Differential D32124

opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC
ClosedPublic
Actions

Authored by markj on Sep 24 2021, 6:26 PM.

Details

Reviewers

jhb

Commits

rG7c2f227a17de: opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC

Summary

Otherwise we can end up comparing the computed digest with an
uninitialized kernel buffer.

In cryptoaead_op() we already unconditionally fail the request if a
pointer to a digest buffer is not specified.

Based on a patch by Simran Kathpalia.

Reported by: syzkaller

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Sep 24 2021, 6:26 PM

Herald added subscribers: jmg, imp. · View Herald TranscriptSep 24 2021, 6:26 PM

markj requested review of this revision.Sep 24 2021, 6:26 PM

Harbormaster completed remote builds in B41726: Diff 95660.Sep 24 2021, 6:26 PM

markj added a parent revision: D32123: opencrypto: Relax checks for zero-length payloads.Sep 24 2021, 6:26 PM

So in the case that cop->mac is NULL, the copyin should fail with EFAULT? Ah, yes, and this is what we want, yes.

This revision is now accepted and ready to land.Sep 24 2021, 6:41 PM

Closed by commit rG7c2f227a17de: opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC (authored by markj). · Explain WhySep 24 2021, 7:06 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG7c2f227a17de: opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC.

Revision Contents
Changeset List

Path

Size

sys/

opencrypto/

cryptodev.c

2 lines

Diff 95665

View Options

sys/opencrypto/cryptodev.c

opencrypto: Disallow requests which pass VERIFY_DIGEST without a MACClosedPublicActions