Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dev/pci Merge updates from OpenBSD's hifn(4) crypto dece...
details: https://anonhg.NetBSD.org/src/rev/681bf802e76c
branches: trunk
changeset: 972139:681bf802e76c
user: riastradh <riastradh%NetBSD.org@localhost>
date: Sun May 17 00:52:31 2020 +0000
description:
Merge updates from OpenBSD's hifn(4) crypto decelerator driver.
Highlights:
- Apply a ten-year-old fix to the driver's misuse of previously
exposed ciphertext as IV for the next ciphertext with CBC.
(Someone^TM should make sure there are no other drivers still doing
this...)
- Various zeroing of buffers.
- Various minor cosmetic changes.
diffstat:
sys/dev/pci/hifn7751.c | 129 ++++++++++++++-------------------------------
sys/dev/pci/hifn7751var.h | 48 ++++++----------
2 files changed, 58 insertions(+), 119 deletions(-)
diffs (truncated from 473 to 300 lines):
diff -r 7fa0e1a1ffdd -r 681bf802e76c sys/dev/pci/hifn7751.c
--- a/sys/dev/pci/hifn7751.c Sun May 17 00:51:27 2020 +0000
+++ b/sys/dev/pci/hifn7751.c Sun May 17 00:52:31 2020 +0000
@@ -1,6 +1,5 @@
-/* $NetBSD: hifn7751.c,v 1.69 2020/05/17 00:50:24 riastradh Exp $ */
-/* $FreeBSD: hifn7751.c,v 1.5.2.7 2003/10/08 23:52:00 sam Exp $ */
-/* $OpenBSD: hifn7751.c,v 1.140 2003/08/01 17:55:54 deraadt Exp $ */
+/* $NetBSD: hifn7751.c,v 1.70 2020/05/17 00:52:31 riastradh Exp $ */
+/* $OpenBSD: hifn7751.c,v 1.179 2020/01/11 21:34:03 cheloha Exp $ */
/*
* Invertex AEON / Hifn 7751 driver
@@ -44,11 +43,11 @@
*/
/*
- * Driver for various Hifn pre-HIPP encryption processors.
+ * Driver for various Hifn encryption processors.
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hifn7751.c,v 1.69 2020/05/17 00:50:24 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hifn7751.c,v 1.70 2020/05/17 00:52:31 riastradh Exp $");
#include <sys/param.h>
#include <sys/cprng.h>
@@ -179,7 +178,6 @@
"Hifn 7956",
},
-
{ 0, 0,
0,
NULL
@@ -810,7 +808,7 @@
}, {
/*
* Other vendors share this PCI ID as well, such as
- * http://www.powercrypt.com, and obviously they also
+ * powercrypt, and obviously they also
* use the same key.
*/
PCI_VENDOR_HIFN,
@@ -831,7 +829,7 @@
uint32_t dmacfg, ramcfg, encl, addr, i;
const char *offtbl = NULL;
- for (i = 0; i < sizeof(pci2id)/sizeof(pci2id[0]); i++) {
+ for (i = 0; i < __arraycount(pci2id); i++) {
if (pci2id[i].pci_vendor == PCI_VENDOR(pciid) &&
pci2id[i].pci_prod == PCI_PRODUCT(pciid)) {
offtbl = pci2id[i].card_id;
@@ -1229,7 +1227,6 @@
printf("%s: writeramaddr -- "
"result[%d](addr %d) still valid\n",
device_xname(sc->sc_dv), resi, addr);
- r = -1;
return (-1);
} else
r = 0;
@@ -1375,7 +1372,7 @@
base_cmd->total_dest_count = htole16(dlen & HIFN_BASE_CMD_LENMASK_LO);
dlen >>= 16;
slen >>= 16;
- base_cmd->session_num = htole16(cmd->session_num |
+ base_cmd->session_num = htole16(
((slen << HIFN_BASE_CMD_SRCLEN_S) & HIFN_BASE_CMD_SRCLEN_M) |
((dlen << HIFN_BASE_CMD_DSTLEN_S) & HIFN_BASE_CMD_DSTLEN_M));
buf_pos += sizeof(struct hifn_base_command);
@@ -2045,9 +2042,8 @@
return retval;
mutex_spin_enter(&sc->sc_mtx);
-
for (i = 0; i < sc->sc_maxses; i++)
- if (sc->sc_sessions[i].hs_state == HS_STATE_FREE)
+ if (isclr(sc->sc_sessions, i))
break;
if (i == sc->sc_maxses) {
retval = ENOMEM;
@@ -2068,10 +2064,6 @@
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
case CRYPTO_AES_CBC:
- cprng_fast(sc->sc_sessions[i].hs_iv,
- c->cri_alg == CRYPTO_AES_CBC ?
- HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH);
- /*FALLTHROUGH*/
case CRYPTO_ARC4:
if (cry) {
goto out;
@@ -2103,7 +2095,7 @@
}
*sidp = HIFN_SID(device_unit(sc->sc_dv), i);
- sc->sc_sessions[i].hs_state = HS_STATE_USED;
+ setbit(sc->sc_sessions, i);
retval = 0;
out:
@@ -2133,8 +2125,7 @@
mutex_spin_exit(&sc->sc_mtx);
return (EINVAL);
}
-
- memset(&sc->sc_sessions[session], 0, sizeof(sc->sc_sessions[session]));
+ clrbit(sc->sc_sessions, session);
mutex_spin_exit(&sc->sc_mtx);
return (0);
}
@@ -2144,7 +2135,7 @@
{
struct hifn_softc *sc = arg;
struct hifn_command *cmd = NULL;
- int session, err, ivlen;
+ int session, err = 0, ivlen;
struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
if (crp == NULL || crp->crp_callback == NULL) {
@@ -2154,14 +2145,12 @@
mutex_spin_enter(&sc->sc_mtx);
session = HIFN_SESSION(crp->crp_sid);
-
- if (sc == NULL || session >= sc->sc_maxses) {
+ if (session >= sc->sc_maxses) {
err = EINVAL;
goto errout;
}
- cmd = (struct hifn_command *)malloc(sizeof(struct hifn_command),
- M_DEVBUF, M_NOWAIT|M_ZERO);
+ cmd = malloc(sizeof(*cmd), M_DEVBUF, M_NOWAIT | M_ZERO);
if (cmd == NULL) {
hifnstats.hst_nomem++;
err = ENOMEM;
@@ -2203,7 +2192,7 @@
enccrd = crd1;
#ifdef CRYPTO_LZS_COMP
} else if (crd1->crd_alg == CRYPTO_LZS_COMP) {
- return (hifn_compression(sc, crp, cmd));
+ return (hifn_compression(sc, crp, cmd));
#endif
} else {
err = EINVAL;
@@ -2248,10 +2237,6 @@
switch (enccrd->crd_alg) {
case CRYPTO_ARC4:
cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_RC4;
- if ((enccrd->crd_flags & CRD_F_ENCRYPT)
- != sc->sc_sessions[session].hs_prev_op)
- sc->sc_sessions[session].hs_state =
- HS_STATE_USED;
break;
case CRYPTO_DES_CBC:
cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_DES |
@@ -2279,8 +2264,7 @@
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
memcpy(cmd->iv, enccrd->crd_iv, ivlen);
else
- bcopy(sc->sc_sessions[session].hs_iv,
- cmd->iv, ivlen);
+ cprng_fast(cmd->iv, ivlen);
if ((enccrd->crd_flags & CRD_F_IV_PRESENT)
== 0) {
@@ -2301,12 +2285,14 @@
enccrd->crd_inject, ivlen, cmd->iv);
else if (crp->crp_flags & CRYPTO_F_IOV)
cuio_copydata(cmd->srcu.src_io,
- enccrd->crd_inject, ivlen, cmd->iv);
+ enccrd->crd_inject,
+ ivlen, cmd->iv);
}
}
cmd->ck = enccrd->crd_key;
cmd->cklen = enccrd->crd_klen >> 3;
+ cmd->cry_masks |= HIFN_CRYPT_CMD_NEW_KEY;
/*
* Need to specify the size for the AES key in the masks.
