diff options
| author |   mikeb <mikeb@openbsd.org> | 2010-12-15 23:34:23 +0000 |
|---|---|---|
| committer | mikeb <mikeb@openbsd.org> | 2010-12-15 23:34:23 +0000 |
| commit | 0c4448d4f521013698164f4dab22f2f76d0d71d2 (patch) | |
| tree | 86b80412680179286a5221a9af5848a297de6f00 /sys | |
| parent | attach the Hercules HWGUn-54 to rsu(4) (diff) | |
| download | wireguard-openbsd-0c4448d4f521013698164f4dab22f2f76d0d71d2.tar.xz wireguard-openbsd-0c4448d4f521013698164f4dab22f2f76d0d71d2.zip | |
Bring CBC oracle attack countermeasure from r1.32 of cryptosoft.c to
the hardware crypto accelerator land. This fixes aes-ni, via xcrypt,
glxsb(4), hifn(4), safe(4) and ubsec(4) drivers.
Original commit message by angelos:
Don't keep the last blocksize-bytes of ciphertext for use as the next
plaintext's IV, in CBC mode. Use arc4random() to acquire fresh IVs per
message.
with and ok deraadt, ok markus, djm
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/arch/amd64/amd64/aesni.c | 25 | ||||
| -rw-r--r-- | sys/arch/amd64/amd64/via.c | 21 | ||||
| -rw-r--r-- | sys/arch/i386/i386/via.c | 21 | ||||
| -rw-r--r-- | sys/arch/i386/pci/glxsb.c | 35 | ||||
| -rw-r--r-- | sys/dev/pci/hifn7751.c | 33 | ||||
| -rw-r--r-- | sys/dev/pci/hifn7751var.h | 3 | ||||
| -rw-r--r-- | sys/dev/pci/safe.c | 36 | ||||
| -rw-r--r-- | sys/dev/pci/safevar.h | 6 | ||||
| -rw-r--r-- | sys/dev/pci/ubsec.c | 33 | ||||
| -rw-r--r-- | sys/dev/pci/ubsecvar.h | 5 |
10 files changed, 29 insertions, 189 deletions
diff --git a/sys/arch/amd64/amd64/aesni.c b/sys/arch/amd64/amd64/aesni.c index 5823e55bb18..a8adc77bcfc 100644 --- a/sys/arch/amd64/amd64/aesni.c +++ b/sys/arch/amd64/amd64/aesni.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aesni.c,v 1.16 2010/11/15 14:48:17 mikeb Exp $ */ +/* $OpenBSD: aesni.c,v 1.17 2010/12/15 23:34:23 mikeb Exp $ */ /*- * Copyright (c) 2003 Jason Wright * Copyright (c) 2003, 2004 Theo de Raadt @@ -46,7 +46,6 @@ struct aesni_session { uint32_t ses_dkey[4 * (AES_MAXROUNDS + 1)]; uint32_t ses_klen; uint8_t ses_nonce[AESCTR_NONCESIZE]; - uint8_t ses_iv[EALG_MAX_BLOCK_LEN]; int ses_sid; struct swcr_data *ses_swd; LIST_ENTRY(aesni_session) @@ -155,7 +154,6 @@ aesni_newsession(u_int32_t *sidp, struct cryptoini *cri) switch (c->cri_alg) { case CRYPTO_AES_CBC: ses->ses_klen = c->cri_klen / 8; - arc4random_buf(ses->ses_iv, 16); fpu_kernel_enter(); aesni_set_key(ses, c->cri_key, ses->ses_klen); fpu_kernel_exit(); @@ -165,7 +163,6 @@ aesni_newsession(u_int32_t *sidp, struct cryptoini *cri) ses->ses_klen = c->cri_klen / 8 - AESCTR_NONCESIZE; bcopy(c->cri_key + ses->ses_klen, ses->ses_nonce, AESCTR_NONCESIZE); - arc4random_buf(ses->ses_iv, 8); fpu_kernel_enter(); aesni_set_key(ses, c->cri_key, ses->ses_klen); fpu_kernel_exit(); @@ -335,7 +332,7 @@ aesni_encdec(struct cryptop *crp, struct cryptodesc *crd, if (crd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(crd->crd_iv, iv, ivlen); else - bcopy(ses->ses_iv, iv, ivlen); + arc4random_buf(iv, ivlen); /* Do we need to write the IV */ if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { @@ -401,24 +398,6 @@ aesni_encdec(struct cryptop *crp, struct cryptodesc *crd, cuio_copyback((struct uio *)crp->crp_buf, crd->crd_skip, crd->crd_len, buf); - /* - * Copy out last block for use as next session IV for CBC, - * generate new IV for CTR. - */ - if (crd->crd_flags & CRD_F_ENCRYPT) { - if (crd->crd_alg == CRYPTO_AES_CBC) { - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - ses->ses_iv); - else - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - ses->ses_iv); - } else if (crd->crd_alg == CRYPTO_AES_CTR) - arc4random_buf(ses->ses_iv, ivlen); - } - out: