mirror of
https://github.com/opnsense/src.git
synced 2026-05-28 04:12:45 -04:00
aesni(4): Fix {de,en}crypt operations that allocated a buffer
aesni(4) allocates a contiguous buffer for the data it processes if the
provided input was not already virtually contiguous, and copies the input
there. It performs encryption or decryption in-place.
r324037 removed the logic that then copied the processed data back to the
user-provided input buffer, breaking {de,enc}crypt for mbuf chains or
iovecs with more than a single descriptor.
PR: 228094 (probably, not confirmed)
Submitted by: Sean Fagan <kithrup AT me.com>
Reported by: Emeric POUPON <emeric.poupon AT stormshield.eu>
X-MFC-With: 324037
Security: could result in plaintext being output by "encrypt"
operation
This commit is contained in:
Conrad Meyer
parent
7d0ffa388e
commit
e50f10b5a4
1 changed files with 4 additions and 0 deletions
|
|
@ -890,6 +890,10 @@ aesni_cipher_crypt(struct aesni_session *ses, struct cryptodesc *enccrd,
|
|||
break;
|
||||
}
|
||||
|
||||
if (allocated)
|
||||
crypto_copyback(crp->crp_flags, crp->crp_buf, enccrd->crd_skip,
|
||||
enccrd->crd_len, buf);
|
||||
|
||||
out:
|
||||
if (allocated) {
|
||||
explicit_bzero(buf, enccrd->crd_len);
|
||||
|
|
|
|||
Loading…
Reference in a new issue