D33198.diff
No OneTemporary
Actions

Size

13 KB

Referenced Files

None

Subscribers

None

D33198.diff
View Options

	diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
	--- a/sys/opencrypto/cryptosoft.c
	+++ b/sys/opencrypto/cryptosoft.c
	@@ -107,7 +107,8 @@
	unsigned char ivp, nivp, iv2[EALG_MAX_BLOCK_LEN];
	const struct crypto_session_params *csp;
	const struct enc_xform *exf;
	- struct swcr_encdec *sw;
	+ const struct swcr_encdec *sw;
	+ void *ctx;
	size_t inlen, outlen;
	int i, blks, resid;
	struct crypto_buffer_cursor cc_in, cc_out;
	@@ -135,12 +136,14 @@
	(crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0)
	return (EINVAL);

	+ ctx = __builtin_alloca(exf->ctxsize);
	if (crp->crp_cipher_key != NULL) {
	- error = exf->setkey(sw->sw_ctx,
	- crp->crp_cipher_key, csp->csp_cipher_klen);
	+ error = exf->setkey(ctx, crp->crp_cipher_key,
	+ csp->csp_cipher_klen);
	if (error)
	return (error);
	- }
	+ } else
	+ memcpy(ctx, sw->sw_ctx, exf->ctxsize);

	crypto_read_iv(crp, iv);

	@@ -149,7 +152,7 @@
	* xforms that provide a reinit method perform all IV
	* handling themselves.
	*/
	- exf->reinit(sw->sw_ctx, iv, csp->csp_ivlen);
	+ exf->reinit(ctx, iv, csp->csp_ivlen);
	}

	ivp = iv;
	@@ -192,15 +195,15 @@
	*/
	if (exf->reinit != NULL) {
	if (encrypting)
	- exf->encrypt(sw->sw_ctx, inblk, outblk);
	+ exf->encrypt(ctx, inblk, outblk);
	else
	- exf->decrypt(sw->sw_ctx, inblk, outblk);
	+ exf->decrypt(ctx, inblk, outblk);
	} else if (encrypting) {
	/* XOR with previous block */
	for (i = 0; i < blks; i++)
	outblk[i] = inblk[i] ^ ivp[i];

	- exf->encrypt(sw->sw_ctx, outblk, outblk);
	+ exf->encrypt(ctx, outblk, outblk);

	/*
	* Keep encrypted block for XOR'ing
	@@ -216,7 +219,7 @@
	nivp = (ivp == iv) ? iv2 : iv;
	memcpy(nivp, inblk, blks);

	- exf->decrypt(sw->sw_ctx, inblk, outblk);
	+ exf->decrypt(ctx, inblk, outblk);

	/* XOR with previous block */
	for (i = 0; i < blks; i++)
	@@ -264,15 +267,16 @@
	if (outlen < resid)
	outblk = blk;
	if (encrypting)
	- exf->encrypt_last(sw->sw_ctx, inblk, outblk,
	+ exf->encrypt_last(ctx, inblk, outblk,
	resid);
	else
	- exf->decrypt_last(sw->sw_ctx, inblk, outblk,
	+ exf->decrypt_last(ctx, inblk, outblk,
	resid);
	if (outlen < resid)
	crypto_cursor_copyback(&cc_out, resid, blk);
	}

	+ explicit_bzero(ctx, exf->ctxsize);
	explicit_bzero(blk, sizeof(blk));
	explicit_bzero(iv, sizeof(iv));
	explicit_bzero(iv2, sizeof(iv2));
	@@ -466,9 +470,10 @@
	struct crypto_buffer_cursor cc_in, cc_out;
	const u_char *inblk;
	u_char *outblk;
	- struct swcr_auth *swa;
	- struct swcr_encdec *swe;
	+ const struct swcr_auth *swa;
	+ const struct swcr_encdec *swe;
	const struct enc_xform *exf;
	+ void *ctx;
	uint32_t *blkp;
	size_t len;
	int blksz, error, ivlen, r, resid;
	@@ -485,22 +490,24 @@

	ivlen = AES_GCM_IV_LEN;

