CVS commit: src/sys/dev/marvell

Sun, 14 Jun 2020 16:30:02 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Sun Jun 14 23:29:23 UTC 2020

Modified Files:
        src/sys/dev/marvell: mvcesa.c

Log Message:
mvcesa(4): Don't use prev msg's last block as IV for next msg in CBC.

This violates the security contract of the CBC construction, which
requires that the IV be unpredictable in advance; an adaptive adversary
can exploit this to verify plaintext guesses.

XXX Compile-tested only.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/sys/dev/marvell/mvcesa.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/marvell/mvcesa.c
diff -u src/sys/dev/marvell/mvcesa.c:1.2 src/sys/dev/marvell/mvcesa.c:1.3
--- src/sys/dev/marvell/mvcesa.c:1.2	Mon Sep  3 16:29:31 2018
+++ src/sys/dev/marvell/mvcesa.c	Sun Jun 14 23:29:23 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: mvcesa.c,v 1.2 2018/09/03 16:29:31 riastradh Exp $	*/
+/*	$NetBSD: mvcesa.c,v 1.3 2020/06/14 23:29:23 riastradh Exp $	*/
 /*
  * Copyright (c) 2008 KIYOHARA Takashi
  * All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mvcesa.c,v 1.2 2018/09/03 16:29:31 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mvcesa.c,v 1.3 2020/06/14 23:29:23 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/bus.h>
@@ -56,7 +56,6 @@ struct mvcesa_session {
 	int ses_used;
 
 	int ses_klen;
-	uint32_t ses_iv[4];
 	uint32_t ses_key[8];
 
 	uint32_t ses_hminner[5];	/* HMAC inner state */
@@ -236,9 +235,6 @@ mvcesa_newsession(void *arg, u_int32_t *
 				return EINVAL;
 			enc = 1;
 
-			cprng_fast(ses->ses_iv,
-			    c->cri_alg == CRYPTO_AES_CBC ? 16 : 8);
-
 			/* Go ahead and compute key in CESA's byte order */
 			ses->ses_klen = c->cri_klen;
 			memcpy(ses->ses_key, c->cri_key, c->cri_klen / 8);
@@ -406,8 +402,10 @@ mvcesa_process(void *arg, struct cryptop
 				dir = MVCESA_DESE_C_DIRECTION_ENC;
 				if (crd->crd_flags & CRD_F_IV_EXPLICIT)
 					iv = (uint32_t *)crd->crd_iv;
-				else
-					iv = ses->ses_iv;
+				else {
+					cprng_fast(ivbuf, sizeof(ivbuf));
+					iv = ivbuf;
+				}
 				if (!(crd->crd_flags & CRD_F_IV_PRESENT)) {
 					if (m != NULL)
 						m_copyback(m, crd->crd_inject,
@@ -760,8 +758,5 @@ mvcesa_des_encdec(struct mvcesa_softc *s
 		}
 	}
 
-	if (dir == MVCESA_DESE_C_DIRECTION_ENC)
-		memcpy(ses->ses_iv, iv, sizeof(ses->ses_iv));
-
 	return 0;
 }

Reply via email to