Differential D40580
ossl: Don't try to initialize the cipher for Chacha20+Poly1305. Authored by jhb on Jun 16 2023, 5:36 PM. Tags None Referenced Files
Details Chacha20+Poly1305 doesn't use an ossl_cipher instance the way AES-GCM Reported by: gallatin (ktls_test fails with ossl.ko loaded)
Diff Detail
Event TimelineComment Actions Is anything verifying csp_cipher_klen when probing/creating a CRYPTO_CHACHA20_POLY1305 session in ossl(4)? Comment Actions There is only one valid key length, and this is checked in csp_sanity in crypto.c. In general I've tried to consolidate checks that are always-false for a given algorithm in crypto.c to avoid duplicating them in drivers. Instead, drivers only need to check when there is a range of a parameters for which a driver might only permit a subset of the (e.g. if only a subset of AES key lengths are supported). Comment Actions However, it is true that the other way to fix this perhaps is to add an ossl_cipher instance for Chacha20+Poly1305. (Key length checks would also be in probesession and not in newsession FWIW) Comment Actions Do you mean check_csp()? I can't see how it verifies that the key length is equal to 32. (And even if it did, it doesn't do that for per-request keys.)
Comment Actions Humm, I thought I had pulled most of these checks into check_csp(). They belong there (and that's where I'd rather add it). Per-request keys don't use a separate key length per request, they reuse csp_cipher_klen, so checking csp_cipher_klen in check_csp() should be sufficient for both session and per-request key lengths.
|