	- /* Supply cipher with nonce. */
	+ ctx = __builtin_alloca(exf->ctxsize);
	if (crp->crp_cipher_key != NULL)
	- exf->setkey(swe->sw_ctx, crp->crp_cipher_key,
	+ exf->setkey(ctx, crp->crp_cipher_key,
	crypto_get_params(crp->crp_session)->csp_cipher_klen);
	- exf->reinit(swe->sw_ctx, crp->crp_iv, ivlen);
	+ else
	+ memcpy(ctx, swe->sw_ctx, exf->ctxsize);
	+ exf->reinit(ctx, crp->crp_iv, ivlen);

	/* Supply MAC with AAD */
	if (crp->crp_aad != NULL) {
	len = rounddown(crp->crp_aad_length, blksz);
	if (len != 0)
	- exf->update(swe->sw_ctx, crp->crp_aad, len);
	+ exf->update(ctx, crp->crp_aad, len);
	if (crp->crp_aad_length != len) {
	memset(blk, 0, blksz);
	memcpy(blk, (char *)crp->crp_aad + len,
	crp->crp_aad_length - len);
	- exf->update(swe->sw_ctx, blk, blksz);
	+ exf->update(ctx, blk, blksz);
	}
	} else {
	crypto_cursor_init(&cc_in, &crp->crp_buf);
	@@ -516,12 +523,12 @@
	crypto_cursor_copydata(&cc_in, len, blk);
	inblk = blk;
	}
	- exf->update(swe->sw_ctx, inblk, len);
	+ exf->update(ctx, inblk, len);
	}
	if (resid > 0) {
	memset(blk, 0, blksz);
	crypto_cursor_copydata(&cc_in, resid, blk);
	- exf->update(swe->sw_ctx, blk, blksz);
	+ exf->update(ctx, blk, blksz);
	}
	}

	@@ -545,23 +552,23 @@
	outblk = crypto_cursor_segment(&cc_out, &len);
	if (len < blksz)
	outblk = blk;
	- exf->encrypt(swe->sw_ctx, inblk, outblk);
	- exf->update(swe->sw_ctx, outblk, blksz);
	+ exf->encrypt(ctx, inblk, outblk);
	+ exf->update(ctx, outblk, blksz);
	if (outblk == blk)
	crypto_cursor_copyback(&cc_out, blksz, blk);
	else
	crypto_cursor_advance(&cc_out, blksz);
	} else {
	- exf->update(swe->sw_ctx, inblk, blksz);
	+ exf->update(ctx, inblk, blksz);
	}
	}
	if (resid > 0) {
	crypto_cursor_copydata(&cc_in, resid, blk);
	if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
	- exf->encrypt_last(swe->sw_ctx, blk, blk, resid);
	+ exf->encrypt_last(ctx, blk, blk, resid);
	crypto_cursor_copyback(&cc_out, resid, blk);
	}
	- exf->update(swe->sw_ctx, blk, resid);
	+ exf->update(ctx, blk, resid);
	}

	/* length block */
	@@ -570,10 +577,10 @@
	blkp = htobe32(crp->crp_aad_length 8);
	blkp = (uint32_t *)blk + 3;
	blkp = htobe32(crp->crp_payload_length 8);
	- exf->update(swe->sw_ctx, blk, blksz);
	+ exf->update(ctx, blk, blksz);

	/* Finalize MAC */
	- exf->final(tag, swe->sw_ctx);
	+ exf->final(tag, ctx);

	/* Validate tag */
	error = 0;
	@@ -603,7 +610,7 @@
	outblk = crypto_cursor_segment(&cc_out, &len);
	if (len < blksz)
	outblk = blk;
	- exf->decrypt(swe->sw_ctx, inblk, outblk);
	+ exf->decrypt(ctx, inblk, outblk);
	if (outblk == blk)
	crypto_cursor_copyback(&cc_out, blksz, blk);
	else
	@@ -611,7 +618,7 @@
	}
	if (resid > 0) {
	crypto_cursor_copydata(&cc_in, resid, blk);
	- exf->decrypt_last(swe->sw_ctx, blk, blk, resid);
	+ exf->decrypt_last(ctx, blk, blk, resid);
	crypto_cursor_copyback(&cc_out, resid, blk);
	}
	} else {
	@@ -620,6 +627,7 @@
	}

	out:
	+ explicit_bzero(ctx, exf->ctxsize);
	explicit_bzero(blkbuf, sizeof(blkbuf));
	explicit_bzero(tag, sizeof(tag));

