PERFORCE change 1200499 for review

Fri Sep 19 06:28:25 UTC 2014

http://p4web.freebsd.org/@@1200499?ac=10

Change 1200499 by jmg at jmg_carbon2 on 2014/09/19 06:28:20

	don't directly return, set error and goto out so that we can clean
	up properly...
	
	Move the IV initalization to a common location, and generate a
	random one when one isn't provided...
	
	Previous two items were caught by rrs and friends at Netflix...
	
	enforce that both ICM and GCM have an explicit IV...
	
	only schedule the decryption key when used...
	
	Sponsored by:	FreeBSD Foundation
	Sponsored by:	Rubicon Communications, LLC (Netgate)

Affected files ...

.. //depot/projects/opencrypto/sys/crypto/aesni/aesni.c#8 edit
.. //depot/projects/opencrypto/sys/crypto/aesni/aesni_wrap.c#4 edit

Differences ...

==== //depot/projects/opencrypto/sys/crypto/aesni/aesni.c#8 (text+ko) ====

@@ -326,7 +326,8 @@
 			break;
 
 		default:
-			return (EINVAL);
+			error = EINVAL;
+			goto out;
 		}
 	}
 
@@ -462,7 +463,8 @@
 
 	encflag = (enccrd->crd_flags & CRD_F_ENCRYPT) == CRD_F_ENCRYPT;
 
-	if (enccrd->crd_alg == CRYPTO_AES_ICM &&
+	if ((enccrd->crd_alg == CRYPTO_AES_ICM ||
+	    enccrd->crd_alg == CRYPTO_AES_NIST_GCM_16) &&
 	    (enccrd->crd_flags & CRD_F_IV_EXPLICIT) == 0)
 		return (EINVAL);
 
@@ -513,6 +515,8 @@
 	if (encflag) {
 		if ((enccrd->crd_flags & CRD_F_IV_EXPLICIT) != 0)
 			bcopy(enccrd->crd_iv, ses->iv, ivlen);
+		else
+			arc4rand(ses->iv, ivlen, 0);
 		if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0)
 			crypto_copyback(crp->crp_flags, crp->crp_buf,
 			    enccrd->crd_inject, ivlen, ses->iv);

==== //depot/projects/opencrypto/sys/crypto/aesni/aesni_wrap.c#4 (text+ko) ====

@@ -438,11 +438,16 @@
 aesni_cipher_setup_common(struct aesni_session *ses, const uint8_t *key,
     int keylen)
 {
+	int decsched;
+
+	decsched = 1;
 
 	switch (ses->algo) {
-	case CRYPTO_AES_CBC:
 	case CRYPTO_AES_ICM:
 	case CRYPTO_AES_NIST_GCM_16:
+		decsched = 0;
+		/* FALLTHROUGH */
+	case CRYPTO_AES_CBC:
 		switch (keylen) {
 		case 128:
 			ses->rounds = AES128_ROUNDS;
@@ -476,12 +481,11 @@
 	}
 
 	aesni_set_enckey(key, ses->enc_schedule, ses->rounds);
-	aesni_set_deckey(ses->enc_schedule, ses->dec_schedule, ses->rounds);
+	if (decsched)
+		aesni_set_deckey(ses->enc_schedule, ses->dec_schedule,
+		    ses->rounds);
 
-	/* setup IV */
-	if (ses->algo == CRYPTO_AES_CBC || ses->algo == CRYPTO_AES_NIST_GCM_16)
-		arc4rand(ses->iv, sizeof(ses->iv), 0);
-	else if (ses->algo == CRYPTO_AES_XTS)
+	if (ses->algo == CRYPTO_AES_XTS)
 		aesni_set_enckey(key + keylen / 16, ses->xts_schedule,
 		    ses->rounds);
 
