diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2010-12-15 23:34:24 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2010-12-15 23:34:24 +0000 |
| commit | 8b8c111bf0798c616b2dac6ee3a3dde2c77e2549 (patch) | |
| tree | 7658a07dd754754b1453f8fd3351f9e04319cf3a /sys/dev/pci/ubsecvar.h | |
| parent | 33bb214769f38803e01f13bbd076504dce27571e (diff) | |
Bring CBC oracle attack countermeasure from r1.32 of cryptosoft.c to
the hardware crypto accelerator land. This fixes aes-ni, via xcrypt,
glxsb(4), hifn(4), safe(4) and ubsec(4) drivers.
Original commit message by angelos:
Don't keep the last blocksize-bytes of ciphertext for use as the next
plaintext's IV, in CBC mode. Use arc4random() to acquire fresh IVs per
message.
with and ok deraadt, ok markus, djm
Diffstat (limited to 'sys/dev/pci/ubsecvar.h')
| -rw-r--r-- | sys/dev/pci/ubsecvar.h | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/sys/dev/pci/ubsecvar.h b/sys/dev/pci/ubsecvar.h index 6e3ae4c87f7..92871778b9e 100644 --- a/sys/dev/pci/ubsecvar.h +++ b/sys/dev/pci/ubsecvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsecvar.h,v 1.38 2009/03/27 13:31:30 reyk Exp $ */ +/* $OpenBSD: ubsecvar.h,v 1.39 2010/12/15 23:34:23 mikeb Exp $ */ /* * Copyright (c) 2000 Theo de Raadt @@ -152,7 +152,6 @@ struct ubsec_q { bus_dmamap_t q_dst_map; int q_sesn; - int q_flags; }; struct ubsec_softc { @@ -185,8 +184,6 @@ struct ubsec_softc { SIMPLEQ_HEAD(,ubsec_q2) sc_q2free; /* free list */ }; -#define UBSEC_QFLAGS_COPYOUTIV 0x1 - struct ubsec_session { u_int32_t ses_used; u_int32_t ses_key[8]; /* 3DES/AES key */ |