Sponsored by: The FreeBSD Foundation
Details
Details
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
Also, note that the AEAD ciphers still use the single-block encrypt/decrypt hooks. It may be that they can be adapted too, but that is a bit more tedious (and probably worth doing as individual commits?)
| sys/opencrypto/cryptosoft.c | ||
|---|---|---|
| 165 | I think I even spelled it as 'block_size' in ossl(4) to be more readable. :-/ But the extra 'z' alone would help, yes. | |
| 203 | I ran into this with chacha20-poly1305 in ossl(4) actually. The problem is that the buffer might be larger than just the cipher text. For example when you are doing ETA such as AES-CBC + SHA256 HMAC for IPsec (or even TLS 1.1). In that case inline and outlen might include the space for the MAC if the MAC is contiguous, but you don't want to encrypt the space for the MAC, just the ciphertext itself. You can reproduce this fairly easily with /dev/crypto and ETA requests since they use a flat, contiguous buffer with the MAC just after the ciphertext. | |
| sys/opencrypto/cryptosoft.c | ||
|---|---|---|
| 203 | Hmm, I know that this situation can arise in general, I was really wondering specifically how it can happen here, since swcr_encdec() only handles plain encryption/decryption. That is, ETA and AEAD modes are not handled here. | |
| sys/opencrypto/cryptosoft.c | ||
|---|---|---|
| 203 | No, ETA uses this. swcr_eta calls swcr_encdec for the encryption/decryption step. | |
| sys/opencrypto/cryptosoft.c | ||
|---|---|---|
| 203 | Oops, I see now. | |
Comment Actions
- Use for loop instead of while.
- Handle boundary conditions when segment ends on a block boundary.