CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2010/12/15 16:34:23
Modified files:
sys/arch/amd64/amd64: aesni.c via.c
sys/arch/i386/i386: via.c
sys/arch/i386/pci: glxsb.c
sys/dev/pci : hifn7751.c hifn7751var.h safe.c safevar.h
ubsec.c ubsecvar.h
Log message:
Bring CBC oracle attack countermeasure from r1.32 of cryptosoft.c to
the hardware crypto accelerator land. This fixes aes-ni, via xcrypt,
glxsb(4), hifn(4), safe(4) and ubsec(4) drivers.
Original commit message by angelos:
Don't keep the last blocksize-bytes of ciphertext for use as the next
plaintext's IV, in CBC mode. Use arc4random() to acquire fresh IVs per
message.
with and ok deraadt, ok markus, djm
