Author: jhb Date: Thu Nov 5 23:26:02 2020 New Revision: 367403 URL: https://svnweb.freebsd.org/changeset/base/367403
Log: Don't modify the destination pointer in ioctl requests. This breaks the case where the original pointer was NULL but an in-line IV was used. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D27064 Modified: head/sys/opencrypto/cryptodev.c Modified: head/sys/opencrypto/cryptodev.c ============================================================================== --- head/sys/opencrypto/cryptodev.c Thu Nov 5 22:41:54 2020 (r367402) +++ head/sys/opencrypto/cryptodev.c Thu Nov 5 23:26:02 2020 (r367403) @@ -381,7 +381,7 @@ static struct csession *csecreate(struct fcrypt *, cry struct auth_hash *, void *); static void csefree(struct csession *); -static int cryptodev_op(struct csession *, struct crypt_op *, +static int cryptodev_op(struct csession *, const struct crypt_op *, struct ucred *, struct thread *td); static int cryptodev_aead(struct csession *, struct crypt_aead *, struct ucred *, struct thread *); @@ -942,12 +942,13 @@ cod_free(struct cryptop_data *cod) static int cryptodev_op( struct csession *cse, - struct crypt_op *cop, + const struct crypt_op *cop, struct ucred *active_cred, struct thread *td) { struct cryptop_data *cod = NULL; struct cryptop *crp = NULL; + char *dst; int error; if (cop->len > 256*1024-4) { @@ -980,6 +981,7 @@ cryptodev_op( } cod = cod_alloc(cse, 0, cop->len + cse->hashsize, td); + dst = cop->dst; crp = crypto_getreq(cse->cses, M_WAITOK); @@ -1082,7 +1084,7 @@ cryptodev_op( crp->crp_iv_start = 0; crp->crp_payload_start += cse->ivsize; crp->crp_payload_length -= cse->ivsize; - cop->dst += cse->ivsize; + dst += cse->ivsize; } if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { @@ -1127,7 +1129,7 @@ again: if (cop->dst != NULL) { error = copyout(cod->obuf != NULL ? cod->obuf : - cod->buf + crp->crp_payload_start, cop->dst, + cod->buf + crp->crp_payload_start, dst, crp->crp_payload_length); if (error) { SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); @@ -1160,6 +1162,7 @@ cryptodev_aead( { struct cryptop_data *cod = NULL; struct cryptop *crp = NULL; + char *dst; int error; if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { @@ -1186,6 +1189,7 @@ cryptodev_aead( } cod = cod_alloc(cse, caead->aadlen, caead->len + cse->hashsize, td); + dst = caead->dst; crp = crypto_getreq(cse->cses, M_WAITOK); @@ -1277,7 +1281,7 @@ cryptodev_aead( crp->crp_iv_start = crp->crp_payload_start; crp->crp_payload_start += cse->ivsize; crp->crp_payload_length -= cse->ivsize; - caead->dst += cse->ivsize; + dst += cse->ivsize; } if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { @@ -1322,7 +1326,7 @@ again: if (caead->dst != NULL) { error = copyout(cod->obuf != NULL ? cod->obuf : - cod->buf + crp->crp_payload_start, caead->dst, + cod->buf + crp->crp_payload_start, dst, crp->crp_payload_length); if (error) { SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
