Fix writing of the final block of encrypted, compressed kernel dumps.

Previously any residual data in the final block of a compressed kernel
dump would be written unencrypted.  Note, such a configuration already
does not work properly when using AES-CBC since the compressed data is
typically not a multiple of the AES block length in size and EKCD does
not implement any padding scheme.  However, EKCD more recently gained
support for using the ChaCha20 cipher, which being a stream cipher does
not have this problem.

Submitted by:	sigsys@gmail.com
Reviewed by:	cem
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D26188

1 files changed, 5 insertions, 3 deletions

diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c
index 2a4951e1d3fe..7cf91de98b44 100644
--- a/sys/kern/kern_shutdown.c
+++ b/sys/kern/kern_shutdown.c
@@ -1464,6 +1464,7 @@ kerneldumpcomp_write_cb(void *base, size_t length, off_t offset, void *arg)
 		}
 		resid = length - rlength;
 		memmove(di->blockbuf, (uint8_t *)base + rlength, resid);
+		bzero((uint8_t *)di->blockbuf + resid, di->blocksize - resid);
 		di->kdcomp->kdc_resid = resid;
 		return (EAGAIN);
 	}
@@ -1680,9 +1681,10 @@ dump_finish(struct dumperinfo *di, struct kerneldumpheader *kdh)
 		error = compressor_flush(di->kdcomp->kdc_stream);
 		if (error == EAGAIN) {
 			/* We have residual data in di->blockbuf. */
-			error = dump_write(di, di->blockbuf, 0, di->dumpoff,
-			    di->blocksize);
-			di->dumpoff += di->kdcomp->kdc_resid;
+			error = _dump_append(di, di->blockbuf, 0, di->blocksize);
+			if (error == 0)
+				/* Compensate for _dump_append()'s adjustment. */
+				di->dumpoff -= di->blocksize - di->kdcomp->kdc_resid;
 			di->kdcomp->kdc_resid = 0;
 		}
 		if (error != 0)