diff options
| author |   mikeb <mikeb@openbsd.org> | 2010-12-15 23:34:23 +0000 |
|---|---|---|
| committer | mikeb <mikeb@openbsd.org> | 2010-12-15 23:34:23 +0000 |
| commit | 0c4448d4f521013698164f4dab22f2f76d0d71d2 (patch) | |
| tree | 86b80412680179286a5221a9af5848a297de6f00 | |
| parent | attach the Hercules HWGUn-54 to rsu(4) (diff) | |
| download | wireguard-openbsd-0c4448d4f521013698164f4dab22f2f76d0d71d2.tar.xz wireguard-openbsd-0c4448d4f521013698164f4dab22f2f76d0d71d2.zip | |
Bring CBC oracle attack countermeasure from r1.32 of cryptosoft.c to
the hardware crypto accelerator land. This fixes aes-ni, via xcrypt,
glxsb(4), hifn(4), safe(4) and ubsec(4) drivers.
Original commit message by angelos:
Don't keep the last blocksize-bytes of ciphertext for use as the next
plaintext's IV, in CBC mode. Use arc4random() to acquire fresh IVs per
message.
with and ok deraadt, ok markus, djm
| -rw-r--r-- | sys/arch/amd64/amd64/aesni.c | 25 | ||||
| -rw-r--r-- | sys/arch/amd64/amd64/via.c | 21 | ||||
| -rw-r--r-- | sys/arch/i386/i386/via.c | 21 | ||||
| -rw-r--r-- | sys/arch/i386/pci/glxsb.c | 35 | ||||
| -rw-r--r-- | sys/dev/pci/hifn7751.c | 33 | ||||
| -rw-r--r-- | sys/dev/pci/hifn7751var.h | 3 | ||||
| -rw-r--r-- | sys/dev/pci/safe.c | 36 | ||||
| -rw-r--r-- | sys/dev/pci/safevar.h | 6 | ||||
| -rw-r--r-- | sys/dev/pci/ubsec.c | 33 | ||||
| -rw-r--r-- | sys/dev/pci/ubsecvar.h | 5 |
10 files changed, 29 insertions, 189 deletions
diff --git a/sys/arch/amd64/amd64/aesni.c b/sys/arch/amd64/amd64/aesni.c index 5823e55bb18..a8adc77bcfc 100644 --- a/sys/arch/amd64/amd64/aesni.c +++ b/sys/arch/amd64/amd64/aesni.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aesni.c,v 1.16 2010/11/15 14:48:17 mikeb Exp $ */ +/* $OpenBSD: aesni.c,v 1.17 2010/12/15 23:34:23 mikeb Exp $ */ /*- * Copyright (c) 2003 Jason Wright * Copyright (c) 2003, 2004 Theo de Raadt @@ -46,7 +46,6 @@ struct aesni_session { uint32_t ses_dkey[4 * (AES_MAXROUNDS + 1)]; uint32_t ses_klen; uint8_t ses_nonce[AESCTR_NONCESIZE]; - uint8_t ses_iv[EALG_MAX_BLOCK_LEN]; int ses_sid; struct swcr_data *ses_swd; LIST_ENTRY(aesni_session) @@ -155,7 +154,6 @@ aesni_newsession(u_int32_t *sidp, struct cryptoini *cri) switch (c->cri_alg) { case CRYPTO_AES_CBC: ses->ses_klen = c->cri_klen / 8; - arc4random_buf(ses->ses_iv, 16); fpu_kernel_enter(); aesni_set_key(ses, c->cri_key, ses->ses_klen); fpu_kernel_exit(); @@ -165,7 +163,6 @@ aesni_newsession(u_int32_t *sidp, struct cryptoini *cri) ses->ses_klen = c->cri_klen / 8 - AESCTR_NONCESIZE; bcopy(c->cri_key + ses->ses_klen, ses->ses_nonce, AESCTR_NONCESIZE); - arc4random_buf(ses->ses_iv, 8); fpu_kernel_enter(); aesni_set_key(ses, c->cri_key, ses->ses_klen); fpu_kernel_exit(); @@ -335,7 +332,7 @@ aesni_encdec(struct cryptop *crp, struct cryptodesc *crd, if (crd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(crd->crd_iv, iv, ivlen); else - bcopy(ses->ses_iv, iv, ivlen); + arc4random_buf(iv, ivlen); /* Do we need to write the IV */ if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { @@ -401,24 +398,6 @@ aesni_encdec(struct cryptop *crp, struct cryptodesc *crd, cuio_copyback((struct uio *)crp->crp_buf, crd->crd_skip, crd->crd_len, buf); - /* - * Copy out last block for use as next session IV for CBC, - * generate new IV for CTR. - */ - if (crd->crd_flags & CRD_F_ENCRYPT) { - if (crd->crd_alg == CRYPTO_AES_CBC) { - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - ses->ses_iv); - else - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - ses->ses_iv); - } else if (crd->crd_alg == CRYPTO_AES_CTR) - arc4random_buf(ses->ses_iv, ivlen); - } - out: bzero(buf, roundup(crd->crd_len, EALG_MAX_BLOCK_LEN)); return (err); diff --git a/sys/arch/amd64/amd64/via.c b/sys/arch/amd64/amd64/via.c index 59ce44ee457..3f1a3985db6 100644 --- a/sys/arch/amd64/amd64/via.c +++ b/sys/arch/amd64/amd64/via.c @@ -1,4 +1,4 @@ -/* $OpenBSD: via.c,v 1.7 2010/07/06 09:49:47 blambert Exp $ */ +/* $OpenBSD: via.c,v 1.8 2010/12/15 23:34:23 mikeb Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -64,7 +64,6 @@ void viac3_rnd(void *); struct viac3_session { u_int32_t ses_ekey[4 * (AES_MAXROUNDS + 1) + 4]; /* 128 bit aligned */ u_int32_t ses_dkey[4 * (AES_MAXROUNDS + 1) + 4]; /* 128 bit aligned */ - u_int8_t ses_iv[16]; /* 128 bit aligned */ u_int32_t ses_cw0; struct swcr_data *swd; int ses_klen; @@ -194,7 +193,6 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) cw0 |= C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW | C3_CRYPT_CWLO_NORMAL; - arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); ses->ses_klen = c->cri_klen; ses->ses_cw0 = cw0; @@ -374,7 +372,7 @@ viac3_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, if (crd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(crd->crd_iv, sc->op_iv, 16); else - bcopy(ses->ses_iv, sc->op_iv, 16); + arc4random_buf(sc->op_iv, 16); if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { if (crp->crp_flags & CRYPTO_F_IMBUF) @@ -428,21 +426,6 @@ viac3_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, bcopy(sc->op_buf, crp->crp_buf + crd->crd_skip, crd->crd_len); - /* copy out last block for use as next session IV */ - if (crd->crd_flags & CRD_F_ENCRYPT) { - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 16, 16, - ses->ses_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 16, 16, - ses->ses_iv); - else - bcopy(crp->crp_buf + crd->crd_skip + - crd->crd_len - 16, ses->ses_iv, 16); - } - if (sc->op_buf != NULL) { bzero(sc->op_buf, crd->crd_len); free(sc->op_buf, M_DEVBUF); diff --git a/sys/arch/i386/i386/via.c b/sys/arch/i386/i386/via.c index 580003946f2..19650e3b92f 100644 --- a/sys/arch/i386/i386/via.c +++ b/sys/arch/i386/i386/via.c @@ -1,4 +1,4 @@ -/* $OpenBSD: via.c,v 1.24 2010/07/06 09:49:47 blambert Exp $ */ +/* $OpenBSD: via.c,v 1.25 2010/12/15 23:34:23 mikeb Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -64,7 +64,6 @@ void viac3_rnd(void *); struct viac3_session { u_int32_t ses_ekey[4 * (AES_MAXROUNDS + 1) + 4]; /* 128 bit aligned */ u_int32_t ses_dkey[4 * (AES_MAXROUNDS + 1) + 4]; /* 128 bit aligned */ - u_int8_t ses_iv[16]; /* 128 bit aligned */ u_int32_t ses_cw0; struct swcr_data *swd; int ses_klen; @@ -195,7 +194,6 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) cw0 |= C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW | C3_CRYPT_CWLO_NORMAL; - arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); ses->ses_klen = c->cri_klen; ses->ses_cw0 = cw0; @@ -375,7 +373,7 @@ viac3_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, if (crd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(crd->crd_iv, sc->op_iv, 16); else - bcopy(ses->ses_iv, sc->op_iv, 16); + arc4random_buf(sc->op_iv, 16); if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { if (crp->crp_flags & CRYPTO_F_IMBUF) @@ -429,21 +427,6 @@ viac3_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, bcopy(sc->op_buf, crp->crp_buf + crd->crd_skip, crd->crd_len); - /* copy out last block for use as next session IV */ - if (crd->crd_flags & CRD_F_ENCRYPT) { - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 16, 16, - ses->ses_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 16, 16, - ses->ses_iv); - else - bcopy(crp->crp_buf + crd->crd_skip + - crd->crd_len - 16, ses->ses_iv, 16); - } - if (sc->op_buf != NULL) { bzero(sc->op_buf, crd->crd_len); free(sc->op_buf, M_DEVBUF); diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c index c1e52d45cf5..51c5cec9970 100644 --- a/sys/arch/i386/pci/glxsb.c +++ b/sys/arch/i386/pci/glxsb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glxsb.c,v 1.20 2010/09/20 02:46:50 deraadt Exp $ */ +/* $OpenBSD: glxsb.c,v 1.21 2010/12/15 23:34:23 mikeb Exp $ */ /* * Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org> @@ -150,7 +150,6 @@ struct glxsb_dma_map { }; struct glxsb_session { uint32_t ses_key[4]; - uint8_t ses_iv[SB_AES_BLOCK_SIZE]; int ses_klen; int ses_used; struct swcr_data *ses_swd_auth; @@ -417,7 +416,6 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri) break; } - arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); ses->ses_klen = c->cri_klen; /* Copy the key (Geode LX wants the primary key only) */ @@ -641,7 +639,7 @@ glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, { char *op_src, *op_dst; uint32_t op_psrc, op_pdst; - uint8_t op_iv[SB_AES_BLOCK_SIZE], *piv; + uint8_t op_iv[SB_AES_BLOCK_SIZE]; int err = 0; int len, tlen, xlen; int offset; @@ -671,7 +669,7 @@ glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, if (crd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(crd->crd_iv, op_iv, sizeof(op_iv)); else - bcopy(ses->ses_iv, op_iv, sizeof(op_iv)); + arc4random_buf(op_iv, sizeof(op_iv)); if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { if (crp->crp_flags & CRYPTO_F_IMBUF) @@ -704,7 +702,6 @@ glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, offset = 0; tlen = crd->crd_len; - piv = op_iv; /* Process the data in GLXSB_MAX_AES_LEN chunks */ while (tlen > 0) { @@ -740,26 +737,14 @@ glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, offset += len; tlen -= len; - if (tlen <= 0) { /* Ideally, just == 0 */ - /* Finished - put the IV in session IV */ - piv = ses->ses_iv; - } - - /* - * Copy out last block for use as next iteration/session IV. - * - * piv is set to op_iv[] before the loop starts, but is - * set to ses->ses_iv if we're going to exit the loop this - * time. - */ - if (crd->crd_flags & CRD_F_ENCRYPT) { - bcopy(op_dst + len - sizeof(op_iv), piv, sizeof(op_iv)); - } else { - /* Decryption, only need this if another iteration */ - if (tlen > 0) { - bcopy(op_src + len - sizeof(op_iv), piv, + if (tlen > 0) { + /* Copy out last block for use as next iteration */ + if (crd->crd_flags & CRD_F_ENCRYPT) + bcopy(op_dst + len - sizeof(op_iv), op_iv, + sizeof(op_iv)); + else + bcopy(op_src + len - sizeof(op_iv), op_iv, sizeof(op_iv)); - } } } diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c index 34918a52d48..37df7dab6fb 100644 --- a/sys/dev/pci/hifn7751.c +++ b/sys/dev/pci/hifn7751.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hifn7751.c,v 1.162 2010/07/05 11:07:56 blambert Exp $ */ +/* $OpenBSD: hifn7751.c,v 1.163 2010/12/15 23:34:23 mikeb Exp $ */ /* * Invertex AEON / Hifn 7751 driver @@ -1873,10 +1873,6 @@ hifn_newsession(u_int32_t *sidp, struct cryptoini *cri) case CRYPTO_DES_CBC: case CRYPTO_3DES_CBC: case CRYPTO_AES_CBC: - arc4random_buf(ses->hs_iv, - (c->cri_alg == CRYPTO_AES_CBC ? - HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH)); - /*FALLTHROUGH*/ case CRYPTO_ARC4: if (cry) return (EINVAL); @@ -2074,8 +2070,7 @@ hifn_process(struct cryptop *crp) if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(enccrd->crd_iv, cmd->iv, ivlen); else - bcopy(sc->sc_sessions[session].hs_iv, - cmd->iv, ivlen); + arc4random_buf(cmd->iv, ivlen); if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { @@ -2259,7 +2254,7 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, struct cryptop *crp = cmd->crp; struct cryptodesc *crd; struct mbuf *m; - int totlen, i, u, ivlen; + int totlen, i, u; if (cmd->src_map == cmd->dst_map) bus_dmamap_sync(sc->sc_dmat, cmd->src_map, @@ -2322,28 +2317,6 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, hifnstats.hst_obytes += cmd->dst_map->dm_mapsize; - if ((cmd->base_masks & (HIFN_BASE_CMD_CRYPT | HIFN_BASE_CMD_DECODE)) == - HIFN_BASE_CMD_CRYPT) { - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { - if (crd->crd_alg != CRYPTO_DES_CBC && - crd->crd_alg != CRYPTO_3DES_CBC && - crd->crd_alg != CRYPTO_AES_CBC) - continue; - ivlen = ((crd->crd_alg == CRYPTO_AES_CBC) ? - HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH); - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - cmd->softc->sc_sessions[cmd->session_num].hs_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) { - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - cmd->softc->sc_sessions[cmd->session_num].hs_iv); - } - break; - } - } - if (cmd->base_masks & HIFN_BASE_CMD_MAC) { u_int8_t *macbuf; diff --git a/sys/dev/pci/hifn7751var.h b/sys/dev/pci/hifn7751var.h index 64918d472db..9497967ea17 100644 --- a/sys/dev/pci/hifn7751var.h +++ b/sys/dev/pci/hifn7751var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hifn7751var.h,v 1.52 2004/01/20 21:01:55 jason Exp $ */ +/* $OpenBSD: hifn7751var.h,v 1.53 2010/12/15 23:34:23 mikeb Exp $ */ /* * Invertex AEON / Hifn 7751 driver @@ -104,7 +104,6 @@ struct hifn_dma { struct hifn_session { int hs_used; - u_int8_t hs_iv[HIFN_MAX_IV_LENGTH]; }; #define HIFN_RING_SYNC(sc, r, i, f) \ diff --git a/sys/dev/pci/safe.c b/sys/dev/pci/safe.c index 98111ccf67a..c42994381e2 100644 --- a/sys/dev/pci/safe.c +++ b/sys/dev/pci/safe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: safe.c,v 1.29 2010/07/02 02:40:16 blambert Exp $ */ +/* $OpenBSD: safe.c,v 1.30 2010/12/15 23:34:23 mikeb Exp $ */ /*- * Copyright (c) 2003 Sam Leffler, Errno Consulting @@ -472,7 +472,8 @@ safe_process(struct cryptop *crp) if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(enccrd->crd_iv, iv, ivsize); else - bcopy(ses->ses_iv, iv, ivsize); + arc4random_buf(iv, ivsize); + if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { if (crp->crp_flags & CRYPTO_F_IMBUF) m_copyback(re->re_src_m, @@ -485,7 +486,6 @@ safe_process(struct cryptop *crp) for (i = 0; i < ivsize / sizeof(iv[0]); i++) re->re_sastate.sa_saved_iv[i] = htole32(iv[i]); cmd0 |= SAFE_SA_CMD0_IVLD_STATE | SAFE_SA_CMD0_SAVEIV; - re->re_flags |= SAFE_QFLAGS_COPYOUTIV; } else { cmd0 |= SAFE_SA_CMD0_INBOUND; @@ -1362,9 +1362,6 @@ safe_newsession(u_int32_t *sidp, struct cryptoini *cri) ses->ses_used = 1; if (encini) { - /* get an IV */ - arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); - ses->ses_klen = encini->cri_klen; bcopy(encini->cri_key, ses->ses_key, ses->ses_klen / 8); @@ -1675,33 +1672,6 @@ safe_callback(struct safe_softc *sc, struct safe_ringentry *re) crp->crp_buf = (caddr_t)re->re_dst_m; } - if (re->re_flags & SAFE_QFLAGS_COPYOUTIV) { - /* copy out IV for future use */ - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { - int ivsize; - - if (crd->crd_alg == CRYPTO_DES_CBC || - crd->crd_alg == CRYPTO_3DES_CBC) { - ivsize = 2*sizeof(u_int32_t); - } else if (crd->crd_alg == CRYPTO_AES_CBC) { - ivsize = 4*sizeof(u_int32_t); - } else - continue; - if (crp->crp_flags & CRYPTO_F_IMBUF) { - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivsize, - ivsize, - (caddr_t) sc->sc_sessions[re->re_sesn].ses_iv); - } else if (crp->crp_flags & CRYPTO_F_IOV) { - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivsize, - ivsize, - (caddr_t)sc->sc_sessions[re->re_sesn].ses_iv); - } - break; - } - } - if (re->re_flags & SAFE_QFLAGS_COPYOUTICV) { /* copy