Page MenuHomeFreeBSD
Differential D30154

cryptodev: Fix some input validation bugs
ClosedPublic
Actions

Authored by markj on May 6 2021, 11:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 21 2024, 5:14 AM
Unknown Object (File)
Jan 19 2024, 12:25 AM
Unknown Object (File)
Dec 20 2023, 2:16 PM
Unknown Object (File)
Dec 20 2023, 1:04 AM
Unknown Object (File)
Dec 18 2023, 11:15 PM
Unknown Object (File)
Dec 8 2023, 5:52 PM
Unknown Object (File)
Oct 18 2023, 10:28 PM
Unknown Object (File)
Oct 3 2023, 6:47 PM
View All 30 Files
Subscribers
imp
jmg

Details

Reviewers
jhb
Commits
rGabd116de1d42: cryptodev: Fix some input validation bugs
rG1a04f0156c4e: cryptodev: Fix some input validation bugs
Summary


- When we do not have a separate IV, make sure that the IV length
specified by the session is not larger than the payload size.
- Disallow AEAD requests without a separate IV. crp_sanity() asserts
that CRYPTO_F_IV_SEPARATE is set. I'm not sure if this is the correct
solution. Some drivers permit inline IVs with GCM and CCM. Others
(e.g., cryptosoft, aesni, ccr) explicitly do not. So it may be
reasonable to simply drop this assertion.

Reported by: syzbot+c9e8f6ff5cb7fa6a1250@syzkaller.appspotmail.com
Reported by: syzbot+007341439ae295cee74f@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.May 6 2021, 11:07 PM
Herald added subscribers: jmg, imp. · View Herald TranscriptMay 6 2021, 11:07 PM
markj requested review of this revision.May 6 2021, 11:07 PM
Harbormaster completed remote builds in B39061: Diff 88758.May 6 2021, 11:07 PM
markj added a comment.May 11 2021, 4:13 PM

Ping? This is responsible for 4-5 syzbot reports now, it would be nice to get this fixed soon.

jhb accepted this revision.May 11 2021, 8:51 PM

I don't really know why some of the drivers mandate separate IVs for CCM/GCM. I did that in ccr(4) because I was copying what was done in cryptosoft and was less familiar with how GCM worked, per se. That said, it seems like all the use cases of AEAD ciphers require some part of the IV/nonce to be implicit, so inline IVs don't seem practical for AEAD.

This revision is now accepted and ready to land.May 11 2021, 8:51 PM
Closed by commit rG1a04f0156c4e: cryptodev: Fix some input validation bugs (authored by markj). · Explain WhyMay 11 2021, 9:36 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG1a04f0156c4e: cryptodev: Fix some input validation bugs.
markj added a commit: rGabd116de1d42: cryptodev: Fix some input validation bugs.May 14 2021, 2:03 PM

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
17 lines

Diff 89046

View Options

sys/opencrypto/cryptodev.c

Loading...