freebsd-dev/sys/opencrypto
Conrad Meyer 179b21e8b1 cryptosoft: Do not exceed crd_len around *crypt_multi
When a caller passes in a uio or mbuf chain that is longer than crd_len, in
tandem with a transform that supports the multi-block interface,
swcr_encdec() would process the entire mbuf or uio instead of just the
portion indicated by crd_len (+ crd_skip).

De/encryption are performed in-place, so this would trash subsequent uio or
mbuf contents.

This was introduced in r331639 (mea culpa).  It only affects the
{de,en}crypt_multi() family of interfaces.  That interface only has one
consumer transform in-tree (for now): Chacha20.

PR:		227605
Submitted by:	Valentin Vergez <valentin.vergez AT stormshield.eu>
2018-04-19 15:24:21 +00:00
..
cast.c
cast.h
castsb.h
criov.c
crypto.c OCF: CRYPTDEB(): Enhance to allow formatted logging 2018-03-26 22:31:29 +00:00
cryptodeflate.c
cryptodev_if.m
cryptodev.c Move most of the contents of opt_compat.h to opt_global.h. 2018-04-06 17:35:35 +00:00
cryptodev.h opencrypto: Integrate Chacha20 algorithm into OCF 2018-03-29 04:02:50 +00:00
cryptosoft.c cryptosoft: Do not exceed crd_len around *crypt_multi 2018-04-19 15:24:21 +00:00
cryptosoft.h
deflate.h
gfmult.c
gfmult.h
gmac.c
gmac.h
rmd160.c
rmd160.h
skipjack.c
skipjack.h
xform_aes_icm.c
xform_aes_xts.c
xform_auth.h Import Blake2 algorithms (blake2b, blake2s) from libb2 2018-03-21 16:18:14 +00:00
xform_blf.c
xform_cast5.c
xform_cml.c
xform_comp.h
xform_deflate.c
xform_des1.c
xform_des3.c
xform_enc.h opencrypto: Integrate Chacha20 algorithm into OCF 2018-03-29 04:02:50 +00:00
xform_gmac.c
xform_md5.c opencrypto: Use C99 initializers for auth_hash instances 2017-09-26 17:52:52 +00:00
xform_null.c opencrypto: Use C99 initializers for auth_hash instances 2017-09-26 17:52:52 +00:00
xform_rijndael.c
xform_rmd160.c opencrypto: Use C99 initializers for auth_hash instances 2017-09-26 17:52:52 +00:00
xform_sha1.c opencrypto: Use C99 initializers for auth_hash instances 2017-09-26 17:52:52 +00:00
xform_sha2.c opencrypto: Use C99 initializers for auth_hash instances 2017-09-26 17:52:52 +00:00
xform_skipjack.c
xform_userland.h We don't need both _STAND and _STANDALONE. There's more places that 2017-12-02 00:07:09 +00:00
xform.c
xform.h