From owner-svn-src-all@freebsd.org Tue Oct 6 18:07:53 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6A48B43846A; Tue, 6 Oct 2020 18:07:53 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C5QRs27kZz3Vr1; Tue, 6 Oct 2020 18:07:53 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2821EA973; Tue, 6 Oct 2020 18:07:53 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 096I7r1W078929; Tue, 6 Oct 2020 18:07:53 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 096I7riR078928; Tue, 6 Oct 2020 18:07:53 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202010061807.096I7riR078928@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Tue, 6 Oct 2020 18:07:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r366493 - head/sys/opencrypto X-SVN-Group: head X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: head/sys/opencrypto X-SVN-Commit-Revision: 366493 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2020 18:07:53 -0000 Author: jhb Date: Tue Oct 6 18:07:52 2020 New Revision: 366493 URL: https://svnweb.freebsd.org/changeset/base/366493 Log: Simplify swcr_authcompute() after removal of deprecated algorithms. - Just use sw->octx != NULL to handle the HMAC case when finalizing the MAC. - Explicitly zero the on-stack auth context. Reviewed by: markj Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D26688 Modified: head/sys/opencrypto/cryptosoft.c Modified: head/sys/opencrypto/cryptosoft.c ============================================================================== --- head/sys/opencrypto/cryptosoft.c Tue Oct 6 18:02:33 2020 (r366492) +++ head/sys/opencrypto/cryptosoft.c Tue Oct 6 18:07:52 2020 (r366493) @@ -341,7 +341,7 @@ swcr_authcompute(struct swcr_session *ses, struct cryp err = crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length, axf->Update, &ctx); if (err) - return err; + goto out; if (CRYPTO_HAS_OUTPUT_BUFFER(crp) && CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) @@ -352,38 +352,13 @@ swcr_authcompute(struct swcr_session *ses, struct cryp err = crypto_apply(crp, crp->crp_payload_start, crp->crp_payload_length, axf->Update, &ctx); if (err) - return err; + goto out; - switch (axf->type) { - case CRYPTO_SHA1: - case CRYPTO_SHA2_224: - case CRYPTO_SHA2_256: - case CRYPTO_SHA2_384: - case CRYPTO_SHA2_512: - axf->Final(aalg, &ctx); - break; - - case CRYPTO_SHA1_HMAC: - case CRYPTO_SHA2_224_HMAC: - case CRYPTO_SHA2_256_HMAC: - case CRYPTO_SHA2_384_HMAC: - case CRYPTO_SHA2_512_HMAC: - case CRYPTO_RIPEMD160_HMAC: - if (sw->sw_octx == NULL) - return EINVAL; - - axf->Final(aalg, &ctx); + axf->Final(aalg, &ctx); + if (sw->sw_octx != NULL) { bcopy(sw->sw_octx, &ctx, axf->ctxsize); axf->Update(&ctx, aalg, axf->hashsize); axf->Final(aalg, &ctx); - break; - - case CRYPTO_BLAKE2B: - case CRYPTO_BLAKE2S: - case CRYPTO_NULL_HMAC: - case CRYPTO_POLY1305: - axf->Final(aalg, &ctx); - break; } if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { @@ -398,6 +373,8 @@ swcr_authcompute(struct swcr_session *ses, struct cryp crypto_copyback(crp, crp->crp_digest_start, sw->sw_mlen, aalg); } explicit_bzero(aalg, sizeof(aalg)); +out: + explicit_bzero(&ctx, sizeof(ctx)); return (err); }