	@@ -746,9 +754,10 @@
	struct crypto_buffer_cursor cc_in, cc_out;
	const u_char *inblk;
	u_char *outblk;
	- struct swcr_auth *swa;
	- struct swcr_encdec *swe;
	+ const struct swcr_auth *swa;
	+ const struct swcr_encdec *swe;
	const struct enc_xform *exf;
	+ void *ctx;
	size_t len;
	int blksz, error, ivlen, r, resid;

	@@ -768,36 +777,37 @@

	ivlen = csp->csp_ivlen;

	+ ctx = __builtin_alloca(exf->ctxsize);
	if (crp->crp_cipher_key != NULL)
	- exf->setkey(swe->sw_ctx, crp->crp_cipher_key,
	+ exf->setkey(ctx, crp->crp_cipher_key,
	crypto_get_params(crp->crp_session)->csp_cipher_klen);
	- exf->reinit(swe->sw_ctx, crp->crp_iv, ivlen);
	+ else
	+ memcpy(ctx, swe->sw_ctx, exf->ctxsize);
	+ exf->reinit(ctx, crp->crp_iv, ivlen);

	/* Supply MAC with b0. */
	_Static_assert(sizeof(blkbuf) >= CCM_CBC_BLOCK_LEN,
	"blkbuf too small for b0");
	build_ccm_b0(crp->crp_iv, ivlen, crp->crp_aad_length,
	crp->crp_payload_length, swa->sw_mlen, blk);
	- exf->update(swe->sw_ctx, blk, CCM_CBC_BLOCK_LEN);
	+ exf->update(ctx, blk, CCM_CBC_BLOCK_LEN);

	/* Supply MAC with AAD */
	if (crp->crp_aad_length != 0) {
	len = build_ccm_aad_length(crp->crp_aad_length, blk);
	- exf->update(swe->sw_ctx, blk, len);
	+ exf->update(ctx, blk, len);
	if (crp->crp_aad != NULL)
	- exf->update(swe->sw_ctx, crp->crp_aad,
	- crp->crp_aad_length);
	+ exf->update(ctx, crp->crp_aad, crp->crp_aad_length);
	else
	crypto_apply(crp, crp->crp_aad_start,
	- crp->crp_aad_length, exf->update,
	- swe->sw_ctx);
	+ crp->crp_aad_length, exf->update, ctx);

	/* Pad the AAD (including length field) to a full block. */
	len = (len + crp->crp_aad_length) % CCM_CBC_BLOCK_LEN;
	if (len != 0) {
	len = CCM_CBC_BLOCK_LEN - len;
	memset(blk, 0, CCM_CBC_BLOCK_LEN);
	- exf->update(swe->sw_ctx, blk, len);
	+ exf->update(ctx, blk, len);
	}
	}

	@@ -820,8 +830,8 @@
	outblk = crypto_cursor_segment(&cc_out, &len);
	if (len < blksz)
	outblk = blk;
	- exf->update(swe->sw_ctx, inblk, blksz);
	- exf->encrypt(swe->sw_ctx, inblk, outblk);
	+ exf->update(ctx, inblk, blksz);
	+ exf->encrypt(ctx, inblk, outblk);
	if (outblk == blk)
	crypto_cursor_copyback(&cc_out, blksz, blk);
	else
	@@ -835,24 +845,24 @@
	* the tag and a second time after the tag is
	* verified.
	*/
	- exf->decrypt(swe->sw_ctx, inblk, blk);
	- exf->update(swe->sw_ctx, blk, blksz);
	+ exf->decrypt(ctx, inblk, blk);
	+ exf->update(ctx, blk, blksz);
	}
	}
	if (resid > 0) {
	crypto_cursor_copydata(&cc_in, resid, blk);
	if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
	- exf->update(swe->sw_ctx, blk, resid);
	- exf->encrypt_last(swe->sw_ctx, blk, blk, resid);
	+ exf->update(ctx, blk, resid);
	+ exf->encrypt_last(ctx, blk, blk, resid);
	crypto_cursor_copyback(&cc_out, resid, blk);
	} else {
	- exf->decrypt_last(swe->sw_ctx, blk, blk, resid);
	- exf->update(swe->sw_ctx, blk, resid);
	+ exf->decrypt_last(ctx, blk, blk, resid);
	+ exf->update(ctx, blk, resid);
	}
	}

