Differential D32109 Diff 96378 sys/opencrypto/cryptodev.c

Changeset View

Standalone View

sys/opencrypto/cryptodev.c

Show First 20 Lines • Show All 775 Lines • ▼ Show 20 Lines	cryptodev_op(struct csession cse, const struct crypt_op cop)
int error;		int error;

if (cop->len > 256*1024-4) {		if (cop->len > 256*1024-4) {
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (E2BIG);		return (E2BIG);
}		}

if (cse->txform) {		if (cse->txform) {
if (cop->len == 0 \|\| (cop->len % cse->txform->blocksize) != 0) {		if ((cop->len % cse->txform->blocksize) != 0) {
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);		return (EINVAL);
}		}
}		}

if (cop->mac && cse->hashsize == 0) {		if (cop->mac && cse->hashsize == 0) {
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);		return (EINVAL);
Show All 38 Lines	case COP_DECRYPT:
break;		break;
default:		default:
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
error = EINVAL;		error = EINVAL;
goto bail;		goto bail;
}		}
break;		break;
case CSP_MODE_CIPHER:		case CSP_MODE_CIPHER:
		if (cop->len == 0 \|\|
		jhbAuthorUnsubmitted Done Inline Actions This is the change I talked about over in D32123 where I had relaxed this requirement for all but CSP_MODE_CIPHER. I think we could further refine this to check for cop->len == cse->ivsize if cop->iv is NULL. jhb: This is the change I talked about over in D32123 where I had relaxed this requirement for all…
		markjUnsubmitted Done Inline Actions Yes, I think that is necessary. markj: Yes, I think that is necessary.
		(cop->iv == NULL && cop->len == cse->ivsize)) {
		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
		error = EINVAL;
		goto bail;
		}
switch (cop->op) {		switch (cop->op) {
case COP_ENCRYPT:		case COP_ENCRYPT:
crp->crp_op = CRYPTO_OP_ENCRYPT;		crp->crp_op = CRYPTO_OP_ENCRYPT;
break;		break;
case COP_DECRYPT:		case COP_DECRYPT:
crp->crp_op = CRYPTO_OP_DECRYPT;		crp->crp_op = CRYPTO_OP_DECRYPT;
break;		break;
default:		default:
▲ Show 20 Lines • Show All 66 Lines • ▼ Show 20 Lines	if (cop->iv) {
}		}
crp->crp_flags \|= CRYPTO_F_IV_SEPARATE;		crp->crp_flags \|= CRYPTO_F_IV_SEPARATE;
} else if (cse->ivsize != 0) {		} else if (cse->ivsize != 0) {
if (crp->crp_payload_length < cse->ivsize) {		if (crp->crp_payload_length < cse->ivsize) {
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
error = EINVAL;		error = EINVAL;
goto bail;		goto bail;
}		}
crp->crp_iv_start = 0;		crp->crp_iv_start = 0;
crp->crp_payload_start += cse->ivsize;
crp->crp_payload_length -= cse->ivsize;		crp->crp_payload_length -= cse->ivsize;
		jhbAuthorUnsubmitted Done Inline Actions In your other review we could perhaps make this conditional on the updated crp_payload_length != 0 if we wanted to keep the assertion in crp_sanity()? jhb: In your other review we could perhaps make this conditional on the updated crp_payload_length !
		markjUnsubmitted Done Inline Actions I think that's fine. To be clear, the idea is to have this instead: crp->crp_payload_length -= cse->ivsize; if (crp->crp_payload_length > 0) crp->crp_payload_start += cse->ivsize; Do you want to just handle this in this review? markj: I think that's fine. To be clear, the idea is to have this instead: ``` crp…
		if (crp->crp_payload_length != 0)
		crp->crp_payload_start = cse->ivsize;
dst += cse->ivsize;		dst += cse->ivsize;
}		}

if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {		if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
error = copyin(cop->mac, cod->buf + crp->crp_digest_start,		error = copyin(cop->mac, cod->buf + crp->crp_digest_start,
cse->hashsize);		cse->hashsize);
if (error) {		if (error) {
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
▲ Show 20 Lines • Show All 498 Lines • Show Last 20 Lines