From e50f10b5a4c10361c0b63e208de2f85f86feefea Mon Sep 17 00:00:00 2001
From: Conrad Meyer <cem@FreeBSD.org>
Date: Sat, 23 Jun 2018 18:20:17 +0000
Subject: [PATCH] aesni(4): Fix {de,en}crypt operations that allocated a buffer

aesni(4) allocates a contiguous buffer for the data it processes if the
provided input was not already virtually contiguous, and copies the input
there.  It performs encryption or decryption in-place.

r324037 removed the logic that then copied the processed data back to the
user-provided input buffer, breaking {de,enc}crypt for mbuf chains or
iovecs with more than a single descriptor.

PR:		228094 (probably, not confirmed)
Submitted by:	Sean Fagan <kithrup AT me.com>
Reported by:	Emeric POUPON <emeric.poupon AT stormshield.eu>
X-MFC-With:	324037
Security:	could result in plaintext being output by "encrypt"
		operation
---
 sys/crypto/aesni/aesni.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/crypto/aesni/aesni.c b/sys/crypto/aesni/aesni.c
index 8a61a5ec9b6..5d259f3c708 100644
--- a/sys/crypto/aesni/aesni.c
+++ b/sys/crypto/aesni/aesni.c
@@ -890,6 +890,10 @@ aesni_cipher_crypt(struct aesni_session *ses, struct cryptodesc *enccrd,
 		break;
 	}
 
+	if (allocated)
+		crypto_copyback(crp->crp_flags, crp->crp_buf, enccrd->crd_skip,
+		    enccrd->crd_len, buf);
+
 out:
 	if (allocated) {
 		explicit_bzero(buf, enccrd->crd_len);