	/* Finalize MAC */
	- exf->final(tag, swe->sw_ctx);
	+ exf->final(tag, ctx);

	/* Validate tag */
	error = 0;
	@@ -870,7 +880,7 @@
	}

	/* tag matches, decrypt data */
	- exf->reinit(swe->sw_ctx, crp->crp_iv, ivlen);
	+ exf->reinit(ctx, crp->crp_iv, ivlen);
	crypto_cursor_init(&cc_in, &crp->crp_buf);
	crypto_cursor_advance(&cc_in, crp->crp_payload_start);
	for (resid = crp->crp_payload_length; resid > blksz;
	@@ -884,7 +894,7 @@
	outblk = crypto_cursor_segment(&cc_out, &len);
	if (len < blksz)
	outblk = blk;
	- exf->decrypt(swe->sw_ctx, inblk, outblk);
	+ exf->decrypt(ctx, inblk, outblk);
	if (outblk == blk)
	crypto_cursor_copyback(&cc_out, blksz, blk);
	else
	@@ -892,7 +902,7 @@
	}
	if (resid > 0) {
	crypto_cursor_copydata(&cc_in, resid, blk);
	- exf->decrypt_last(swe->sw_ctx, blk, blk, resid);
	+ exf->decrypt_last(ctx, blk, blk, resid);
	crypto_cursor_copyback(&cc_out, resid, blk);
	}
	} else {
	@@ -901,6 +911,7 @@
	}

	out:
	+ explicit_bzero(ctx, exf->ctxsize);
	explicit_bzero(blkbuf, sizeof(blkbuf));
	explicit_bzero(tag, sizeof(tag));
	return (error);
	@@ -917,9 +928,10 @@
	const u_char *inblk;
	u_char *outblk;
	uint64_t *blkp;
	- struct swcr_auth *swa;
	- struct swcr_encdec *swe;
	+ const struct swcr_auth *swa;
	+ const struct swcr_encdec *swe;
	const struct enc_xform *exf;
	+ void *ctx;
	size_t len;
	int blksz, error, r, resid;

	@@ -934,23 +946,24 @@

	csp = crypto_get_params(crp->crp_session);

	+ ctx = __builtin_alloca(exf->ctxsize);
	if (crp->crp_cipher_key != NULL)
	- exf->setkey(swe->sw_ctx, crp->crp_cipher_key,
	+ exf->setkey(ctx, crp->crp_cipher_key,
	csp->csp_cipher_klen);
	- exf->reinit(swe->sw_ctx, crp->crp_iv, csp->csp_ivlen);
	+ else
	+ memcpy(ctx, swe->sw_ctx, exf->ctxsize);
	+ exf->reinit(ctx, crp->crp_iv, csp->csp_ivlen);

	/* Supply MAC with AAD */
	if (crp->crp_aad != NULL)
	- exf->update(swe->sw_ctx, crp->crp_aad,
	- crp->crp_aad_length);
	+ exf->update(ctx, crp->crp_aad, crp->crp_aad_length);
	else
	- crypto_apply(crp, crp->crp_aad_start,
	- crp->crp_aad_length, exf->update, swe->sw_ctx);
	+ crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length,
	+ exf->update, ctx);
	if (crp->crp_aad_length % 16 != 0) {
	/* padding1 */
	memset(blk, 0, 16);
	- exf->update(swe->sw_ctx, blk,
	- 16 - crp->crp_aad_length % 16);
	+ exf->update(ctx, blk, 16 - crp->crp_aad_length % 16);
	}

