Mike Belopuhov <m...@crypt.org.ru> wrote: > This is a first diff of a series that brings support for the > Galois/Counter Mode for AES in OpenBSD.
\o/ Comments below. > --- crypto/cryptosoft.c 2 Jul 2010 02:40:15 -0000 1.54 > +++ crypto/cryptosoft.c 20 Aug 2010 15:38:50 -0000 > @@ -492,6 +492,147 @@ swcr_authcompute(struct cryptop *crp, st > } > > /* > + * Apply a combined encryption-authentication transformation > + */ > +int > +swcr_combined(struct cryptop *crp) > +{ > + unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN]; ... > + /* Do any required special finalization */ > + switch (crda->crd_alg) { > + case CRYPTO_AES_128_GMAC: > + case CRYPTO_AES_192_GMAC: > + case CRYPTO_AES_256_GMAC: > + /* length block */ > + bzero(blk, blksz); > + blkp = (uint32_t *)blk + 1; > + *blkp = htobe32(crda->crd_len * 8); > + blkp = (uint32_t *)blk + 3; > + *blkp = htobe32(crde->crd_len * 8); > + axf->Update(&ctx, blk, blksz); > + break; > + } panic: unaligned access This is exactly the rdate/ntp.c problem again. You can't assume that a char array is int32-aligned. Also, why is this finalization not done for AES_GCM_16 and AES_GMAC? This doesn't seem right. AES_GCM_16 and AES_GMAC are missing from swcr_freesession(). AES_GMAC is missing from swcr_process() and swcr_init(). -- Christian "naddy" Weisgerber na...@mips.inka.de