Date: Mon, 16 Apr 2018 00:42:45 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r332522 - in stable/11: sbin/geom/class/eli sys/geom/eli Message-ID: <201804160042.w3G0gjmN024619@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Mon Apr 16 00:42:45 2018 New Revision: 332522 URL: https://svnweb.freebsd.org/changeset/base/332522 Log: MFC r308137, r316312, r332361 r308137: Fix alignment issues on MIPS: align the pointers properly. All the 5520 GEOM_ELI tests passed successfully on MIPS64EB. r316312: sys/geom/eli: Switch bzero() to explicit_bzero() for sensitive data In GELI, anywhere we are zeroing out possibly sensitive data, like the metadata struct, the metadata sector (both contain the encrypted master key), the user key, or the master key, use explicit_bzero. Didn't touch the bzero() used to initialize structs. r332361: Introduce dry run option for attaching the device. This will allow us to verify if passphrase and key is valid without decrypting whole device. Modified: stable/11/sbin/geom/class/eli/geom_eli.c stable/11/sys/geom/eli/g_eli.h stable/11/sys/geom/eli/g_eli_integrity.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/geom/class/eli/geom_eli.c ============================================================================== --- stable/11/sbin/geom/class/eli/geom_eli.c Mon Apr 16 00:29:07 2018 (r332521) +++ stable/11/sbin/geom/class/eli/geom_eli.c Mon Apr 16 00:42:45 2018 (r332522) @@ -672,7 +672,7 @@ static void eli_init(struct gctl_req *req) { struct g_eli_metadata md; - unsigned char sector[sizeof(struct g_eli_metadata)]; + unsigned char sector[sizeof(struct g_eli_metadata)] __aligned(4); unsigned char key[G_ELI_USERKEYLEN]; char backfile[MAXPATHLEN]; const char *str, *prov; Modified: stable/11/sys/geom/eli/g_eli.h ============================================================================== --- stable/11/sys/geom/eli/g_eli.h Mon Apr 16 00:29:07 2018 (r332521) +++ stable/11/sys/geom/eli/g_eli.h Mon Apr 16 00:42:45 2018 (r332522) @@ -296,6 +296,7 @@ eli_metadata_encode_v1v2v3v4v5v6v7(struct g_eli_metada static __inline void eli_metadata_encode(struct g_eli_metadata *md, u_char *data) { + uint32_t hash[4]; MD5_CTX ctx; u_char *p; @@ -327,12 +328,14 @@ eli_metadata_encode(struct g_eli_metadata *md, u_char } MD5Init(&ctx); MD5Update(&ctx, data, p - data); - MD5Final(md->md_hash, &ctx); + MD5Final((void *)hash, &ctx); + bcopy(hash, md->md_hash, sizeof(md->md_hash)); bcopy(md->md_hash, p, sizeof(md->md_hash)); } static __inline int eli_metadata_decode_v0(const u_char *data, struct g_eli_metadata *md) { + uint32_t hash[4]; MD5_CTX ctx; const u_char *p; @@ -348,7 +351,8 @@ eli_metadata_decode_v0(const u_char *data, struct g_el bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); MD5Init(&ctx); MD5Update(&ctx, data, p - data); - MD5Final(md->md_hash, &ctx); + MD5Final((void *)hash, &ctx); + bcopy(hash, md->md_hash, sizeof(md->md_hash)); if (bcmp(md->md_hash, p, 16) != 0) return (EINVAL); return (0); @@ -357,6 +361,7 @@ eli_metadata_decode_v0(const u_char *data, struct g_el static __inline int eli_metadata_decode_v1v2v3v4v5v6v7(const u_char *data, struct g_eli_metadata *md) { + uint32_t hash[4]; MD5_CTX ctx; const u_char *p; @@ -373,7 +378,8 @@ eli_metadata_decode_v1v2v3v4v5v6v7(const u_char *data, bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); MD5Init(&ctx); MD5Update(&ctx, data, p - data); - MD5Final(md->md_hash, &ctx); + MD5Final((void *)hash, &ctx); + bcopy(hash, md->md_hash, sizeof(md->md_hash)); if (bcmp(md->md_hash, p, 16) != 0) return (EINVAL); return (0); Modified: stable/11/sys/geom/eli/g_eli_integrity.c ============================================================================== --- stable/11/sys/geom/eli/g_eli_integrity.c Mon Apr 16 00:29:07 2018 (r332521) +++ stable/11/sys/geom/eli/g_eli_integrity.c Mon Apr 16 00:42:45 2018 (r332522) @@ -444,12 +444,17 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp size += sizeof(*crde) * nsec; size += sizeof(*crda) * nsec; size += G_ELI_AUTH_SECKEYLEN * nsec; + size += sizeof(uintptr_t); /* Space for alignment. */ data = malloc(size, M_ELI, M_WAITOK); bp->bio_driver2 = data; p = data + encr_secsize * nsec; } bp->bio_inbed = 0; bp->bio_children = nsec; + +#if defined(__mips_n64) || defined(__mips_o64) + p = (char *)roundup((uintptr_t)p, sizeof(uintptr_t)); +#endif for (i = 1; i <= nsec; i++, dstoff += encr_secsize) { crp = (struct cryptop *)p; p += sizeof(*crp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804160042.w3G0gjmN024619>