diff options
| author |   angelos <angelos@openbsd.org> | 2002-03-19 23:24:53 +0000 |
|---|---|---|
| committer | angelos <angelos@openbsd.org> | 2002-03-19 23:24:53 +0000 |
| commit | df8457d2455823d7b62ccdefb2afae649be0a4d4 (patch) | |
| tree | c5feab42f82eec0f13b040eea7d22b9a5adb0ec3 /sys/crypto/cryptosoft.h | |
| parent | o don't need a var to keep the number of commands; use a define. (diff) | |
| download | wireguard-openbsd-df8457d2455823d7b62ccdefb2afae649be0a4d4.tar.xz wireguard-openbsd-df8457d2455823d7b62ccdefb2afae649be0a4d4.zip | |
Don't keep the last blocksize-bytes of ciphertext for use as the next
plaintext's IV, in CBC mode. Use arc4random() to acquire fresh IVs per
message instead (particularly useful for IPsec).
This avoids the CBC oracle attack. provos@ ok
Diffstat (limited to 'sys/crypto/cryptosoft.h')
| -rw-r--r-- | sys/crypto/cryptosoft.h | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/sys/crypto/cryptosoft.h b/sys/crypto/cryptosoft.h index 6b3fe4b193a..6a445672918 100644 --- a/sys/crypto/cryptosoft.h +++ b/sys/crypto/cryptosoft.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.h,v 1.8 2002/03/05 15:59:41 markus Exp $ */ +/* $OpenBSD: cryptosoft.h,v 1.9 2002/03/19 23:24:53 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -36,7 +36,6 @@ struct swcr_data { } SWCR_AUTH; struct { u_int8_t *SW_kschedule; - u_int8_t *SW_iv; struct enc_xform *SW_exf; } SWCR_ENC; struct { @@ -50,7 +49,6 @@ struct swcr_data { #define sw_klen SWCR_UN.SWCR_AUTH.SW_klen #define sw_axf SWCR_UN.SWCR_AUTH.SW_axf #define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule -#define sw_iv SWCR_UN.SWCR_ENC.SW_iv #define sw_exf SWCR_UN.SWCR_ENC.SW_exf #define sw_size SWCR_UN.SWCR_COMP.SW_size #define sw_cxf SWCR_UN.SWCR_COMP.SW_cxf |