@@ -2328,9 +2314,6 @@
goto errout;
}
}
-
- if (sc->sc_sessions[session].hs_state == HS_STATE_USED)
- cmd->cry_masks |= HIFN_CRYPT_CMD_NEW_KEY;
}
if (maccrd) {
@@ -2360,9 +2343,8 @@
break;
}
- if ((maccrd->crd_alg == CRYPTO_SHA1_HMAC_96 ||
- maccrd->crd_alg == CRYPTO_MD5_HMAC_96) &&
- sc->sc_sessions[session].hs_state == HS_STATE_USED) {
+ if (maccrd->crd_alg == CRYPTO_SHA1_HMAC_96 ||
+ maccrd->crd_alg == CRYPTO_MD5_HMAC_96) {
cmd->mac_masks |= HIFN_MAC_CMD_NEW_KEY;
memcpy(cmd->mac, maccrd->crd_key, maccrd->crd_klen >> 3);
memset(cmd->mac + (maccrd->crd_klen >> 3), 0,
@@ -2376,12 +2358,6 @@
err = hifn_crypto(sc, cmd, crp, hint);
if (err == 0) {
- if (enccrd)
- sc->sc_sessions[session].hs_prev_op =
- enccrd->crd_flags & CRD_F_ENCRYPT;
- if (sc->sc_sessions[session].hs_state == HS_STATE_USED)
- sc->sc_sessions[session].hs_state = HS_STATE_KEY;
- mutex_spin_exit(&sc->sc_mtx);
return 0;
} else if (err == ERESTART) {
/*
@@ -2400,8 +2376,10 @@
}
errout:
- if (cmd != NULL)
+ if (cmd != NULL) {
+ explicit_memset(cmd, 0, sizeof(*cmd));
free(cmd, M_DEVBUF);
+ }
if (err == EINVAL)
hifnstats.hst_invalid++;
else
@@ -2465,6 +2443,7 @@
bus_dmamap_unload(sc->sc_dmat, cmd->src_map);
bus_dmamap_destroy(sc->sc_dmat, cmd->src_map);
+ explicit_memset(cmd, 0, sizeof(*cmd));
free(cmd, M_DEVBUF);
if (crp->crp_etype != EAGAIN)
crypto_done(crp);
@@ -2476,11 +2455,6 @@
}
dma->resk = i; dma->resu = u;
- /* Force upload of key next time */
- for (i = 0; i < sc->sc_maxses; i++)
- if (sc->sc_sessions[i].hs_state == HS_STATE_KEY)
- sc->sc_sessions[i].hs_state = HS_STATE_USED;
-
hifn_reset_board(sc, 1);
hifn_init_dma(sc);
hifn_init_pci_registers(sc);
@@ -2493,7 +2467,7 @@
struct cryptop *crp = cmd->crp;
struct cryptodesc *crd;
struct mbuf *m;
- int totlen, i, u, ivlen;
+ int totlen, i, u;
if (cmd->src_map == cmd->dst_map)
bus_dmamap_sync(sc->sc_dmat, cmd->src_map,
@@ -2527,11 +2501,11 @@
if (crp->crp_flags & CRYPTO_F_IMBUF)
m_copyback((struct mbuf *)crp->crp_buf,
cmd->src_map->dm_mapsize - cmd->sloplen,
- cmd->sloplen, (void *)&dma->slop[cmd->slopidx]);
+ cmd->sloplen, &dma->slop[cmd->slopidx]);
else if (crp->crp_flags & CRYPTO_F_IOV)
cuio_copyback((struct uio *)crp->crp_buf,
cmd->src_map->dm_mapsize - cmd->sloplen,
- cmd->sloplen, (void *)&dma->slop[cmd->slopidx]);
+ cmd->sloplen, &dma->slop[cmd->slopidx]);
}
i = dma->dstk; u = dma->dstu;
@@ -2555,31 +2529,6 @@
hifnstats.hst_obytes += cmd->dst_map->dm_mapsize;
- if ((cmd->base_masks & (HIFN_BASE_CMD_CRYPT | HIFN_BASE_CMD_DECODE)) ==
- HIFN_BASE_CMD_CRYPT) {
- for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
- if (crd->crd_alg != CRYPTO_DES_CBC &&
- crd->crd_alg != CRYPTO_3DES_CBC &&
- crd->crd_alg != CRYPTO_AES_CBC)
- continue;
- ivlen = ((crd->crd_alg == CRYPTO_AES_CBC) ?
- HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH);
- if (crp->crp_flags & CRYPTO_F_IMBUF)
- m_copydata((struct mbuf *)crp->crp_buf,
- crd->crd_skip + crd->crd_len - ivlen,
- ivlen,
- cmd->softc->sc_sessions[cmd->session_num].hs_iv);
- else if (crp->crp_flags & CRYPTO_F_IOV) {
- cuio_copydata((struct uio *)crp->crp_buf,
- crd->crd_skip + crd->crd_len - ivlen,
- ivlen,
- cmd->softc->sc_sessions[cmd->session_num].hs_iv);
- }
- /* XXX We do not handle contig data */
- break;
- }
- }
Home |
Main Index |
Thread Index |
Old Index