From owner-svn-src-all@freebsd.org Thu Nov 5 23:26:02 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B76482D35F6; Thu, 5 Nov 2020 23:26:02 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CS0564rSDz3mcm; Thu, 5 Nov 2020 23:26:02 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8E8EC1BA9E; Thu, 5 Nov 2020 23:26:02 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0A5NQ2J7043505; Thu, 5 Nov 2020 23:26:02 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0A5NQ2mD043504; Thu, 5 Nov 2020 23:26:02 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202011052326.0A5NQ2mD043504@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Thu, 5 Nov 2020 23:26:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r367403 - head/sys/opencrypto X-SVN-Group: head X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: head/sys/opencrypto X-SVN-Commit-Revision: 367403 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Nov 2020 23:26:02 -0000 Author: jhb Date: Thu Nov 5 23:26:02 2020 New Revision: 367403 URL: https://svnweb.freebsd.org/changeset/base/367403 Log: Don't modify the destination pointer in ioctl requests. This breaks the case where the original pointer was NULL but an in-line IV was used. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D27064 Modified: head/sys/opencrypto/cryptodev.c Modified: head/sys/opencrypto/cryptodev.c ============================================================================== --- head/sys/opencrypto/cryptodev.c Thu Nov 5 22:41:54 2020 (r367402) +++ head/sys/opencrypto/cryptodev.c Thu Nov 5 23:26:02 2020 (r367403) @@ -381,7 +381,7 @@ static struct csession *csecreate(struct fcrypt *, cry struct auth_hash *, void *); static void csefree(struct csession *); -static int cryptodev_op(struct csession *, struct crypt_op *, +static int cryptodev_op(struct csession *, const struct crypt_op *, struct ucred *, struct thread *td); static int cryptodev_aead(struct csession *, struct crypt_aead *, struct ucred *, struct thread *); @@ -942,12 +942,13 @@ cod_free(struct cryptop_data *cod) static int cryptodev_op( struct csession *cse, - struct crypt_op *cop, + const struct crypt_op *cop, struct ucred *active_cred, struct thread *td) { struct cryptop_data *cod = NULL; struct cryptop *crp = NULL; + char *dst; int error; if (cop->len > 256*1024-4) { @@ -980,6 +981,7 @@ cryptodev_op( } cod = cod_alloc(cse, 0, cop->len + cse->hashsize, td); + dst = cop->dst; crp = crypto_getreq(cse->cses, M_WAITOK); @@ -1082,7 +1084,7 @@ cryptodev_op( crp->crp_iv_start = 0; crp->crp_payload_start += cse->ivsize; crp->crp_payload_length -= cse->ivsize; - cop->dst += cse->ivsize; + dst += cse->ivsize; } if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { @@ -1127,7 +1129,7 @@ again: if (cop->dst != NULL) { error = copyout(cod->obuf != NULL ? cod->obuf : - cod->buf + crp->crp_payload_start, cop->dst, + cod->buf + crp->crp_payload_start, dst, crp->crp_payload_length); if (error) { SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); @@ -1160,6 +1162,7 @@ cryptodev_aead( { struct cryptop_data *cod = NULL; struct cryptop *crp = NULL; + char *dst; int error; if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { @@ -1186,6 +1189,7 @@ cryptodev_aead( } cod = cod_alloc(cse, caead->aadlen, caead->len + cse->hashsize, td); + dst = caead->dst; crp = crypto_getreq(cse->cses, M_WAITOK); @@ -1277,7 +1281,7 @@ cryptodev_aead( crp->crp_iv_start = crp->crp_payload_start; crp->crp_payload_start += cse->ivsize; crp->crp_payload_length -= cse->ivsize; - caead->dst += cse->ivsize; + dst += cse->ivsize; } if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { @@ -1322,7 +1326,7 @@ again: if (caead->dst != NULL) { error = copyout(cod->obuf != NULL ? cod->obuf : - cod->buf + crp->crp_payload_start, caead->dst, + cod->buf + crp->crp_payload_start, dst, crp->crp_payload_length); if (error) { SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);