Changeset View
Changeset View
Standalone View
Standalone View
sys/opencrypto/cryptodev.c
Show First 20 Lines • Show All 775 Lines • ▼ Show 20 Lines | cryptodev_op(struct csession *cse, const struct crypt_op *cop) | ||||
int error; | int error; | ||||
if (cop->len > 256*1024-4) { | if (cop->len > 256*1024-4) { | ||||
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | ||||
return (E2BIG); | return (E2BIG); | ||||
} | } | ||||
if (cse->txform) { | if (cse->txform) { | ||||
if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) { | if ((cop->len % cse->txform->blocksize) != 0) { | ||||
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | ||||
return (EINVAL); | return (EINVAL); | ||||
} | } | ||||
} | } | ||||
if (cop->mac && cse->hashsize == 0) { | if (cop->mac && cse->hashsize == 0) { | ||||
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | ||||
return (EINVAL); | return (EINVAL); | ||||
Show All 38 Lines | case COP_DECRYPT: | ||||
break; | break; | ||||
default: | default: | ||||
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | ||||
error = EINVAL; | error = EINVAL; | ||||
goto bail; | goto bail; | ||||
} | } | ||||
break; | break; | ||||
case CSP_MODE_CIPHER: | case CSP_MODE_CIPHER: | ||||
if (cop->len == 0 || | |||||
jhb: This is the change I talked about over in D32123 where I had relaxed this requirement for all… | |||||
Done Inline ActionsYes, I think that is necessary. markj: Yes, I think that is necessary. | |||||
(cop->iv == NULL && cop->len == cse->ivsize)) { | |||||
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | |||||
error = EINVAL; | |||||
goto bail; | |||||
} | |||||
switch (cop->op) { | switch (cop->op) { | ||||
case COP_ENCRYPT: | case COP_ENCRYPT: | ||||
crp->crp_op = CRYPTO_OP_ENCRYPT; | crp->crp_op = CRYPTO_OP_ENCRYPT; | ||||
break; | break; | ||||
case COP_DECRYPT: | case COP_DECRYPT: | ||||
crp->crp_op = CRYPTO_OP_DECRYPT; | crp->crp_op = CRYPTO_OP_DECRYPT; | ||||
break; | break; | ||||
default: | default: | ||||
▲ Show 20 Lines • Show All 66 Lines • ▼ Show 20 Lines | if (cop->iv) { | ||||
} | } | ||||
crp->crp_flags |= CRYPTO_F_IV_SEPARATE; | crp->crp_flags |= CRYPTO_F_IV_SEPARATE; | ||||
} else if (cse->ivsize != 0) { | } else if (cse->ivsize != 0) { | ||||
if (crp->crp_payload_length < cse->ivsize) { | if (crp->crp_payload_length < cse->ivsize) { | ||||
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | ||||
error = EINVAL; | error = EINVAL; | ||||
goto bail; | goto bail; | ||||
} | } | ||||
crp->crp_iv_start = 0; | crp->crp_iv_start = 0; | ||||
crp->crp_payload_start += cse->ivsize; | |||||
crp->crp_payload_length -= cse->ivsize; | crp->crp_payload_length -= cse->ivsize; | ||||
Done Inline ActionsIn your other review we could perhaps make this conditional on the updated crp_payload_length != 0 if we wanted to keep the assertion in crp_sanity()? jhb: In your other review we could perhaps make this conditional on the updated crp_payload_length ! | |||||
Done Inline ActionsI think that's fine. To be clear, the idea is to have this instead: crp->crp_payload_length -= cse->ivsize; if (crp->crp_payload_length > 0) crp->crp_payload_start += cse->ivsize; Do you want to just handle this in this review? markj: I think that's fine. To be clear, the idea is to have this instead:
```
crp… | |||||
if (crp->crp_payload_length != 0) | |||||
crp->crp_payload_start = cse->ivsize; | |||||
dst += cse->ivsize; | dst += cse->ivsize; | ||||
} | } | ||||
if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { | if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { | ||||
error = copyin(cop->mac, cod->buf + crp->crp_digest_start, | error = copyin(cop->mac, cod->buf + crp->crp_digest_start, | ||||
cse->hashsize); | cse->hashsize); | ||||
if (error) { | if (error) { | ||||
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | ||||
▲ Show 20 Lines • Show All 498 Lines • Show Last 20 Lines |
This is the change I talked about over in D32123 where I had relaxed this requirement for all but CSP_MODE_CIPHER.
I think we could further refine this to check for cop->len == cse->ivsize if cop->iv is NULL.