Mike Belopuhov <[email protected]> wrote:
> This is a first diff of a series that brings support for the
> Galois/Counter Mode for AES in OpenBSD.
\o/
Comments below.
> --- crypto/cryptosoft.c 2 Jul 2010 02:40:15 -0000 1.54
> +++ crypto/cryptosoft.c 20 Aug 2010 15:38:50 -0000
> @@ -492,6 +492,147 @@ swcr_authcompute(struct cryptop *crp, st
> }
>
> /*
> + * Apply a combined encryption-authentication transformation
> + */
> +int
> +swcr_combined(struct cryptop *crp)
> +{
> + unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN];
...
> + /* Do any required special finalization */
> + switch (crda->crd_alg) {
> + case CRYPTO_AES_128_GMAC:
> + case CRYPTO_AES_192_GMAC:
> + case CRYPTO_AES_256_GMAC:
> + /* length block */
> + bzero(blk, blksz);
> + blkp = (uint32_t *)blk + 1;
> + *blkp = htobe32(crda->crd_len * 8);
> + blkp = (uint32_t *)blk + 3;
> + *blkp = htobe32(crde->crd_len * 8);
> + axf->Update(&ctx, blk, blksz);
> + break;
> + }
panic: unaligned access
This is exactly the rdate/ntp.c problem again. You can't assume
that a char array is int32-aligned.
Also, why is this finalization not done for AES_GCM_16 and AES_GMAC?
This doesn't seem right.
AES_GCM_16 and AES_GMAC are missing from swcr_freesession().
AES_GMAC is missing from swcr_process() and swcr_init().
--
Christian "naddy" Weisgerber [email protected]