bzero(buf, roundup(crd->crd_len, EALG_MAX_BLOCK_LEN)); return (err); diff --git a/sys/arch/amd64/amd64/via.c b/sys/arch/amd64/amd64/via.c index 59ce44ee457..3f1a3985db6 100644 --- a/sys/arch/amd64/amd64/via.c +++ b/sys/arch/amd64/amd64/via.c @@ -1,4 +1,4 @@ -/* $OpenBSD: via.c,v 1.7 2010/07/06 09:49:47 blambert Exp $ */ +/* $OpenBSD: via.c,v 1.8 2010/12/15 23:34:23 mikeb Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -64,7 +64,6 @@ void viac3_rnd(void *); struct viac3_session { u_int32_t ses_ekey[4 * (AES_MAXROUNDS + 1) + 4]; /* 128 bit aligned */ u_int32_t ses_dkey[4 * (AES_MAXROUNDS + 1) + 4]; /* 128 bit aligned */ - u_int8_t ses_iv[16]; /* 128 bit aligned */ u_int32_t ses_cw0; struct swcr_data *swd; int ses_klen; @@ -194,7 +193,6 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) cw0 |= C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW | C3_CRYPT_CWLO_NORMAL; - arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); ses->ses_klen = c->cri_klen; ses->ses_cw0 = cw0; @@ -374,7 +372,7 @@ viac3_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, if (crd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(crd->crd_iv, sc->op_iv, 16); else - bcopy(ses->ses_iv, sc->op_iv, 16); + arc4random_buf(sc->op_iv, 16); if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { if (crp->crp_flags & CRYPTO_F_IMBUF) @@ -428,21 +426,6 @@ viac3_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, bcopy(sc->op_buf, crp->crp_buf + crd->crd_skip, crd->crd_len); - /* copy out last block for use as next session IV */ - if (crd->crd_flags & CRD_F_ENCRYPT) { - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 16, 16, - ses->ses_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 16, 16, - ses->ses_iv); - else - bcopy(crp->crp_buf + crd->crd_skip + - crd->crd_len - 16, ses->ses_iv, 16); - } - if (sc->op_buf != NULL) { bzero(sc->op_buf, crd->crd_len); free(sc->op_buf, M_DEVBUF); diff --git a/sys/arch/i386/i386/via.c b/sys/arch/i386/i386/via.c index 580003946f2..19650e3b92f 100644 --- a/sys/arch/i386/i386/via.c +++ b/sys/arch/i386/i386/via.c @@ -1,4 +1,4 @@ -/* $OpenBSD: via.c,v 1.24 2010/07/06 09:49:47 blambert Exp $ */ +/* $OpenBSD: via.c,v 1.25 2010/12/15 23:34:23 mikeb Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -64,7 +64,6 @@ void viac3_rnd(void *); struct viac3_session { u_int32_t ses_ekey[4 * (AES_MAXROUNDS + 1) + 4]; /* 128 bit aligned */ u_int32_t ses_dkey[4 * (AES_MAXROUNDS + 1) + 4]; /* 128 bit aligned */ - u_int8_t ses_iv[16]; /* 128 bit aligned */ u_int32_t ses_cw0; struct swcr_data *swd; int ses_klen; @@ -195,7 +194,6 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) cw0 |= C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW | C3_CRYPT_CWLO_NORMAL; - arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); ses->ses_klen = c->cri_klen; ses->ses_cw0 = cw0; @@ -375,7 +373,7 @@ viac3_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, if (crd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(crd->crd_iv, sc->op_iv, 16); else - bcopy(ses->ses_iv, sc->op_iv, 16); + arc4random_buf(sc->op_iv, 16); if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { if (crp->crp_flags & CRYPTO_F_IMBUF) @@ -429,21 +427,6 @@ viac3_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, bcopy(sc->op_buf, crp->crp_buf + crd->crd_skip, crd->crd_len); - /* copy out last block for use as next session IV */ - if (crd->crd_flags & CRD_F_ENCRYPT) { - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 16, 16, - ses->ses_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 16, 16, - ses->ses_iv); - else - bcopy(crp->crp_buf + crd->crd_skip + - crd->crd_len - 16, ses->ses_iv, 16); - } - if (sc->op_buf != NULL) { bzero(sc->op_buf, crd->crd_len); free(sc->op_buf, M_DEVBUF); diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c index c1e52d45cf5..51c5cec9970 100644 --- a/sys/arch/i386/pci/glxsb.c +++ b/sys/arch/i386/pci/glxsb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glxsb.c,v 1.20 2010/09/20 02:46:50 deraadt Exp $ */ +/* $OpenBSD: glxsb.c,v 1.21 2010/12/15 23:34:23 mikeb Exp $ */ /* * Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org> @@ -150,7 +150,6 @@ struct glxsb_dma_map { }; struct glxsb_session { uint32_t ses_key[4]; - uint8_t ses_iv[SB_AES_BLOCK_SIZE]; int ses_klen; int ses_used; struct swcr_data *ses_swd_auth; @@ -417,7 +416,6 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri) break; } - arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); ses->ses_klen = c->cri_klen; /* Copy the key (Geode LX wants the primary key only) */ @@ -641,7 +639,7 @@ glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, { char *op_src, *op_dst; uint32_t op_psrc, op_pdst; - uint8_t op_iv[SB_AES_BLOCK_SIZE], *piv; + uint8_t op_iv[SB_AES_BLOCK_SIZE]; int err = 0; int len, tlen, xlen; int offset; @@ -671,7 +669,7 @@ glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, if (crd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(crd->crd_iv, op_iv, sizeof(op_iv)); else - bcopy(ses->ses_iv, op_iv, sizeof(op_iv)); + arc4random_buf(op_iv, sizeof(op_iv)); if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { if (crp->crp_flags & CRYPTO_F_IMBUF) @@ -704,7 +702,6 @@ glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, offset = 0; tlen = crd->crd_len; - piv = op_iv; /* Process the data in GLXSB_MAX_AES_LEN chunks */ while (tlen > 0) { @@ -740,26 +737,14 @@ glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, offset += len; tlen -= len; - if (tlen <= 0) { /* Ideally, just == 0 */ - /* Finished - put the IV in session IV */ - piv = ses->ses_iv; - } - - /* - * Copy out last block for use as next iteration/session IV. - * - * piv is set to op_iv[] before the loop starts, but is - * set to ses->ses_iv if we're going to exit the loop this - * time. - */ - if (crd->crd_flags & CRD_F_ENCRYPT) { - bcopy(op_dst + len - sizeof(op_iv), piv, sizeof(op_iv)); - } else { - /* Decryption, only need this if another iteration */ - if (tlen > 0) { - bcopy(op_src + len - sizeof(op_iv), piv, + if (tlen > 0) { + /* Copy out last block for use as next iteration */ + if (crd->crd_flags & CRD_F_ENCRYPT) + bcopy(op_dst + len - sizeof(op_iv), op_iv, + sizeof(op_iv)); + else + bcopy(op_src + len - sizeof(op_iv), op_iv, sizeof(op_iv)); - } } } diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c index 34918a52d48..37df7dab6fb 100644 --- a/sys/dev/pci/hifn7751.c +++ b/sys/dev/pci/hifn7751.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hifn7751.c,v 1.162 2010/07/05 11:07:56 blambert Exp $ */ +/* $OpenBSD: hifn7751.c,v 1.163 2010/12/15 23:34:23 mikeb Exp $ */ /* * Invertex AEON / Hifn 7751 driver @@ -1873,10 +1873,6 @@ hifn_newsession(u_int32_t *sidp, struct cryptoini *cri) case CRYPTO_DES_CBC: case CRYPTO_3DES_CBC: case CRYPTO_AES_CBC: - arc4random_buf(ses->hs_iv, - (c->cri_alg == CRYPTO_AES_CBC ? - HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH)); - /*FALLTHROUGH*/ case CRYPTO_ARC4: if (cry) return (EINVAL); @@ -2074,8 +2070,7 @@ hifn_process(struct cryptop *crp) if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(enccrd->crd_iv, cmd->iv, ivlen); else - bcopy(sc->sc_sessions[session].hs_iv, - cmd->iv, ivlen); + arc4random_buf(cmd->iv, ivlen); if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { @@ -2259,7 +2254,7 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, struct cryptop *crp = cmd->crp; struct cryptodesc *crd; struct mbuf *m; - int totlen, i, u, ivlen; + int totlen, i, u; if (cmd->src_map == cmd->dst_map) bus_dmamap_sync(sc->sc_dmat, cmd->src_map, @@ -2322,28 +2317,6 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, hifnstats.hst_obytes += cmd->dst_map->dm_mapsize; - if ((cmd->base_masks & (HIFN_BASE_CMD_CRYPT | HIFN_BASE_CMD_DECODE)) == - HIFN_BASE_CMD_CRYPT) { - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { - if (crd->crd_alg != CRYPTO_DES_CBC && - crd->crd_alg != CRYPTO_3DES_CBC && - crd->crd_alg != CRYPTO_AES_CBC) - continue; - ivlen = ((crd->crd_alg == CRYPTO_AES_CBC) ? - HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH); - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - cmd->softc->sc_sessions[cmd->session_num].hs_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) { - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - cmd->softc->sc_sessions[cmd->session_num].hs_iv); - } - break; - } - } - if (cmd->base_masks & HIFN_BASE_CMD_MAC) { u_int8_t *macbuf; diff --git a/sys/dev/pci/hifn7751var.h b/sys/dev/pci/hifn7751var.h index 64918d472db..9497967ea17 100644 --- a/sys/dev/pci/hifn7751var.h +++ b/sys/dev/pci/hifn7751var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hifn7751var.h,v 1.52 2004/01/20 21:01:55 jason Exp $ */ +/* $OpenBSD: hifn7751var.h,v 1.53 2010/12/15 23:34:23 mikeb Exp $ */ /* * Invertex AEON / Hifn 7751 driver @@ -104,7 +104,6 @@ struct hifn_dma { struct hifn_session { int hs_used; - u_int8_t hs_iv[HIFN_MAX_IV_LENGTH]; }; #define HIFN_RING_SYNC(sc, r, i, f) \ diff --git a/sys/dev/pci/safe.c b/sys/dev/pci/safe.c index 98111ccf67a..c42994381e2 100644 --- a/sys/dev/pci/safe.c +++ b/sys/dev/pci/safe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: safe.c,v 1.29 2010/07/02 02:40:16 blambert Exp $ */ +/* $OpenBSD: safe.c,v 1.30 2010/12/15 23:34:23 mikeb Exp $ */ /*- * Copyright (c) 2003 Sam Leffler, Errno Consulting @@ -472,7 +472,8 @@ safe_process(struct cryptop *crp) if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(enccrd->crd_iv, iv, ivsize); else - bcopy(ses->ses_iv, iv, ivsize); + arc4random_buf(iv, ivsize); + if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { if (crp->crp_flags & CRYPTO_F_IMBUF) m_copyback(re->re_src_m, @@ -485,7 +486,6 @@ safe_process(struct cryptop *crp) for (i = 0; i < ivsize / sizeof(iv[0]); i++) re->re_sastate.sa_saved_iv[i] = htole32(iv[i]); cmd0 |= SAFE_SA_CMD0_IVLD_STATE | SAFE_SA_CMD0_SAVEIV; - re->re_flags |= SAFE_QFLAGS_COPYOUTIV; } else { cmd0 |= SAFE_SA_CMD0_INBOUND; @@ -1362,9 +1362,6 @@ safe_newsession(u_int32_t *sidp, struct cryptoini *cri) ses->ses_used = 1; if (encini) { - /* get an IV */ - arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); - ses->ses_klen = encini->cri_klen; bcopy(encini->cri_key, ses->ses_key, ses->ses_klen / 8); @@ -1675,33 +1672,6 @@ safe_callback(struct safe_softc *sc, struct safe_ringentry *re) crp->crp_buf = (caddr_t)re->re_dst_m; } - if (re->re_flags & SAFE_QFLAGS_COPYOUTIV) { - /* copy out IV for future use */ - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { - int ivsize; - - if (crd->crd_alg == CRYPTO_DES_CBC || - crd->crd_alg == CRYPTO_3DES_CBC) { - ivsize = 2*sizeof(u_int32_t); - } else if (crd->crd_alg == CRYPTO_AES_CBC) { - ivsize = 4*sizeof(u_int32_t); - } else - continue; - if (crp->crp_flags & CRYPTO_F_IMBUF) { - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivsize, - ivsize, - (caddr_t) sc->sc_sessions[re->re_sesn].ses_iv); - } else if (crp->crp_flags & CRYPTO_F_IOV) { - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivsize, - ivsize, - (caddr_t)sc->sc_sessions[re->re_sesn].ses_iv); - } - break; - } - } - if (re->re_flags & SAFE_QFLAGS_COPYOUTICV) { /* copy