Page MenuHomeFreeBSD
Differential D37372

ktls_ocf: Reject encrypted TLS records using AEAD that are too small.
ClosedPublic
Actions

Authored by jhb on Nov 12 2022, 12:02 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mar 14 2024, 10:41 AM
Unknown Object (File)
Mar 14 2024, 10:28 AM
Unknown Object (File)
Mar 14 2024, 10:28 AM
Unknown Object (File)
Mar 10 2024, 11:51 PM
Unknown Object (File)
Mar 1 2024, 9:37 PM
Unknown Object (File)
Jan 12 2024, 8:26 AM
Unknown Object (File)
Dec 20 2023, 5:00 AM
Unknown Object (File)
Nov 27 2023, 3:35 PM
View All 26 Files
Subscribers
imp
np

Details

Reviewers
markj
Commits
rG107daeb474b2: ktls_ocf: Reject encrypted TLS records using AEAD that are too small.
rG4e4741464889: ktls_ocf: Reject encrypted TLS records using AEAD that are too small.
Summary

If a TLS record is too small to contain the required explicit IV,
record_type (TLS 1.3), and MAC, reject attempts to decrypt it with
EMSGSIZE without submitting it to OCF. OCF drivers may not properly
detect that regions in the crypto request are outside the bounds of
the mbuf chain. The caller isn't supposed to submit such requests.

Sponsored by: Chelsio Communications

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Nov 12 2022, 12:02 AM
Herald added a subscriber: imp. · View Herald TranscriptNov 12 2022, 12:02 AM
jhb requested review of this revision.Nov 12 2022, 12:02 AM
Harbormaster completed remote builds in B48316: Diff 113032.Nov 12 2022, 12:02 AM
jhb added a parent revision: D37371: ktls: Add tests for software AES-CBC decryption for TLS 1.1+..Nov 12 2022, 12:03 AM
jhb added a child revision: D37373: ktls: Add tests for receiving corrupted or invalid records..
jhb added a comment.Nov 12 2022, 12:07 AM

A sample panic for TLS 1.2 I got when running the tests in the next commit without this fix:

panic: payload outside input buffer
cpuid = 7
time = 1668209857
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0115cd2b20
vpanic() at vpanic+0x151/frame 0xfffffe0115cd2b70
panic() at panic+0x43/frame 0xfffffe0115cd2bd0
crp_sanity() at crp_sanity+0x44c/frame 0xfffffe0115cd2c00
crypto_dispatch_one() at crypto_dispatch_one+0x12/frame 0xfffffe0115cd2c20
ktls_ocf_dispatch() at ktls_ocf_dispatch+0x5d/frame 0xfffffe0115cd2c70
ktls_ocf_tls12_aead_decrypt() at ktls_ocf_tls12_aead_decrypt+0x184/frame 0xfffffe0115cd2df0
ktls_work_thread() at ktls_work_thread+0x85c/frame 0xfffffe0115cd2ef0
fork_exit() at fork_exit+0x80/frame 0xfffffe0115cd2f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0115cd2f30
--- trap 0xc, rip = 0x174f5bbf7ada, rsp = 0x174f57a84d98, rbp = 0x174f57a84db0 ---
markj accepted this revision.Nov 14 2022, 3:14 PM
This revision is now accepted and ready to land.Nov 14 2022, 3:14 PM
Closed by commit rG4e4741464889: ktls_ocf: Reject encrypted TLS records using AEAD that are too small. (authored by jhb). · Explain WhyNov 15 2022, 8:04 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rG4e4741464889: ktls_ocf: Reject encrypted TLS records using AEAD that are too small..
jhb added a commit: rG107daeb474b2: ktls_ocf: Reject encrypted TLS records using AEAD that are too small..Jan 24 2023, 5:43 AM

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
37 lines

Diff 113156

View Options

sys/opencrypto/ktls_ocf.c

Loading...