out ICV result */ for (crd = crp->crp_desc; crd; crd = crd->crd_next) { diff --git a/sys/dev/pci/safevar.h b/sys/dev/pci/safevar.h index ebe859d1dc5..d7a83de438a 100644 --- a/sys/dev/pci/safevar.h +++ b/sys/dev/pci/safevar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: safevar.h,v 1.7 2010/08/27 15:02:12 deraadt Exp $ */ +/* $OpenBSD: safevar.h,v 1.8 2010/12/15 23:34:23 mikeb Exp $ */ /*- * Copyright (c) 2003 Sam Leffler, Errno Consulting @@ -113,8 +113,7 @@ struct safe_ringentry { int re_sesn; /* crypto session ID */ int re_flags; -#define SAFE_QFLAGS_COPYOUTIV 0x1 /* copy back on completion */ -#define SAFE_QFLAGS_COPYOUTICV 0x2 /* copy back on completion */ +#define SAFE_QFLAGS_COPYOUTICV 0x1 /* copy back on completion */ }; #define re_src_m re_src.u.m @@ -139,7 +138,6 @@ struct safe_session { u_int32_t ses_key[8]; /* DES/3DES/AES key */ u_int32_t ses_hminner[5]; /* hmac inner state */ u_int32_t ses_hmouter[5]; /* hmac outer state */ - u_int32_t ses_iv[4]; /* DES/3DES/AES iv */ }; struct safe_pkq { diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index 9a75dc320d4..1311358e826 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsec.c,v 1.147 2010/07/02 02:40:16 blambert Exp $ */ +/* $OpenBSD: ubsec.c,v 1.148 2010/12/15 23:34:23 mikeb Exp $ */ /* * Copyright (c) 2000 Jason L. Wright (jason@thought.net) @@ -711,9 +711,6 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) bzero(ses, sizeof(struct ubsec_session)); ses->ses_used = 1; if (encini) { - /* get an IV, network byte order */ - arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); - /* Go ahead and compute key in ubsec's byte order */ if (encini->cri_alg == CRYPTO_AES_CBC) { bcopy(encini->cri_key, ses->ses_key, @@ -944,14 +941,10 @@ ubsec_process(struct cryptop *crp) encoffset = enccrd->crd_skip; if (enccrd->crd_flags & CRD_F_ENCRYPT) { - q->q_flags |= UBSEC_QFLAGS_COPYOUTIV; - if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(enccrd->crd_iv, key.ses_iv, ivlen); - else { - for (i = 0; i < (ivlen / 4); i++) - key.ses_iv[i] = ses->ses_iv[i]; - } + else + arc4random_buf(key.ses_iv, ivlen); if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { if (crp->crp_flags & CRYPTO_F_IMBUF) @@ -1436,26 +1429,6 @@ ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q) crp->crp_buf = (caddr_t)q->q_dst_m; } - /* copy out IV for future use */ - if (q->q_flags & UBSEC_QFLAGS_COPYOUTIV) { - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { - if (crd->crd_alg != CRYPTO_DES_CBC && - crd->crd_alg != CRYPTO_3DES_CBC && - crd->crd_alg != CRYPTO_AES_CBC) - continue; - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 8, 8, - (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) { - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 8, 8, - (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); - } - break; - } - } - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { if (crd->crd_alg != CRYPTO_MD5_HMAC && crd->crd_alg != CRYPTO_SHA1_HMAC) diff --git a/sys/dev/pci/ubsecvar.h b/sys/dev/pci/ubsecvar.h index 6e3ae4c87f7..92871778b9e 100644 --- a/sys/dev/pci/ubsecvar.h +++ b/sys/dev/pci/ubsecvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsecvar.h,v 1.38 2009/03/27 13:31:30 reyk Exp $ */ +/* $OpenBSD: ubsecvar.h,v 1.39 2010/12/15 23:34:23 mikeb Exp $ */ /* * Copyright (c) 2000 Theo de Raadt @@ -152,7 +152,6 @@ struct ubsec_q { bus_dmamap_t q_dst_map; int q_sesn; - int q_flags; }; struct ubsec_softc { @@ -185,8 +184,6 @@ struct ubsec_softc { SIMPLEQ_HEAD(,ubsec_q2) sc_q2free; /* free list */ }; -#define UBSEC_QFLAGS_COPYOUTIV 0x1 - struct ubsec_session { u_int32_t ses_used; u_int32_t ses_key[8]; /* 3DES/AES key */ |