsDJoil3YTLIcFTUHzN4oDo8mxzMXtY0r+x\n\tDGrYejygZfwJeg==","X-Received":["by 10.28.91.131 with SMTP id p125mr40927wmb.2.1503311808925;\n\tMon, 21 Aug 2017 03:36:48 -0700 (PDT)","by 10.223.163.143 with SMTP id l15mr288319wrb.8.1503311808401;\n\tMon, 21 Aug 2017 03:36:48 -0700 (PDT)"],"X-BeenThere":"swupdate@googlegroups.com","Received-SPF":"neutral (google.com: 212.18.0.9 is neither permitted nor\n\tdenied by best guess record for domain of sbabic@denx.de)\n\tclient-ip=212.18.0.9; ","X-Virus-Scanned":["amavisd-new at mnet-online.de","Debian amavisd-new at babic.homelinux.org"],"Subject":"Re: [swupdate] [PATCH resent 1/2] crypt: add support for using salt","To":"Christian Storm , swupdate@googlegroups.com","References":"<20170817141546.31426-1-christian.storm@siemens.com>","From":"Stefano Babic ","Message-ID":"<447946d5-a124-f96b-83bb-80b446c16ecf@denx.de>","Date":"Mon, 21 Aug 2017 12:36:43 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<20170817141546.31426-1-christian.storm@siemens.com>","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Language":"en-GB","X-Original-Sender":"sbabic@denx.de","X-Original-Authentication-Results":"gmr-mx.google.com; spf=neutral\n\t(google.com: 212.18.0.9 is neither permitted nor denied by best guess\n\trecord\n\tfor domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de","Precedence":"list","Mailing-list":"list swupdate@googlegroups.com;\n\tcontact swupdate+owners@googlegroups.com","List-ID":"","X-Spam-Checked-In-Group":"swupdate@googlegroups.com","X-Google-Group-Id":"605343134186","List-Post":",\n\t","List-Help":",\n\t","List-Archive":",\n\t","List-Unsubscribe":",\n\t"}}]