Update to FreeBSD head 2018-04-01

Git mirror commit 8dfb1ccc26d1cea7e2529303003ff61f9f1784c4.

Update #3472.

1 files changed, 77 insertions, 17 deletions

diff --git a/freebsd/sys/opencrypto/cryptosoft.c b/freebsd/sys/opencrypto/cryptosoft.c
index b2828452..55e98b13 100644
--- a/freebsd/sys/opencrypto/cryptosoft.c
+++ b/freebsd/sys/opencrypto/cryptosoft.c
@@ -250,21 +250,29 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
 				break;
 		}
 
-		/*
-		 * Warning: idat may point to garbage here, but
-		 * we only use it in the while() loop, only if
-		 * there are indeed enough data.
-		 */
-		idat = (char *)uio->uio_iov[ind].iov_base + k;
-
 		while (uio->uio_iov[ind].iov_len >= k + blks && i > 0) {
+			size_t nb, rem;
+
+			nb = blks;
+			rem = uio->uio_iov[ind].iov_len - k;
+			idat = (char *)uio->uio_iov[ind].iov_base + k;
+
 			if (exf->reinit) {
-				if (crd->crd_flags & CRD_F_ENCRYPT) {
+				if ((crd->crd_flags & CRD_F_ENCRYPT) != 0 &&
+				    exf->encrypt_multi == NULL)
 					exf->encrypt(sw->sw_kschedule,
 					    idat);
-				} else {
+				else if ((crd->crd_flags & CRD_F_ENCRYPT) != 0) {
+					nb = rounddown(rem, blks);
+					exf->encrypt_multi(sw->sw_kschedule,
+					    idat, nb);
+				} else if (exf->decrypt_multi == NULL)
 					exf->decrypt(sw->sw_kschedule,
 					    idat);
+				else {
+					nb = rounddown(rem, blks);
+					exf->decrypt_multi(sw->sw_kschedule,
+					    idat, nb);
 				}
 			} else if (crd->crd_flags & CRD_F_ENCRYPT) {
 				/* XOR with previous block/IV */
@@ -290,10 +298,10 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
 				ivp = nivp;
 			}
 
-			idat += blks;
-			count += blks;
-			k += blks;
-			i -= blks;
+			idat += nb;
+			count += nb;
+			k += nb;
+			i -= nb;
 		}
 
 		/*
@@ -374,6 +382,11 @@ swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key,
 		axf->Final(buf, sw->sw_ictx);
 		break;
 	}
+	case CRYPTO_BLAKE2B:
+	case CRYPTO_BLAKE2S:
+		axf->Setkey(sw->sw_ictx, key, klen);
+		axf->Init(sw->sw_ictx);
+		break;
 	default:
 		printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d "
 		    "doesn't use keys.\n", __func__, axf->type);
@@ -440,6 +453,8 @@ swcr_authcompute(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
 		axf->Final(aalg, &ctx);
 		break;
 
+	case CRYPTO_BLAKE2B:
+	case CRYPTO_BLAKE2S:
 	case CRYPTO_NULL_HMAC:
 		axf->Final(aalg, &ctx);
 		break;
@@ -561,14 +576,26 @@ swcr_authenc(struct cryptop *crp)
 		exf->reinit(swe->sw_kschedule, iv);
 
 	/* Do encryption/decryption with MAC */
-	for (i = 0; i < crde->crd_len; i += blksz) {
-		len = MIN(crde->crd_len - i, blksz);
+	for (i = 0; i < crde->crd_len; i += len) {
+		if (exf->encrypt_multi != NULL) {
+			len = rounddown(crde->crd_len - i, blksz);
+			if (len == 0)
+				len = blksz;
+			else
+				len = MIN(len, sizeof(blkbuf));
+		} else
+			len = blksz;
+		len = MIN(crde->crd_len - i, len);
 		if (len < blksz)
 			bzero(blk, blksz);
 		crypto_copydata(crp->crp_flags, buf, crde->crd_skip + i, len,
 		    blk);
 		if (crde->crd_flags & CRD_F_ENCRYPT) {
-			exf->encrypt(swe->sw_kschedule, blk);
+			if (exf->encrypt_multi != NULL)
+				exf->encrypt_multi(swe->sw_kschedule, blk,
+				    len);
+			else
+				exf->encrypt(swe->sw_kschedule, blk);
 			axf->Update(&ctx, blk, len);
 			crypto_copyback(crp->crp_flags, buf,
 			    crde->crd_skip + i, len, blk);
@@ -805,6 +832,9 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
 		case CRYPTO_NULL_CBC:
 			txf = &enc_xform_null;
 			goto enccommon;
+		case CRYPTO_CHACHA20:
+			txf = &enc_xform_chacha20;
+			goto enccommon;
 		enccommon:
 			if (cri->cri_key != NULL) {
 				error = txf->setkey(&((*swd)->sw_kschedule),
@@ -948,6 +978,25 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
 			(*swd)->sw_axf = axf;
 			break;
 
