Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/arch/x86/x86 padlock(4): Don't use prev msg's last block...
details: https://anonhg.NetBSD.org/src/rev/2d9a90a3710e
branches: trunk
changeset: 972976:2d9a90a3710e
user: riastradh <riastradh%NetBSD.org@localhost>
date: Sun Jun 14 23:20:15 2020 +0000
description:
padlock(4): Don't use prev msg's last block as IV for next msg in CBC.
This violates the security contract of the CBC construction, which
requires that the IV be unpredictable in advance; an adaptive adversary
can exploit this to verify plaintext guesses.
XXX Compile-tested only.
diffstat:
sys/arch/x86/x86/via_padlock.c | 22 +++-------------------
1 files changed, 3 insertions(+), 19 deletions(-)
diffs (58 lines):
diff -r 374379490497 -r 2d9a90a3710e sys/arch/x86/x86/via_padlock.c
--- a/sys/arch/x86/x86/via_padlock.c Sun Jun 14 23:19:11 2020 +0000
+++ b/sys/arch/x86/x86/via_padlock.c Sun Jun 14 23:20:15 2020 +0000
@@ -1,5 +1,5 @@
/* $OpenBSD: via.c,v 1.8 2006/11/17 07:47:56 tom Exp $ */
-/* $NetBSD: via_padlock.c,v 1.28 2020/03/07 13:28:45 maya Exp $ */
+/* $NetBSD: via_padlock.c,v 1.29 2020/06/14 23:20:15 riastradh Exp $ */
/*-
* Copyright (c) 2003 Jason Wright
@@ -20,7 +20,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: via_padlock.c,v 1.28 2020/03/07 13:28:45 maya Exp $");
+__KERNEL_RCSID(0, "$NetBSD: via_padlock.c,v 1.29 2020/06/14 23:20:15 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -191,7 +191,6 @@
C3_CRYPT_CWLO_KEYGEN_SW |
C3_CRYPT_CWLO_NORMAL;
- cprng_fast(ses->ses_iv, sizeof(ses->ses_iv));
ses->ses_klen = c->cri_klen;
ses->ses_cw0 = cw0;
@@ -384,7 +383,7 @@
if (crd->crd_flags & CRD_F_IV_EXPLICIT)
memcpy(sc->op_iv, crd->crd_iv, 16);
else
- memcpy(sc->op_iv, ses->ses_iv, 16);
+ cprng_fast(sc->op_iv, 16);
if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) {
if (crp->crp_flags & CRYPTO_F_IMBUF)
@@ -439,21 +438,6 @@
memcpy((char *)crp->crp_buf + crd->crd_skip, sc->op_buf,
crd->crd_len);
- /* copy out last block for use as next session IV */
- if (crd->crd_flags & CRD_F_ENCRYPT) {
- if (crp->crp_flags & CRYPTO_F_IMBUF)
- m_copydata((struct mbuf *)crp->crp_buf,
- crd->crd_skip + crd->crd_len - 16, 16,
- ses->ses_iv);
- else if (crp->crp_flags & CRYPTO_F_IOV)
- cuio_copydata((struct uio *)crp->crp_buf,
- crd->crd_skip + crd->crd_len - 16, 16,
- ses->ses_iv);
- else
- memcpy(ses->ses_iv, (char *)crp->crp_buf +
- crd->crd_skip + crd->crd_len - 16, 16);
- }
-
if (sc->op_buf != NULL) {
memset(sc->op_buf, 0, crd->crd_len);
free(sc->op_buf, M_DEVBUF);
Home |
Main Index |
Thread Index |
Old Index