Commit Graph

31 Commits

Author SHA1 Message Date
Conrad Meyer
070249043e rijndael (AES): Avoid leaking sensitive data on kernel stack
Noticed this investigating Fortuna.  Remove useless duplicate stack copies
of sensitive contents when possible, or if not possible, be sure to zero
them out when we're finished.

Approved by:	secteam (gordon)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D16935
2018-10-26 20:53:01 +00:00
Dag-Erling Smørgrav
136fae42a9 Fix gcc build: preserve const qualifier when casting input values.
Noticed by:	bz@
Submitted by:	dim@
2014-11-11 13:37:28 +00:00
Dag-Erling Smørgrav
133cdd9e13 Constify the AES code and propagate to consumers. This allows us to
update the Fortuna code to use SHAd-256 as defined in FS&K.

Approved by:	so (self)
2014-11-10 09:44:38 +00:00
Warner Losh
3bdf775801 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
Maxim Sobolev
dd8c2454a8 Make test00 compilable again. 2008-01-15 18:34:47 +00:00
Pawel Jakub Dawidek
12e755355b Assert proper key size also in userland by defining KASSERT in !_KERNEL case. 2005-08-17 07:59:07 +00:00
Colin Percival
751a4770f7 Unbreak the world build (in sbin/gbde). This file is used by both
kernel and world, so KASSERT() needs to be wrapped within an #ifdef
_KERNEL / #endif pair.

Reported by:	krion, tinderbox
2005-08-17 00:24:20 +00:00
Pawel Jakub Dawidek
36c51ae068 Check key size for rijndael, as invalid key size can lead to kernel panic.
It checked other algorithms against this bug and it seems they aren't
affected.

Reported by:	Mike Tancsa <mike@sentex.net>
PR:		i386/84860
Reviewed by:	phk, cperciva(x2)
2005-08-16 18:59:00 +00:00
Hajimu UMEMOTO
ff079c93f7 gbde(8) is also rejndael user.
Reported by:	phk
2005-03-11 22:07:04 +00:00
Hajimu UMEMOTO
df3c03a773 just use crypto/rijndael, and nuke opencrypto/rindael.[ch].
the two became almost identical since latest KAME merge.

Discussed with:	sam
2005-03-11 17:24:46 +00:00
Hajimu UMEMOTO
2dc7d840b7 integrate rijndael-alg-fst.h into rijndael.h. 2005-03-11 16:26:10 +00:00
Hajimu UMEMOTO
68527b3aad stop including rijndael-api-fst.h from rijndael.h.
this is required to integrate opencrypto into crypto.
2005-03-11 15:42:51 +00:00
Ruslan Ermilov
e653b48c80 Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
Hajimu UMEMOTO
543729cf93 avoid module name conflict with opencrypto/rijndael.c.
Reported by:	tinderbox
2003-11-12 04:22:37 +00:00
Hajimu UMEMOTO
34d78ec3f1 cleanup rijndael API.
since there are naming conflicts with opencrypto, #define was
added to rename functions intend to avoid conflicts.

Obtained from:	KAME
2003-11-11 18:58:54 +00:00
Hajimu UMEMOTO
5129dcfce7 rijndael-alg-fst.[ch]:
- redo updating.

rijndael-api-fst.[ch]:
  - switch to use new low level rijndael api.
  - stop using u8, u16 and u32.
  - space cleanup.

Tested by:	gbde(8) and phk's test program
2003-11-10 10:33:39 +00:00
Poul-Henning Kamp
0513e13e31 Add a testcase which validates that the same buffer can be passed to
rijndael_blockDecrypt() as both input and output.

This property is important because inside rijndael we can get away
with allocating just a 16 byte "work" buffer on the stack (which
is very cheap), whereas the calling code would need to allocate the
full sized buffer, and in all likelyhood would have to do so with
an expensive malloc(9).
2003-10-19 22:12:23 +00:00
Hajimu UMEMOTO
9132d5071c - revert to old rijndael code. new rijndael code broke gbde.
- since aes-xcbc-mac and aes-ctr require functions in new
  rijndael code, aes-xcbc-mac and aes-ctr are disabled for now.
2003-10-19 21:28:34 +00:00
Hajimu UMEMOTO
3011d4b3e2 Fix alignment problem on 64 bit arch.
I only tested if it doesn't break anything on i368.  Since I
have no 64 bit machine, I cannot test it, actually.

Reported by:	jmallett
2003-10-14 13:37:37 +00:00
Hajimu UMEMOTO
8f21478b6a simplify and update rijndael code.
Obtained from:	KAME
2003-10-12 21:05:05 +00:00
Hajimu UMEMOTO
66476d45b8 one more opossite conditiion.
Reported by:	"lg" <zevlg@yandex.ru>
2003-09-18 17:26:56 +00:00
Hajimu UMEMOTO
eb159f5b2e condition of padLen check was opposite.
Reported by:	"lg" <zevlg@yandex.ru>
Reviewed by:	Lev Walkin <vlm@netli.com>
2003-09-17 08:51:43 +00:00
David E. O'Brien
ad39da7821 Use __FBSDID(). 2003-06-10 21:44:29 +00:00
Poul-Henning Kamp
27da100965 Don't panic when we can just return an error code. 2002-10-14 11:21:05 +00:00
SUZUKI Shinsuke
db49169620 Fixed AES encryption algorithm bug
PR:             kern/38465
Obtained from:  Ramana Yarlagadda <ramana.yarlagadda@analog.com>
2002-05-24 07:26:17 +00:00
Mark Murray
83238851f8 Remove macros that are defined elsewhere. 2002-04-21 10:32:48 +00:00
Hajimu UMEMOTO
c56df4e782 less warning
warning: cast discards qualifiers from pointer target type
2001-06-16 19:32:37 +00:00
Hajimu UMEMOTO
3384154590 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
Mark Murray
dafaee8183 Kernel crypto need binary key material, not symbolic ascii. 2001-03-10 13:02:58 +00:00
Kris Kennaway
fe2869c8fa Initial import of AES algorithm code (aka Rijndael) from KAME. 2000-10-30 11:03:32 +00:00