out ICV result */ for (crd = crp->crp_desc; crd; crd = crd->crd_next) { diff --git a/sys/dev/pci/safevar.h b/sys/dev/pci/safevar.h index ebe859d1dc5..d7a83de438a 100644 --- a/sys/dev/pci/safevar.h +++ b/sys/dev/pci/safevar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: safevar.h,v 1.7 2010/08/27 15:02:12 deraadt Exp $ */ +/* $OpenBSD: safevar.h,v 1.8 2010/12/15 23:34:23 mikeb Exp $ */ /*- * Copyright (c) 2003 Sam Leffler, Errno Consulting @@ -113,8 +113,7 @@ struct safe_ringentry { int re_sesn; /* crypto session ID */ int re_flags; -#define SAFE_QFLAGS_COPYOUTIV 0x1 /* copy back on completion */ -#define SAFE_QFLAGS_COPYOUTICV 0x2 /* copy back on completion */ +#define SAFE_QFLAGS_COPYOUTICV 0x1 /* copy back on completion */ }; #define re_src_m re_src.u.m @@ -139,7 +138,6 @@ struct safe_session { u_int32_t ses_key[8]; /* DES/3DES/AES key */ u_int32_t ses_hminner[5]; /* hmac inner state */ u_int32_t ses_hmouter[5]; /* hmac outer state */ - u_int32_t ses_iv[4]; /* DES/3DES/AES iv */ }; struct safe_pkq { diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index 9a75dc320d4..1311358e826 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsec.c,v 1.147 2010/07/02 02:40:16 blambert Exp $ */ +/* $OpenBSD: ubsec.c,v 1.148 2010/12/15 23:34:23 mikeb Exp $ */ /* * Copyright (c) 2000 Jason L. Wright (jason@thought.net) @@ -711,9 +711,6 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) bzero(ses, sizeof(struct ubsec_session)); ses->ses_used = 1; if (encini) { - /* get an IV, network byte order */ - arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); - /* Go ahead and compute key in ubsec's byte order */ if (encini->cri_alg == CRYPTO_AES_CBC) { bcopy(encini->cri_key, ses->ses_key, @@ -944,14 +941,10 @@ ubsec_process(struct cryptop *crp) encoffset = enccrd->crd_skip; if (enccrd->crd_flags & CRD_F_ENCRYPT) { - q->q_flags |= UBSEC_QFLAGS_COPYOUTIV; - if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(enccrd->crd_iv, key.ses_iv, ivlen); - else { - for (i = 0; i < (ivlen / 4); i++) - key.ses_iv[i] = ses->ses_iv[i]; - } + else + arc4random_buf(key.ses_iv, ivlen); if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { if (crp->crp_flags & CRYPTO_F_IMBUF) @@ -1436,26 +1429,6 @@ ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q) crp->crp_buf = (caddr_t)q->q_dst_m; } - /* copy out IV for future use */ - if (q->q_flags & UBSEC_QFLAGS_COPYOUTIV) { - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { - if (crd->crd_alg != CRYPTO_DES_CBC && - crd->crd_alg != CRYPTO_3DES_CBC && - crd->crd_alg != CRYPTO_AES_CBC) - continue; - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 8, 8, - (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) { - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 8, 8, - (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); - } - break; - } - } - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { if (crd->crd_alg != CRYPTO_MD5_HMAC && crd->crd_alg != CRYPTO_SHA1_HMAC) diff --git a/sys/dev/pci/ubsecvar.h b/sys/dev/pci/ubsecvar.h index 6e3ae4c87f7..92871778b9e 100644 --- a/sys/dev/pci/ubsecvar.h +++ b/sys/dev/pci/ubsecvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsecvar.h,v 1.38 2009/03/27 13:31:30 reyk Exp $ */ +/* $OpenBSD: ubsecvar.h,v 1.39 2010/12/15 23:34:23 mikeb Exp $ */ /* * Copyright (c) 2000 Theo de Raadt @@ -152,7 +152,6 @@ struct ubsec_q { bus_dmamap_t q_dst_map; int q_sesn; - int q_flags; }; struct ubsec_softc { @@ -185,8 +184,6 @@ struct ubsec_softc { SIMPLEQ_HEAD(,ubsec_q2) sc_q2free; /* free list */ }; -#define UBSEC_QFLAGS_COPYOUTIV 0x1 - struct ubsec_session { u_int32_t ses_used; u_int32_t ses_key[8]; /* 3DES/AES key */ |