Author: cem
Date: Wed Oct 4 21:15:45 2017
New Revision: 324288
URL: https://svnweb.freebsd.org/changeset/base/324288
Log:
aesni(4): CRYPTO_AES_NIST_GCM_16 mandates MAC
Remove some dead conditionals and add an assertion around behavior already
present in aesni_process().
Silence a few Coverity false positives.
CIDs: 1381571, 1381557
Sponsored by: Dell EMC Isilon
Modified:
head/sys/crypto/aesni/aesni.c
Modified: head/sys/crypto/aesni/aesni.c
==============================================================================
--- head/sys/crypto/aesni/aesni.c Wed Oct 4 21:05:44 2017
(r324287)
+++ head/sys/crypto/aesni/aesni.c Wed Oct 4 21:15:45 2017
(r324288)
@@ -773,12 +773,15 @@ aesni_cipher_crypt(struct aesni_session *ses, struct c
int error, ivlen;
bool encflag, allocated, authallocated;
+ KASSERT(ses->algo != CRYPTO_AES_NIST_GCM_16 || authcrd != NULL,
+ ("AES_NIST_GCM_16 must include MAC descriptor"));
+
buf = aesni_cipher_alloc(enccrd, crp, &allocated);
if (buf == NULL)
return (ENOMEM);
authallocated = false;
- if (ses->algo == CRYPTO_AES_NIST_GCM_16 && authcrd != NULL) {
+ if (ses->algo == CRYPTO_AES_NIST_GCM_16) {
authbuf = aesni_cipher_alloc(authcrd, crp, &authallocated);
if (authbuf == NULL) {
error = ENOMEM;
@@ -851,7 +854,7 @@ aesni_cipher_crypt(struct aesni_session *ses, struct c
iv);
break;
case CRYPTO_AES_NIST_GCM_16:
- if (authcrd != NULL && !encflag)
+ if (!encflag)
crypto_copydata(crp->crp_flags, crp->crp_buf,
authcrd->crd_inject, GMAC_DIGEST_LEN, tag);
else
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
