d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

safexcel: Set the context record unconditionally

Browse Source 
The condition added in commit 5bdb8b273a excludes plain SHA
transforms, so for such sessions crypto operations would return
incorrect results.

Fixes:	5bdb8b273a ("safexcel: Maintain per-session context records")
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Mark Johnston 2021-10-18 09:40:47 -04:00
parent b0423d0f5e
commit 36e4dcf47d
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
sys/dev/safexcel/safexcel.c
View File

@ -2520,15 +2520,12 @@ safexcel_newsession(device_t dev, crypto_session_t cses,
if (csp->csp_auth_mlen != 0)
sess->digestlen = csp->csp_auth_mlen;
if ((csp->csp_cipher_alg == 0 || csp->csp_cipher_key != NULL) &&
(csp->csp_auth_alg == 0 || csp->csp_auth_key != NULL)) {
sess->encctx.len = safexcel_set_context(&sess->encctx.ctx,
CRYPTO_OP_ENCRYPT, csp->csp_cipher_key, csp->csp_auth_key,
sess);
sess->decctx.len = safexcel_set_context(&sess->decctx.ctx,
CRYPTO_OP_DECRYPT, csp->csp_cipher_key, csp->csp_auth_key,
sess);
}
sess->encctx.len = safexcel_set_context(&sess->encctx.ctx,
CRYPTO_OP_ENCRYPT, csp->csp_cipher_key, csp->csp_auth_key,
sess);
sess->decctx.len = safexcel_set_context(&sess->decctx.ctx,
CRYPTO_OP_DECRYPT, csp->csp_cipher_key, csp->csp_auth_key,
sess);
return (0);
}