Date: Sat, 23 Jun 2018 18:20:17 +0000 (UTC) From: Conrad Meyer <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r335584 - head/sys/crypto/aesni Message-ID: <201806231820.w5NIKHaS051052@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Sat Jun 23 18:20:17 2018 New Revision: 335584 URL: https://svnweb.freebsd.org/changeset/base/335584 Log: aesni(4): Fix {de,en}crypt operations that allocated a buffer aesni(4) allocates a contiguous buffer for the data it processes if the provided input was not already virtually contiguous, and copies the input there. It performs encryption or decryption in-place. r324037 removed the logic that then copied the processed data back to the user-provided input buffer, breaking {de,enc}crypt for mbuf chains or iovecs with more than a single descriptor. PR: 228094 (probably, not confirmed) Submitted by: Sean Fagan <kithrup AT me.com> Reported by: Emeric POUPON <emeric.poupon AT stormshield.eu> X-MFC-With: 324037 Security: could result in plaintext being output by "encrypt" operation Modified: head/sys/crypto/aesni/aesni.c Modified: head/sys/crypto/aesni/aesni.c ============================================================================== --- head/sys/crypto/aesni/aesni.c Sat Jun 23 17:24:19 2018 (r335583) +++ head/sys/crypto/aesni/aesni.c Sat Jun 23 18:20:17 2018 (r335584) @@ -890,6 +890,10 @@ aesni_cipher_crypt(struct aesni_session *ses, struct c break; } + if (allocated) + crypto_copyback(crp->crp_flags, crp->crp_buf, enccrd->crd_skip, + enccrd->crd_len, buf); + out: if (allocated) { explicit_bzero(buf, enccrd->crd_len);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806231820.w5NIKHaS051052>