From owner-p4-projects@FreeBSD.ORG  Thu Oct 16 18:31:54 2014
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id 473C3F91; Thu, 16 Oct 2014 18:31:54 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 06C43F8F
 for <perforce@freebsd.org>; Thu, 16 Oct 2014 18:31:54 +0000 (UTC)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org
 [IPv6:2001:1900:2254:2068::682:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E8442C56
 for <perforce@freebsd.org>; Thu, 16 Oct 2014 18:31:53 +0000 (UTC)
Received: from skunkworks.freebsd.org ([127.0.1.74])
 by skunkworks.freebsd.org (8.14.9/8.14.9) with ESMTP id s9GIVrRw053710
 for <perforce@freebsd.org>; Thu, 16 Oct 2014 18:31:53 GMT
 (envelope-from jmg@freebsd.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.9/8.14.9/Submit) id s9GIVrCo053707
 for perforce@freebsd.org; Thu, 16 Oct 2014 18:31:53 GMT
 (envelope-from jmg@freebsd.org)
Date: Thu, 16 Oct 2014 18:31:53 GMT
Message-Id: <201410161831.s9GIVrCo053707@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 jmg@freebsd.org using -f
From: John-Mark Gurney <jmg@FreeBSD.org>
Subject: PERFORCE change 1201689 for review
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.18-1
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects/>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 18:31:54 -0000

http://p4web.freebsd.org/@@1201689?ac=10

Change 1201689 by jmg@jmg_carbon2 on 2014/10/16 18:31:41

	switch if statements around so that we don't hit a NULL deref...
	
	add comment that _ICM is the same for both encryption and
	decryption...
	
	This is part of the results from reviewing stage 2...
	
	Submitted by:	Mike Hamburg
	Sponsored by:	FreeBSD Foundation
	Sponsored by:	Netgate

Affected files ...

.. //depot/projects/opencrypto/sys/crypto/aesni/aesni.c#10 edit

Differences ...

==== //depot/projects/opencrypto/sys/crypto/aesni/aesni.c#10 (text+ko) ====

@@ -332,14 +332,14 @@
 		}
 	}
 
-	/* CBC & XTS can only handle full blocks for now */
-	if ((enccrd->crd_alg == CRYPTO_AES_CBC || enccrd->crd_alg ==
-	    CRYPTO_AES_XTS) && (enccrd->crd_len % AES_BLOCK_LEN) != 0) {
+	if (enccrd == NULL || (needauth && authcrd == NULL)) {
 		error = EINVAL;
 		goto out;
 	}
 
-	if (enccrd == NULL || (needauth && authcrd == NULL)) {
+	/* CBC & XTS can only handle full blocks for now */
+	if ((enccrd->crd_alg == CRYPTO_AES_CBC || enccrd->crd_alg ==
+	    CRYPTO_AES_XTS) && (enccrd->crd_len % AES_BLOCK_LEN) != 0) {
 		error = EINVAL;
 		goto out;
 	}
@@ -552,6 +552,7 @@
 			    enccrd->crd_len, buf, ses->iv);
 		break;
 	case CRYPTO_AES_ICM:
+		/* encryption & decryption are the same */
 		aesni_encrypt_icm(ses->rounds, ses->enc_schedule,
 		    enccrd->crd_len, buf, buf, ses->iv);
 		break;