| #
4fdaf5b0 |
| 14-Jun-2020 |
riastradh <riastradh@NetBSD.org> |
mvcesa(4): Don't use prev msg's last block as IV for next msg in CBC.
This violates the security contract of the CBC construction, which
requires that the IV be unpredictable in advance; an adaptive
mvcesa(4): Don't use prev msg's last block as IV for next msg in CBC.
This violates the security contract of the CBC construction, which
requires that the IV be unpredictable in advance; an adaptive adversary
can exploit this to verify plaintext guesses.
XXX Compile-tested only.
show more ...
|
| #
a8a5c538 |
| 03-Sep-2018 |
riastradh <riastradh@NetBSD.org> |
Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a n
Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.
HOWEVER! Some subsystems have
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.
To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.
I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:
cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))
It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.
Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
show more ...
|
| #
60faec85 |
| 27-Jul-2012 |
kiyohara <kiyohara@NetBSD.org> |
Add Marvell CESA(Cryptographic Engines and Security Accelerator) module driver.
But support only PIO-mode now. Also AES-CBC not supported.
Don't know how to process to AES CBC in PIO-mode. I haven'
Add Marvell CESA(Cryptographic Engines and Security Accelerator) module driver.
But support only PIO-mode now. Also AES-CBC not supported.
Don't know how to process to AES CBC in PIO-mode. I haven't found IV registers.
show more ...
|