diff options
author | Jason Wright <jason@cvs.openbsd.org> | 2002-05-06 15:42:24 +0000 |
---|---|---|
committer | Jason Wright <jason@cvs.openbsd.org> | 2002-05-06 15:42:24 +0000 |
commit | 4a9bce8ac7bdac5a1b1a356088d4deff7896027f (patch) | |
tree | 6e77b24c5594430d14e8a3dcc1494ef8229ff23e | |
parent | 23af3fa98922eaaac3daf0d5f8365f2987b9e64a (diff) |
- Only copy the significant bits of the result out (and make sure the buffer
is long enough to handle it) and bzero the rest.
- Increase key buffer sizes to 2048 bits.
-rw-r--r-- | sys/dev/pci/ubsec.c | 45 | ||||
-rw-r--r-- | sys/dev/pci/ubsecvar.h | 3 |
2 files changed, 19 insertions, 29 deletions
diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index b73485ce2c6..da886146a2f 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsec.c,v 1.95 2002/05/02 19:03:35 jason Exp $ */ +/* $OpenBSD: ubsec.c,v 1.96 2002/05/06 15:42:23 jason Exp $ */ /* * Copyright (c) 2000 Jason L. Wright (jason@thought.net) @@ -110,7 +110,6 @@ struct ubsec_softc *ubsec_kfind(struct cryptkop *); int ubsec_kprocess_modexp(struct ubsec_softc *, struct cryptkop *); void ubsec_kfree(struct ubsec_softc *, struct ubsec_q2 *); int ubsec_kcopyin(struct crparam *, caddr_t, u_int, u_int *); -int ubsec_kcopyout(struct crparam *crpar, caddr_t, u_int); /* DEBUG crap... */ void ubsec_dump_pb(struct ubsec_pktbuf *); @@ -1379,6 +1378,11 @@ ubsec_callback2(sc, q) #endif case UBS_CTXOP_MODEXP: { struct ubsec_q2_modexp *me = (struct ubsec_q2_modexp *)q; + u_int rlen, clen; + + rlen = (me->me_modbits + 7) / 8; + clen = (me->me_krp->krp_param[UBS_MODEXP_PAR_C].crp_nbits + 7) + / 8; bus_dmamap_sync(sc->sc_dmat, me->me_M.dma_map, 0, me->me_M.dma_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); @@ -1389,11 +1393,16 @@ ubsec_callback2(sc, q) bus_dmamap_sync(sc->sc_dmat, me->me_epb.dma_map, 0, me->me_epb.dma_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); - if (ubsec_kcopyout(&me->me_krp->krp_param[UBS_MODEXP_PAR_C], - me->me_C.dma_vaddr, me->me_C.dma_size)) + if (clen < rlen) me->me_krp->krp_status = E2BIG; - else + else { + caddr_t dst; + me->me_krp->krp_status = 0; + dst = me->me_krp->krp_param[UBS_MODEXP_PAR_C].crp_p; + bcopy(me->me_C.dma_vaddr, dst, rlen); + bzero(dst + rlen, clen - rlen); + } crypto_kdone(me->me_krp); @@ -1803,6 +1812,7 @@ ubsec_kprocess_modexp(sc, krp) bzero(me, sizeof *me); me->me_krp = krp; me->me_q.q_type = UBS_CTXOP_MODEXP; + me->me_modbits = modbits; if (ubsec_dma_malloc(sc, sizeof(struct ubsec_mcr), &me->me_q.q_mcr, 0)) { @@ -1817,7 +1827,7 @@ ubsec_kprocess_modexp(sc, krp) goto errout; } - if (ubsec_dma_malloc(sc, 1024 / 8, &me->me_M, 0)) { + if (ubsec_dma_malloc(sc, 2048 / 8, &me->me_M, 0)) { err = ENOMEM; goto errout; } @@ -1827,7 +1837,7 @@ ubsec_kprocess_modexp(sc, krp) goto errout; } - if (ubsec_dma_malloc(sc, modbits/8, &me->me_C, 0)) { + if (ubsec_dma_malloc(sc, modbits / 8, &me->me_C, 0)) { err = ENOMEM; goto errout; } @@ -1954,27 +1964,6 @@ errout: return (0); } -int -ubsec_kcopyout(crpar, buf, bufsiz) - struct crparam *crpar; - caddr_t buf; - u_int bufsiz; -{ - u_int nbytes = (crpar->crp_nbits + 7) / 8; -#ifdef UBSEC_DEBUG - u_int i; - - for (i = 0; i < bufsiz; i++) - printf("%s%02x", (i == 0) ? "ko " : ":", (u_int8_t)buf[i]); - printf("\n"); -#endif - - if (bufsiz > nbytes) - return (-1); - bcopy(buf, crpar->crp_p, bufsiz); - return (0); -} - /* * Copy a key into a ubsec dma buffer, round up to multiple of 32 bits. */ diff --git a/sys/dev/pci/ubsecvar.h b/sys/dev/pci/ubsecvar.h index 68a0719403e..9d7962840ea 100644 --- a/sys/dev/pci/ubsecvar.h +++ b/sys/dev/pci/ubsecvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsecvar.h,v 1.29 2002/05/02 18:20:50 jason Exp $ */ +/* $OpenBSD: ubsecvar.h,v 1.30 2002/05/06 15:42:23 jason Exp $ */ /* * Copyright (c) 2000 Theo de Raadt @@ -86,6 +86,7 @@ struct ubsec_q2_modexp { struct ubsec_dma_alloc me_E; struct ubsec_dma_alloc me_C; struct ubsec_dma_alloc me_epb; + int me_modbits; }; #define UBSEC_RNG_BUFSIZ 16 /* measured in 32bit words */ |