svn commit: r335584 - head/sys/crypto/aesni
Conrad Meyer
cem at FreeBSD.org
Sat Jun 23 18:20:18 UTC 2018
Author: cem
Date: Sat Jun 23 18:20:17 2018
New Revision: 335584
URL: https://svnweb.freebsd.org/changeset/base/335584
Log:
aesni(4): Fix {de,en}crypt operations that allocated a buffer
aesni(4) allocates a contiguous buffer for the data it processes if the
provided input was not already virtually contiguous, and copies the input
there. It performs encryption or decryption in-place.
r324037 removed the logic that then copied the processed data back to the
user-provided input buffer, breaking {de,enc}crypt for mbuf chains or
iovecs with more than a single descriptor.
PR: 228094 (probably, not confirmed)
Submitted by: Sean Fagan <kithrup AT me.com>
Reported by: Emeric POUPON <emeric.poupon AT stormshield.eu>
X-MFC-With: 324037
Security: could result in plaintext being output by "encrypt"
operation
Modified:
head/sys/crypto/aesni/aesni.c
Modified: head/sys/crypto/aesni/aesni.c
==============================================================================
--- head/sys/crypto/aesni/aesni.c Sat Jun 23 17:24:19 2018 (r335583)
+++ head/sys/crypto/aesni/aesni.c Sat Jun 23 18:20:17 2018 (r335584)
@@ -890,6 +890,10 @@ aesni_cipher_crypt(struct aesni_session *ses, struct c
break;
}
+ if (allocated)
+ crypto_copyback(crp->crp_flags, crp->crp_buf, enccrd->crd_skip,
+ enccrd->crd_len, buf);
+
out:
if (allocated) {
explicit_bzero(buf, enccrd->crd_len);
More information about the svn-src-all
mailing list