Date: Fri, 19 Sep 2014 06:28:24 GMT From: John-Mark Gurney <jmg@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 1200499 for review Message-ID: <201409190628.s8J6SOdH008392@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@1200499?ac=10 Change 1200499 by jmg@jmg_carbon2 on 2014/09/19 06:28:20 don't directly return, set error and goto out so that we can clean up properly... Move the IV initalization to a common location, and generate a random one when one isn't provided... Previous two items were caught by rrs and friends at Netflix... enforce that both ICM and GCM have an explicit IV... only schedule the decryption key when used... Sponsored by: FreeBSD Foundation Sponsored by: Rubicon Communications, LLC (Netgate) Affected files ... .. //depot/projects/opencrypto/sys/crypto/aesni/aesni.c#8 edit .. //depot/projects/opencrypto/sys/crypto/aesni/aesni_wrap.c#4 edit Differences ... ==== //depot/projects/opencrypto/sys/crypto/aesni/aesni.c#8 (text+ko) ==== @@ -326,7 +326,8 @@ break; default: - return (EINVAL); + error = EINVAL; + goto out; } } @@ -462,7 +463,8 @@ encflag = (enccrd->crd_flags & CRD_F_ENCRYPT) == CRD_F_ENCRYPT; - if (enccrd->crd_alg == CRYPTO_AES_ICM && + if ((enccrd->crd_alg == CRYPTO_AES_ICM || + enccrd->crd_alg == CRYPTO_AES_NIST_GCM_16) && (enccrd->crd_flags & CRD_F_IV_EXPLICIT) == 0) return (EINVAL); @@ -513,6 +515,8 @@ if (encflag) { if ((enccrd->crd_flags & CRD_F_IV_EXPLICIT) != 0) bcopy(enccrd->crd_iv, ses->iv, ivlen); + else + arc4rand(ses->iv, ivlen, 0); if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) crypto_copyback(crp->crp_flags, crp->crp_buf, enccrd->crd_inject, ivlen, ses->iv); ==== //depot/projects/opencrypto/sys/crypto/aesni/aesni_wrap.c#4 (text+ko) ==== @@ -438,11 +438,16 @@ aesni_cipher_setup_common(struct aesni_session *ses, const uint8_t *key, int keylen) { + int decsched; + + decsched = 1; switch (ses->algo) { - case CRYPTO_AES_CBC: case CRYPTO_AES_ICM: case CRYPTO_AES_NIST_GCM_16: + decsched = 0; + /* FALLTHROUGH */ + case CRYPTO_AES_CBC: switch (keylen) { case 128: ses->rounds = AES128_ROUNDS; @@ -476,12 +481,11 @@ } aesni_set_enckey(key, ses->enc_schedule, ses->rounds); - aesni_set_deckey(ses->enc_schedule, ses->dec_schedule, ses->rounds); + if (decsched) + aesni_set_deckey(ses->enc_schedule, ses->dec_schedule, + ses->rounds); - /* setup IV */ - if (ses->algo == CRYPTO_AES_CBC || ses->algo == CRYPTO_AES_NIST_GCM_16) - arc4rand(ses->iv, sizeof(ses->iv), 0); - else if (ses->algo == CRYPTO_AES_XTS) + if (ses->algo == CRYPTO_AES_XTS) aesni_set_enckey(key + keylen / 16, ses->xts_schedule, ses->rounds);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409190628.s8J6SOdH008392>