The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=61ff0a1f8145622a4db669715fc04e9358e643a6
commit 61ff0a1f8145622a4db669715fc04e9358e643a6 Author: John Baldwin <[email protected]> AuthorDate: 2021-12-30 01:50:23 +0000 Commit: John Baldwin <[email protected]> CommitDate: 2021-12-30 01:50:23 +0000 /dev/crypto: Store blocksize in cse rather than txform pointer. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D33614 --- sys/opencrypto/cryptodev.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index b8b727653847..a8c9f04e1fb7 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -269,7 +269,7 @@ struct csession { uint32_t ses; struct mtx lock; /* for op submission */ - const struct enc_xform *txform; + u_int blocksize; int hashsize; int ivsize; @@ -499,7 +499,6 @@ cse_create(struct fcrypt *fcr, struct session2_op *sop) cse->key = key; cse->mackey = mackey; cse->cses = cses; - cse->txform = txform; if (sop->maclen != 0) cse->hashsize = sop->maclen; else if (thash != NULL) @@ -508,6 +507,16 @@ cse_create(struct fcrypt *fcr, struct session2_op *sop) cse->hashsize = txform->macsize; cse->ivsize = csp.csp_ivlen; + /* + * NB: This isn't necessarily the block size of the underlying + * MAC or cipher but is instead a restriction on valid input + * sizes. + */ + if (txform != NULL) + cse->blocksize = txform->blocksize; + else + cse->blocksize = 1; + mtx_lock(&fcr->lock); TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); cse->ses = fcr->sesn++; @@ -635,11 +644,9 @@ cryptodev_op(struct csession *cse, const struct crypt_op *cop) return (E2BIG); } - if (cse->txform) { - if ((cop->len % cse->txform->blocksize) != 0) { - SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); - return (EINVAL); - } + if ((cop->len % cse->blocksize) != 0) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); + return (EINVAL); } if (cop->mac && cse->hashsize == 0) { @@ -866,8 +873,12 @@ cryptodev_aead(struct csession *cse, struct crypt_aead *caead) return (E2BIG); } - if (cse->txform == NULL || cse->hashsize == 0 || caead->tag == NULL || - (caead->len % cse->txform->blocksize) != 0) { + if ((caead->len % cse->blocksize) != 0) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); + return (EINVAL); + } + + if (cse->hashsize == 0 || caead->tag == NULL) { SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); }
