Date: Thu, 8 Jun 2017 21:33:10 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r319723 - head/sys/dev/cxgbe/crypto Message-ID: <201706082133.v58LXALC099426@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Thu Jun 8 21:33:10 2017 New Revision: 319723 URL: https://svnweb.freebsd.org/changeset/base/319723 Log: Fix the software fallback for GCM to validate the existing tag for decrypts. Sponsored by: Chelsio Communications Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c ============================================================================== --- head/sys/dev/cxgbe/crypto/t4_crypto.c Thu Jun 8 21:30:34 2017 (r319722) +++ head/sys/dev/cxgbe/crypto/t4_crypto.c Thu Jun 8 21:33:10 2017 (r319723) @@ -1398,9 +1398,20 @@ ccr_gcm_soft(struct ccr_session *s, struct cryptop *cr AES_GMAC_Update(&gmac_ctx, block, sizeof(block)); AES_GMAC_Final(digest, &gmac_ctx); - crypto_copyback(crp->crp_flags, crp->crp_buf, crda->crd_inject, - sizeof(digest), digest); - crp->crp_etype = 0; + if (crde->crd_flags & CRD_F_ENCRYPT) { + crypto_copyback(crp->crp_flags, crp->crp_buf, crda->crd_inject, + sizeof(digest), digest); + crp->crp_etype = 0; + } else { + char digest2[GMAC_DIGEST_LEN]; + + crypto_copydata(crp->crp_flags, crp->crp_buf, crda->crd_inject, + sizeof(digest2), digest2); + if (timingsafe_bcmp(digest, digest2, sizeof(digest)) == 0) + crp->crp_etype = 0; + else + crp->crp_etype = EBADMSG; + } crypto_done(crp); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201706082133.v58LXALC099426>