From nobody Fri Apr 29 20:55:05 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5D37C199480B; Fri, 29 Apr 2022 20:55:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Kql9k1L1Fz3FBN; Fri, 29 Apr 2022 20:55:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651265706; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=i9gqs6oix3I7QYchoJkwK92gxFbqr+yLO5rD3fX6v7g=; b=clTPWnJw6LKlgKkEklEWBLXvpzf0bRUWHNybp4+O4lHj/Fr2JBRxwRBnsSvU9KzjbB+BAQ tPiJqPIwuUV7KKEMm239Q+IhwND25O//iuBYI7a3kuoGTwJ7htjzLm+GIPZ28htoSzGdzt KO+nUEVZOHmB+EyHyfXQeRko3LKIe9Apn1RXoj4CnCpxHecxcBYoD3wIGD6vMCgZxP5Fwp tXBUWWstYIQqU7FMFKWZNJi9V5R7hrsSSLQhCkyso/LaxgIJVSBMKEqFpJraCRE+TFWlVK 4ps7sKRqKvJwCZUA3v9EqiTX9nT1gsZcpZKXj8fIVgfHX3prFj6VixAYiYPgyg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A1153141F0; Fri, 29 Apr 2022 20:55:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23TKt5lB055188; Fri, 29 Apr 2022 20:55:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23TKt5BC055187; Fri, 29 Apr 2022 20:55:05 GMT (envelope-from git) Date: Fri, 29 Apr 2022 20:55:05 GMT Message-Id: <202204292055.23TKt5BC055187@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: e718aa62a3eb - stable/13 - GMAC: Reset initial hash value and counter in AES_GMAC_Reinit(). List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: e718aa62a3eb06519b63eb09d4add042df3b25f1 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651265706; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=i9gqs6oix3I7QYchoJkwK92gxFbqr+yLO5rD3fX6v7g=; b=T1xxWtBC0mnIl86dKxyjSXUvRk75k3CfPUFL4sQPqYjx360qbGDwnBrVqbvX5hDrBS8IiG Lu1qwBEXfryDC3NgAyU+hUY8zz3LJfOAG2gL1MLuz1Zv1AoIXp3gxFkkH2L4fX/wGy2f3n U+hiAsTGYWpqJu6LxDjkM/ClTYvilrK2H+r6JpUSOhcpF6Sueaq8zEfddELxkevLQGyB59 aezWj4K6/8b85gLqx95cH/X6NAFMrKgADEGSNujsAuYteoxTaStc83AFptAbJHNafKAycd mOPIsWpCT69kdTObWJqXPCgTQWm9YcCoqutOEODcnysl+LLYCrNNHoOm+1oXIA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1651265706; a=rsa-sha256; cv=none; b=GNrOFG50KK5VBTlTwuMnQGOSCc5PYg7Xlq/oouMiWeDEiPbn3Qmg2hsV/idVp4ukuB276n +xqmaxormI5Tzhms0iVfFjzu42XKBTJcQ1KYXBpuwt6TjEx3I5hdSiPGHLXdg3k+5UcE2e O1Ku8sH9xAuzKdZf9Txdwv2Wb/EDIWOmz9U2mnW2SRjaJbRgPWnEZdxnv27lkz2iyXWgeU rG3gXdYqwcHAwp8fXfLBDzqhiLemMW8i0OfqlTC4KJBVt5KAE6NbasrmBQrzFTTU3za26H uqMirF3WkBk/hekwN4oH2Px0jUfAFZPr6MQkaS6/rxQkXY3sWZ/g3Ne9Q9vWOw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=e718aa62a3eb06519b63eb09d4add042df3b25f1 commit e718aa62a3eb06519b63eb09d4add042df3b25f1 Author: John Baldwin AuthorDate: 2021-12-09 19:52:42 +0000 Commit: John Baldwin CommitDate: 2022-04-29 20:50:04 +0000 GMAC: Reset initial hash value and counter in AES_GMAC_Reinit(). Previously, these values were only cleared in AES_GMAC_Init(), so a second set of operations could reuse the final hash as the initial hash. Currently this bug does not trigger in cryptosoft as existing GMAC and GCM operations always use an on-stack auth context initialized from a template context. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33315 (cherry picked from commit 356c922f74bfcece1f139026897a79c62adbdf50) --- sys/opencrypto/gmac.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/opencrypto/gmac.c b/sys/opencrypto/gmac.c index 07fa6bffb6e7..690be855288b 100644 --- a/sys/opencrypto/gmac.c +++ b/sys/opencrypto/gmac.c @@ -70,7 +70,11 @@ AES_GMAC_Reinit(void *ctx, const uint8_t *iv, u_int ivlen) agc = ctx; KASSERT(ivlen <= sizeof agc->counter, ("passed ivlen too large!")); + memset(agc->counter, 0, sizeof(agc->counter)); bcopy(iv, agc->counter, ivlen); + agc->counter[GMAC_BLOCK_LEN - 1] = 1; + + memset(&agc->hash, 0, sizeof(agc->hash)); } int @@ -118,9 +122,7 @@ AES_GMAC_Final(uint8_t *digest, void *ctx) uint8_t enccntr[GMAC_BLOCK_LEN]; struct gf128 a; - /* XXX - zero additional bytes? */ agc = ctx; - agc->counter[GMAC_BLOCK_LEN - 1] = 1; rijndaelEncrypt(agc->keysched, agc->rounds, agc->counter, enccntr); a = gf128_add(agc->hash, gf128_read(enccntr));