svn commit: r332522 - in stable/11: sbin/geom/class/eli sys/geom/eli
Kyle Evans
kevans at FreeBSD.org
Mon Apr 16 00:42:46 UTC 2018
Author: kevans
Date: Mon Apr 16 00:42:45 2018
New Revision: 332522
URL: https://svnweb.freebsd.org/changeset/base/332522
Log:
MFC r308137, r316312, r332361
r308137:
Fix alignment issues on MIPS: align the pointers properly.
All the 5520 GEOM_ELI tests passed successfully on MIPS64EB.
r316312:
sys/geom/eli: Switch bzero() to explicit_bzero() for sensitive data
In GELI, anywhere we are zeroing out possibly sensitive data, like
the metadata struct, the metadata sector (both contain the encrypted
master key), the user key, or the master key, use explicit_bzero.
Didn't touch the bzero() used to initialize structs.
r332361:
Introduce dry run option for attaching the device.
This will allow us to verify if passphrase and key is valid without
decrypting whole device.
Modified:
stable/11/sbin/geom/class/eli/geom_eli.c
stable/11/sys/geom/eli/g_eli.h
stable/11/sys/geom/eli/g_eli_integrity.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sbin/geom/class/eli/geom_eli.c
==============================================================================
--- stable/11/sbin/geom/class/eli/geom_eli.c Mon Apr 16 00:29:07 2018 (r332521)
+++ stable/11/sbin/geom/class/eli/geom_eli.c Mon Apr 16 00:42:45 2018 (r332522)
@@ -672,7 +672,7 @@ static void
eli_init(struct gctl_req *req)
{
struct g_eli_metadata md;
- unsigned char sector[sizeof(struct g_eli_metadata)];
+ unsigned char sector[sizeof(struct g_eli_metadata)] __aligned(4);
unsigned char key[G_ELI_USERKEYLEN];
char backfile[MAXPATHLEN];
const char *str, *prov;
Modified: stable/11/sys/geom/eli/g_eli.h
==============================================================================
--- stable/11/sys/geom/eli/g_eli.h Mon Apr 16 00:29:07 2018 (r332521)
+++ stable/11/sys/geom/eli/g_eli.h Mon Apr 16 00:42:45 2018 (r332522)
@@ -296,6 +296,7 @@ eli_metadata_encode_v1v2v3v4v5v6v7(struct g_eli_metada
static __inline void
eli_metadata_encode(struct g_eli_metadata *md, u_char *data)
{
+ uint32_t hash[4];
MD5_CTX ctx;
u_char *p;
@@ -327,12 +328,14 @@ eli_metadata_encode(struct g_eli_metadata *md, u_char
}
MD5Init(&ctx);
MD5Update(&ctx, data, p - data);
- MD5Final(md->md_hash, &ctx);
+ MD5Final((void *)hash, &ctx);
+ bcopy(hash, md->md_hash, sizeof(md->md_hash));
bcopy(md->md_hash, p, sizeof(md->md_hash));
}
static __inline int
eli_metadata_decode_v0(const u_char *data, struct g_eli_metadata *md)
{
+ uint32_t hash[4];
MD5_CTX ctx;
const u_char *p;
@@ -348,7 +351,8 @@ eli_metadata_decode_v0(const u_char *data, struct g_el
bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys);
MD5Init(&ctx);
MD5Update(&ctx, data, p - data);
- MD5Final(md->md_hash, &ctx);
+ MD5Final((void *)hash, &ctx);
+ bcopy(hash, md->md_hash, sizeof(md->md_hash));
if (bcmp(md->md_hash, p, 16) != 0)
return (EINVAL);
return (0);
@@ -357,6 +361,7 @@ eli_metadata_decode_v0(const u_char *data, struct g_el
static __inline int
eli_metadata_decode_v1v2v3v4v5v6v7(const u_char *data, struct g_eli_metadata *md)
{
+ uint32_t hash[4];
MD5_CTX ctx;
const u_char *p;
@@ -373,7 +378,8 @@ eli_metadata_decode_v1v2v3v4v5v6v7(const u_char *data,
bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys);
MD5Init(&ctx);
MD5Update(&ctx, data, p - data);
- MD5Final(md->md_hash, &ctx);
+ MD5Final((void *)hash, &ctx);
+ bcopy(hash, md->md_hash, sizeof(md->md_hash));
if (bcmp(md->md_hash, p, 16) != 0)
return (EINVAL);
return (0);
Modified: stable/11/sys/geom/eli/g_eli_integrity.c
==============================================================================
--- stable/11/sys/geom/eli/g_eli_integrity.c Mon Apr 16 00:29:07 2018 (r332521)
+++ stable/11/sys/geom/eli/g_eli_integrity.c Mon Apr 16 00:42:45 2018 (r332522)
@@ -444,12 +444,17 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp
size += sizeof(*crde) * nsec;
size += sizeof(*crda) * nsec;
size += G_ELI_AUTH_SECKEYLEN * nsec;
+ size += sizeof(uintptr_t); /* Space for alignment. */
data = malloc(size, M_ELI, M_WAITOK);
bp->bio_driver2 = data;
p = data + encr_secsize * nsec;
}
bp->bio_inbed = 0;
bp->bio_children = nsec;
+
+#if defined(__mips_n64) || defined(__mips_o64)
+ p = (char *)roundup((uintptr_t)p, sizeof(uintptr_t));
+#endif
for (i = 1; i <= nsec; i++, dstoff += encr_secsize) {
crp = (struct cryptop *)p; p += sizeof(*crp);
More information about the svn-src-stable
mailing list