NetBSD Problem Report #22619
Received: (qmail 9616 invoked by uid 605); 27 Aug 2003 15:15:50 -0000
Message-Id: <20030827151549.84F7C7B79@yeah-baby.shagadelic.org>
Date: Wed, 27 Aug 2003 08:15:49 -0700 (PDT)
From: thorpej@shagadelic.org
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: thorpej@shagadelic.org
To: gnats-bugs@gnats.netbsd.org
Subject: opencrypto requires key material to be provided per-op
X-Send-Pr-Version: 3.95
>Number: 22619
>Category: kern
>Synopsis: opencrypto requires key material to be provided per-op
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Wed Aug 27 15:16:00 +0000 2003
>Closed-Date:
>Last-Modified:
>Originator: Jason R Thorpe
>Release: NetBSD 1.6X
>Organization:
>Environment:
System: NetBSD swinger.shagadelic.org 1.6X NetBSD 1.6X (SWINGER) #15: Tue Aug 26 15:43:43 PDT 2003 thorpej@yeah-baby.shagadelic.org:/u1/netbsd/src/sys/arch/i386/compile/SWINGER i386
Architecture: i386
Machine: i386
>Description:
opencrypto has a design flaw in that it requires the user of
the API to provide the key material every time an op is submitted
to the engine. This requires the user of the API to keep the
raw, unscheduled key material around.
This seems redundant, as the key material is also provided when
a session is created.
From code inspection, it seems that the only thing that uses this
per-op key material is the hifn driver; the software crypto and
ubsec drivers appear to store scheduled copies of the keys in their
own private session data.
>How-To-Repeat:
Convert an application to use opencrypto and notice that you are
now required to keep a copy of the raw key material around.
>Fix:
It seems to me that the hifn driver should be changed to not
require the key material to be provided per-op, i.e. change it
to cache the key in whatever form is required in its own private
session data.
Once the hifn driver is fixed, the crd_key and crd_klen members
should be removed from cryptodesc and the fast-ipsec code updated.
>Release-Note:
>Audit-Trail:
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.