svn commit: r346648 - head/sys/dev/cxgbe/crypto
John Baldwin
jhb at FreeBSD.org
Wed Apr 24 23:18:11 UTC 2019
Author: jhb
Date: Wed Apr 24 23:18:10 2019
New Revision: 346648
URL: https://svnweb.freebsd.org/changeset/base/346648
Log:
Fix requests for "plain" SHA digests of an empty buffer.
To workaround limitations in the crypto engine, empty buffers are
handled by manually constructing the final length block as the payload
passed to the crypto engine and disabling the normal "final" handling.
For HMAC this length block should hold the length of a single block
since the hash is actually the hash of the IPAD digest, but for
"plain" SHA the length should be zero instead.
Reported by: NIST SHA1 test failure
MFC after: 2 weeks
Sponsored by: Chelsio Communications
Modified:
head/sys/dev/cxgbe/crypto/t4_crypto.c
Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c
==============================================================================
--- head/sys/dev/cxgbe/crypto/t4_crypto.c Wed Apr 24 23:10:19 2019 (r346647)
+++ head/sys/dev/cxgbe/crypto/t4_crypto.c Wed Apr 24 23:18:10 2019 (r346648)
@@ -537,8 +537,9 @@ ccr_hash(struct ccr_softc *sc, struct ccr_session *s,
dst = (char *)(crwr + 1) + kctx_len + DUMMY_BYTES;
if (crd->crd_len == 0) {
dst[0] = 0x80;
- *(uint64_t *)(dst + axf->blocksize - sizeof(uint64_t)) =
- htobe64(axf->blocksize << 3);
+ if (s->mode == HMAC)
+ *(uint64_t *)(dst + axf->blocksize - sizeof(uint64_t)) =
+ htobe64(axf->blocksize << 3);
} else if (imm_len != 0)
crypto_copydata(crp->crp_flags, crp->crp_buf, crd->crd_skip,
crd->crd_len, dst);
More information about the svn-src-all
mailing list