Apply the previous change in esp_input too, same as esp_output.

2018-05-30 16:49:38 +00:00 · 2018-05-30 16:49:38 +00:00 · de1c7e1421
commit de1c7e1421
parent f4ab40f822
1 changed files with 18 additions and 20 deletions
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@ -1,4 +1,4 @@
-/*	$NetBSD: xform_esp.c,v 1.92 2018/05/30 16:43:29 maxv Exp $	*/
+/*	$NetBSD: xform_esp.c,v 1.93 2018/05/30 16:49:38 maxv Exp $	*/
 /*	$FreeBSD: xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */

@ -39,7 +39,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.92 2018/05/30 16:43:29 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.93 2018/05/30 16:49:38 maxv Exp $");

 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@ -317,6 +317,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)

 	esph = sav->tdb_authalgxform;
 	espx = sav->tdb_encalgxform;
+	KASSERT(espx != NULL);

 	/* Determine the ESP header length */
 	if (sav->flags & SADB_X_EXT_OLD)
@ -362,7 +363,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 	ESP_STATADD(ESP_STAT_IBYTES, m->m_pkthdr.len - skip - hlen - alen);

 	/* Get crypto descriptors */
-	crp = crypto_getreq(esph && espx ? 2 : 1);
+	crp = crypto_getreq(esph ? 2 : 1);
 	if (crp == NULL) {
 		DPRINTF(("%s: failed to acquire crypto descriptors\n",
 		    __func__));
@ -396,15 +397,15 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)

 		/* Authentication descriptor */
 		crda->crd_skip = skip;
-		if (espx && espx->type == CRYPTO_AES_GCM_16)
+		if (espx->type == CRYPTO_AES_GCM_16)
 			crda->crd_len = hlen - sav->ivlen;
 		else
 			crda->crd_len = m->m_pkthdr.len - (skip + alen);
 		crda->crd_inject = m->m_pkthdr.len - alen;

 		crda->crd_alg = esph->type;
-		if (espx && (espx->type == CRYPTO_AES_GCM_16 ||
-			     espx->type == CRYPTO_AES_GMAC)) {
+		if (espx->type == CRYPTO_AES_GCM_16 ||
+		    espx->type == CRYPTO_AES_GMAC) {
 			crda->crd_key = _KEYBUF(sav->key_enc);
 			crda->crd_klen = _KEYBITS(sav->key_enc);
 		} else {
@ -454,20 +455,17 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 	tc->tc_sav = sav;

 	/* Decryption descriptor */
-	if (espx) {
-		KASSERTMSG(crde != NULL, "null esp crypto descriptor");
-		crde->crd_skip = skip + hlen;
-		if (espx->type == CRYPTO_AES_GMAC)
-			crde->crd_len = 0;
-		else
-			crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen);
-		crde->crd_inject = skip + hlen - sav->ivlen;
-
-		crde->crd_alg = espx->type;
-		crde->crd_key = _KEYBUF(sav->key_enc);
-		crde->crd_klen = _KEYBITS(sav->key_enc);
-		/* XXX Rounds ? */
-	}
+	KASSERTMSG(crde != NULL, "null esp crypto descriptor");
+	crde->crd_skip = skip + hlen;
+	if (espx->type == CRYPTO_AES_GMAC)
+		crde->crd_len = 0;
+	else
+		crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen);
+	crde->crd_inject = skip + hlen - sav->ivlen;
+	crde->crd_alg = espx->type;
+	crde->crd_key = _KEYBUF(sav->key_enc);
+	crde->crd_klen = _KEYBITS(sav->key_enc);
+	/* XXX Rounds ? */

 	return crypto_dispatch(crp);