diff options
| author | John Baldwin <jhb@FreeBSD.org> | 2020-11-05 23:26:02 +0000 |
|---|---|---|
| committer | John Baldwin <jhb@FreeBSD.org> | 2020-11-05 23:26:02 +0000 |
| commit | 84fea065dbb7a1fd4b1f0493e38f36a347a1a615 (patch) | |
| tree | 0ace378253cff378652556f815e6a0e0b490cdaf /sys/opencrypto/cryptodev.c | |
| parent | 71460dfcb275f0a2a20b39a332b0e1149c6e7e3f (diff) | |
| download | src-84fea065dbb7a1fd4b1f0493e38f36a347a1a615.tar.gz src-84fea065dbb7a1fd4b1f0493e38f36a347a1a615.zip | |
Don't modify the destination pointer in ioctl requests.
This breaks the case where the original pointer was NULL but an
in-line IV was used.
Reviewed by: markj
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D27064
Notes
Notes:
svn path=/head/; revision=367403
Diffstat (limited to 'sys/opencrypto/cryptodev.c')
| -rw-r--r-- | sys/opencrypto/cryptodev.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 3a5da7d2e57a..7982b4342f1f 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -381,7 +381,7 @@ static struct csession *csecreate(struct fcrypt *, crypto_session_t, struct auth_hash *, void *); static void csefree(struct csession *); -static int cryptodev_op(struct csession *, struct crypt_op *, +static int cryptodev_op(struct csession *, const struct crypt_op *, struct ucred *, struct thread *td); static int cryptodev_aead(struct csession *, struct crypt_aead *, struct ucred *, struct thread *); @@ -942,12 +942,13 @@ cod_free(struct cryptop_data *cod) static int cryptodev_op( struct csession *cse, - struct crypt_op *cop, + const struct crypt_op *cop, struct ucred *active_cred, struct thread *td) { struct cryptop_data *cod = NULL; struct cryptop *crp = NULL; + char *dst; int error; if (cop->len > 256*1024-4) { @@ -980,6 +981,7 @@ cryptodev_op( } cod = cod_alloc(cse, 0, cop->len + cse->hashsize, td); + dst = cop->dst; crp = crypto_getreq(cse->cses, M_WAITOK); @@ -1082,7 +1084,7 @@ cryptodev_op( crp->crp_iv_start = 0; crp->crp_payload_start += cse->ivsize; crp->crp_payload_length -= cse->ivsize; - cop->dst += cse->ivsize; + dst += cse->ivsize; } if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { @@ -1127,7 +1129,7 @@ again: if (cop->dst != NULL) { error = copyout(cod->obuf != NULL ? cod->obuf : - cod->buf + crp->crp_payload_start, cop->dst, + cod->buf + crp->crp_payload_start, dst, crp->crp_payload_length); if (error) { SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); @@ -1160,6 +1162,7 @@ cryptodev_aead( { struct cryptop_data *cod = NULL; struct cryptop *crp = NULL; + char *dst; int error; if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { @@ -1186,6 +1189,7 @@ cryptodev_aead( } cod = cod_alloc(cse, caead->aadlen, caead->len + cse->hashsize, td); + dst = caead->dst; crp = crypto_getreq(cse->cses, M_WAITOK); @@ -1277,7 +1281,7 @@ cryptodev_aead( crp->crp_iv_start = crp->crp_payload_start; crp->crp_payload_start += cse->ivsize; crp->crp_payload_length -= cse->ivsize; - caead->dst += cse->ivsize; + dst += cse->ivsize; } if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { @@ -1322,7 +1326,7 @@ again: if (caead->dst != NULL) { error = copyout(cod->obuf != NULL ? cod->obuf : - cod->buf + crp->crp_payload_start, caead->dst, + cod->buf + crp->crp_payload_start, dst, crp->crp_payload_length); if (error) { SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); |