Module Name: src
Committed By: drochner
Date: Sat May 21 10:04:04 UTC 2011
Modified Files:
src/sys/opencrypto: cryptosoft.c
Log Message:
fix a logics bug (which has been here from the beginning) which made
that only 96 random bits were used for IV generation,
this caused eg that the last 4 bytes of the IV in ESP/AES-CBC
were constant, leaking kernel memory
affects FAST_IPSEC only
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/sys/opencrypto/cryptosoft.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/opencrypto/cryptosoft.c
diff -u src/sys/opencrypto/cryptosoft.c:1.30 src/sys/opencrypto/cryptosoft.c:1.31
--- src/sys/opencrypto/cryptosoft.c:1.30 Thu May 5 17:44:39 2011
+++ src/sys/opencrypto/cryptosoft.c Sat May 21 10:04:03 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptosoft.c,v 1.30 2011/05/05 17:44:39 drochner Exp $ */
+/* $NetBSD: cryptosoft.c,v 1.31 2011/05/21 10:04:03 drochner Exp $ */
/* $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $ */
/* $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */
@@ -24,7 +24,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.30 2011/05/05 17:44:39 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.31 2011/05/21 10:04:03 drochner Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -95,7 +95,7 @@
else {
/* Get random IV */
for (i = 0;
- i + sizeof (u_int32_t) < EALG_MAX_BLOCK_LEN;
+ i + sizeof (u_int32_t) <= EALG_MAX_BLOCK_LEN;
i += sizeof (u_int32_t)) {
u_int32_t temp = arc4random();
