From owner-p4-projects@FreeBSD.ORG Mon Sep 8 04:52:41 2014 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 4B127E68; Mon, 8 Sep 2014 04:52:41 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5A3227AF for ; Mon, 8 Sep 2014 04:51:08 +0000 (UTC) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:1900:2254:2068::682:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 17B121E93 for ; Mon, 8 Sep 2014 04:51:08 +0000 (UTC) Received: from skunkworks.freebsd.org ([127.0.1.74]) by skunkworks.freebsd.org (8.14.9/8.14.9) with ESMTP id s884p7PK026963 for ; Mon, 8 Sep 2014 04:51:07 GMT (envelope-from jmg@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.9/8.14.9/Submit) id s884p7mo026960 for perforce@freebsd.org; Mon, 8 Sep 2014 04:51:07 GMT (envelope-from jmg@freebsd.org) Date: Mon, 8 Sep 2014 04:51:07 GMT Message-Id: <201409080451.s884p7mo026960@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to jmg@freebsd.org using -f From: John-Mark Gurney Subject: PERFORCE change 1199492 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.18-1 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2014 04:52:41 -0000 http://p4web.freebsd.org/@@1199492?ac=10 Change 1199492 by jmg@jmg_carbon2 on 2014/08/29 00:27:25 This is only useful for CBC... I had it commented out as for ICM it would pass a negative offset in, since ICM allows a size smaller than AES block size... Sponsered by: FreeBSD Foundation Affected files ... .. //depot/projects/opencrypto/sys/crypto/aesni/aesni.c#7 edit Differences ... ==== //depot/projects/opencrypto/sys/crypto/aesni/aesni.c#7 (text+ko) ==== @@ -590,12 +590,13 @@ crypto_copyback(crp->crp_flags, crp->crp_buf, enccrd->crd_skip, enccrd->crd_len, buf); - /* OpenBSD doesn't copy this back. Why not? */ + /* + * OpenBSD doesn't copy this back. This primes the IV for the next + * chain. Why do we not do it for decrypt? + */ /*printf("t: %d, %d, %d, %d\n", enccrd->crd_skip, enccrd->crd_len, enccrd->crd_skip + enccrd->crd_len - AES_BLOCK_LEN, AES_BLOCK_LEN);*/ - if (encflag && 0) - crypto_copydata(crp->crp_flags, crp->crp_buf, - enccrd->crd_skip + enccrd->crd_len - AES_BLOCK_LEN, - AES_BLOCK_LEN, ses->iv); + if (encflag && enccrd->crd_alg == CRYPTO_AES_CBC) + bcopy(buf + enccrd->crd_len - AES_BLOCK_LEN, ses->iv, AES_BLOCK_LEN); if (!error && authcrd != NULL) { crypto_copyback(crp->crp_flags, crp->crp_buf,