+		case CRYPTO_BLAKE2B:
+			axf = &auth_hash_blake2b;
+			goto auth5common;
+		case CRYPTO_BLAKE2S:
+			axf = &auth_hash_blake2s;
+		auth5common:
+			(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
+			    M_NOWAIT);
+			if ((*swd)->sw_ictx == NULL) {
+				swcr_freesession_locked(dev, i);
+				rw_runlock(&swcr_sessions_lock);
+				return ENOBUFS;
+			}
+			axf->Setkey((*swd)->sw_ictx, cri->cri_key,
+			    cri->cri_klen / 8);
+			axf->Init((*swd)->sw_ictx);
+			(*swd)->sw_axf = axf;
+			break;
+
 		case CRYPTO_DEFLATE_COMP:
 			cxf = &comp_algo_deflate;
 			(*swd)->sw_cxf = cxf;
@@ -1012,6 +1061,7 @@ swcr_freesession_locked(device_t dev, u_int64_t tid)
 		case CRYPTO_AES_NIST_GMAC:
 		case CRYPTO_CAMELLIA_CBC:
 		case CRYPTO_NULL_CBC:
+		case CRYPTO_CHACHA20:
 			txf = swd->sw_exf;
 
 			if (swd->sw_kschedule)
@@ -1051,12 +1101,16 @@ swcr_freesession_locked(device_t dev, u_int64_t tid)
 			}
 			break;
 
+		case CRYPTO_BLAKE2B:
+		case CRYPTO_BLAKE2S:
 		case CRYPTO_MD5:
 		case CRYPTO_SHA1:
 			axf = swd->sw_axf;
 
-			if (swd->sw_ictx)
+			if (swd->sw_ictx) {
+				explicit_bzero(swd->sw_ictx, axf->ctxsize);
 				free(swd->sw_ictx, M_CRYPTO_DATA);
+			}
 			break;
 
 		case CRYPTO_DEFLATE_COMP:
@@ -1137,6 +1191,7 @@ swcr_process(device_t dev, struct cryptop *crp, int hint)
 		case CRYPTO_AES_XTS:
 		case CRYPTO_AES_ICM:
 		case CRYPTO_CAMELLIA_CBC:
+		case CRYPTO_CHACHA20:
 			if ((crp->crp_etype = swcr_encdec(crd, sw,
 			    crp->crp_buf, crp->crp_flags)) != 0)
 				goto done;
@@ -1155,6 +1210,8 @@ swcr_process(device_t dev, struct cryptop *crp, int hint)
 		case CRYPTO_SHA1_KPDK:
 		case CRYPTO_MD5:
 		case CRYPTO_SHA1:
+		case CRYPTO_BLAKE2B:
+		case CRYPTO_BLAKE2S:
 			if ((crp->crp_etype = swcr_authcompute(crd, sw,
 			    crp->crp_buf, crp->crp_flags)) != 0)
 				goto done;
@@ -1246,6 +1303,9 @@ swcr_attach(device_t dev)
 	REGISTER(CRYPTO_AES_256_NIST_GMAC);
  	REGISTER(CRYPTO_CAMELLIA_CBC);
 	REGISTER(CRYPTO_DEFLATE_COMP);
+	REGISTER(CRYPTO_BLAKE2B);
+	REGISTER(CRYPTO_BLAKE2S);
+	REGISTER(CRYPTO_CHACHA20);
 #undef REGISTER
 
 	return 0;