From owner-svn-src-all@freebsd.org  Thu May 28 09:13:21 2020
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 790B832B840;
 Thu, 28 May 2020 09:13:21 +0000 (UTC) (envelope-from mw@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49XhnY2bw3z4Fys;
 Thu, 28 May 2020 09:13:21 +0000 (UTC) (envelope-from mw@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5495623CBD;
 Thu, 28 May 2020 09:13:21 +0000 (UTC) (envelope-from mw@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04S9DLbB013797;
 Thu, 28 May 2020 09:13:21 GMT (envelope-from mw@FreeBSD.org)
Received: (from mw@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04S9DKWv013795;
 Thu, 28 May 2020 09:13:20 GMT (envelope-from mw@FreeBSD.org)
Message-Id: <202005280913.04S9DKWv013795@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: mw set sender to mw@FreeBSD.org
 using -f
From: Marcin Wojtas <mw@FreeBSD.org>
Date: Thu, 28 May 2020 09:13:20 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r361583 - head/sys/crypto/aesni
X-SVN-Group: head
X-SVN-Commit-Author: mw
X-SVN-Commit-Paths: head/sys/crypto/aesni
X-SVN-Commit-Revision: 361583
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2020 09:13:21 -0000

Author: mw
Date: Thu May 28 09:13:20 2020
New Revision: 361583
URL: https://svnweb.freebsd.org/changeset/base/361583

Log:
  Change return types of hash update functions in SHA-NI
  
  r359374 introduced crypto_apply function which takes as argument a function pointer
  that is expected to return an int, however aesni hash update functions
  return void.
  Because of that the function pointer passed was simply cast with
  its return value changed.
  This resulted in undefined behavior, in particular when mbuf is used, (ipsec)
  m_apply checks return value of function pointer passed to it
  and in our case bogusly fails after calculating hash of the first mbuf
  in chain.
  Fix it by changing signatures of sha update routines in aesni and
  dropping the casts.
  
  Submitted by: Kornel Duleba
  Reviewed by: jhb, cem
  Obtained from: Semihalf
  Sponsored by: Stormshield
  Differential Revision: https://reviews.freebsd.org/D25030

Modified:
  head/sys/crypto/aesni/aesni.c
  head/sys/crypto/aesni/aesni.h

Modified: head/sys/crypto/aesni/aesni.c
==============================================================================
--- head/sys/crypto/aesni/aesni.c	Thu May 28 08:41:18 2020	(r361582)
+++ head/sys/crypto/aesni/aesni.c	Thu May 28 09:13:20 2020	(r361583)
@@ -386,8 +386,8 @@ DRIVER_MODULE(aesni, nexus, aesni_driver, aesni_devcla
 MODULE_VERSION(aesni, 1);
 MODULE_DEPEND(aesni, crypto, 1, 1, 1);
 
-static void
-intel_sha1_update(void *vctx, const void *vdata, u_int datalen)
+static int
+intel_sha1_update(void *vctx, void *vdata, u_int datalen)
 {
 	struct sha1_ctxt *ctx = vctx;
 	const char *data = vdata;
@@ -419,6 +419,8 @@ intel_sha1_update(void *vctx, const void *vdata, u_int
 			intel_sha1_step(ctx->h.b32, (void *)ctx->m.b8, 1);
 		off += copysiz;
 	}
+
+	return (0);
 }
 
 static void
@@ -433,8 +435,8 @@ SHA1_Finalize_fn(void *digest, void *ctx)
 	sha1_result(ctx, digest);
 }
 
-static void
-intel_sha256_update(void *vctx, const void *vdata, u_int len)
+static int
+intel_sha256_update(void *vctx, void *vdata, u_int len)
 {
 	SHA256_CTX *ctx = vctx;
 	uint64_t bitlen;
@@ -454,7 +456,7 @@ intel_sha256_update(void *vctx, const void *vdata, u_i
 	/* Handle the case where we don't need to perform any transforms */
 	if (len < 64 - r) {
 		memcpy(&ctx->buf[r], src, len);
-		return;
+		return (0);
 	}
 
 	/* Finish the current block */
@@ -473,6 +475,8 @@ intel_sha256_update(void *vctx, const void *vdata, u_i
 
 	/* Copy left over data into buffer */
 	memcpy(ctx->buf, src, len);
+
+	return (0);
 }
 
 static void
@@ -844,20 +848,16 @@ aesni_cipher_mac(struct aesni_session *ses, struct cry
 		ses->hash_update(&sctx, hmac_key, sizeof(hmac_key));
 
 		crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length,
-		    __DECONST(int (*)(void *, void *, u_int), ses->hash_update),
-		    &sctx);
+		    ses->hash_update, &sctx);
 		if (CRYPTO_HAS_OUTPUT_BUFFER(crp) &&
 		    CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
 			crypto_apply_buf(&crp->crp_obuf,
 			    crp->crp_payload_output_start,
 			    crp->crp_payload_length,
-			    __DECONST(int (*)(void *, void *, u_int),
-			    ses->hash_update), &sctx);
+			    ses->hash_update, &sctx);
 		else
 			crypto_apply(crp, crp->crp_payload_start,
-			    crp->crp_payload_length,
-			    __DECONST(int (*)(void *, void *, u_int),
-			    ses->hash_update), &sctx);
+			    crp->crp_payload_length, ses->hash_update, &sctx);
 		ses->hash_finalize(res, &sctx);
 
 		/* Outer hash: (K ^ OPAD) || inner hash */
@@ -873,20 +873,17 @@ aesni_cipher_mac(struct aesni_session *ses, struct cry
 		ses->hash_init(&sctx);
 
 		crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length,
-		    __DECONST(int (*)(void *, void *, u_int), ses->hash_update),
-		    &sctx);
+		    ses->hash_update, &sctx);
 		if (CRYPTO_HAS_OUTPUT_BUFFER(crp) &&
 		    CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
 			crypto_apply_buf(&crp->crp_obuf,
 			    crp->crp_payload_output_start,
 			    crp->crp_payload_length,
-			    __DECONST(int (*)(void *, void *, u_int),
-			    ses->hash_update), &sctx);
+			    ses->hash_update, &sctx);
 		else
 			crypto_apply(crp, crp->crp_payload_start,
 			    crp->crp_payload_length,
-			    __DECONST(int (*)(void *, void *, u_int),
-			    ses->hash_update), &sctx);
+			    ses->hash_update, &sctx);
 
 		ses->hash_finalize(res, &sctx);
 	}

Modified: head/sys/crypto/aesni/aesni.h
==============================================================================
--- head/sys/crypto/aesni/aesni.h	Thu May 28 08:41:18 2020	(r361582)
+++ head/sys/crypto/aesni/aesni.h	Thu May 28 09:13:20 2020	(r361583)
@@ -63,7 +63,7 @@ struct aesni_session {
 	int mlen;
 	int hash_len;
 	void (*hash_init)(void *);
-	void (*hash_update)(void *, const void *, unsigned);
+	int (*hash_update)(void *, void *, unsigned);
 	void (*hash_finalize)(void *, void *);
 	bool hmac;
 };