	/* Do encryption with MAC */
	@@ -972,27 +985,27 @@
	outblk = crypto_cursor_segment(&cc_out, &len);
	if (len < blksz)
	outblk = blk;
	- exf->encrypt(swe->sw_ctx, inblk, outblk);
	- exf->update(swe->sw_ctx, outblk, blksz);
	+ exf->encrypt(ctx, inblk, outblk);
	+ exf->update(ctx, outblk, blksz);
	if (outblk == blk)
	crypto_cursor_copyback(&cc_out, blksz, blk);
	else
	crypto_cursor_advance(&cc_out, blksz);
	} else {
	- exf->update(swe->sw_ctx, inblk, blksz);
	+ exf->update(ctx, inblk, blksz);
	}
	}
	if (resid > 0) {
	crypto_cursor_copydata(&cc_in, resid, blk);
	if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
	- exf->encrypt_last(swe->sw_ctx, blk, blk, resid);
	+ exf->encrypt_last(ctx, blk, blk, resid);
	crypto_cursor_copyback(&cc_out, resid, blk);
	}
	- exf->update(swe->sw_ctx, blk, resid);
	+ exf->update(ctx, blk, resid);
	if (resid % 16 != 0) {
	/* padding2 */
	memset(blk, 0, 16);
	- exf->update(swe->sw_ctx, blk, 16 - resid % 16);
	+ exf->update(ctx, blk, 16 - resid % 16);
	}
	}

	@@ -1000,10 +1013,10 @@
	blkp = (uint64_t *)blk;
	blkp[0] = htole64(crp->crp_aad_length);
	blkp[1] = htole64(crp->crp_payload_length);
	- exf->update(swe->sw_ctx, blk, sizeof(uint64_t) * 2);
	+ exf->update(ctx, blk, sizeof(uint64_t) * 2);

	/* Finalize MAC */
	- exf->final(tag, swe->sw_ctx);
	+ exf->final(tag, ctx);

	/* Validate tag */
	error = 0;
	@@ -1033,7 +1046,7 @@
	outblk = crypto_cursor_segment(&cc_out, &len);
	if (len < blksz)
	outblk = blk;
	- exf->decrypt(swe->sw_ctx, inblk, outblk);
	+ exf->decrypt(ctx, inblk, outblk);
	if (outblk == blk)
	crypto_cursor_copyback(&cc_out, blksz, blk);
	else
	@@ -1041,7 +1054,7 @@
	}
	if (resid > 0) {
	crypto_cursor_copydata(&cc_in, resid, blk);
	- exf->decrypt_last(swe->sw_ctx, blk, blk, resid);
	+ exf->decrypt_last(ctx, blk, blk, resid);
	crypto_cursor_copyback(&cc_out, resid, blk);
	}
	} else {
	@@ -1050,6 +1063,7 @@
	}

	out:
	+ explicit_bzero(ctx, exf->ctxsize);
	explicit_bzero(blkbuf, sizeof(blkbuf));
	explicit_bzero(tag, sizeof(tag));
	return (error);
	@@ -1171,13 +1185,13 @@

	swe = &ses->swcr_encdec;
	txf = crypto_cipher(csp);
	- if (txf->ctxsize != 0) {
	- swe->sw_ctx = malloc(txf->ctxsize, M_CRYPTO_DATA,
	- M_NOWAIT);
	- if (swe->sw_ctx == NULL)
	- return (ENOMEM);
	- }
	if (csp->csp_cipher_key != NULL) {
	+ if (txf->ctxsize != 0) {
	+ swe->sw_ctx = malloc(txf->ctxsize, M_CRYPTO_DATA,
	+ M_NOWAIT);
	+ if (swe->sw_ctx == NULL)
	+ return (ENOMEM);
	+ }
	error = txf->setkey(swe->sw_ctx,
	csp->csp_cipher_key, csp->csp_cipher_klen);
	if (error)

File Metadata

Mime Type: text/plain
Expires: Sun, Dec 15, 7:59 AM (21 h, 3 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 15406113
Default Alt Text: D33198.diff (13 KB)

D33198.diffNo OneTemporaryActions

D33198.diffView Options

File Metadata

Event Timeline

D33198.diff
No OneTemporary
Actions

D33198.diff
View Options