Page MenuHomeFreeBSD
Differential D30154

cryptodev: Fix some input validation bugs
ClosedPublic
Actions

Authored by markj on May 6 2021, 11:07 PM.
Tags
None
Referenced Files
F102122259: D30154.diff
Thu, Nov 7, 9:39 PM
Unknown Object (File)
Thu, Oct 31, 4:04 AM
Unknown Object (File)
Wed, Oct 23, 2:49 PM
Unknown Object (File)
Oct 2 2024, 3:10 PM
Unknown Object (File)
Oct 2 2024, 9:18 AM
Unknown Object (File)
Oct 1 2024, 7:09 PM
Unknown Object (File)
Oct 1 2024, 6:22 PM
Unknown Object (File)
Oct 1 2024, 3:44 AM
View All 73 Files
Subscribers
imp
jmg

Details

Reviewers
jhb
Commits
rGabd116de1d42: cryptodev: Fix some input validation bugs
rG1a04f0156c4e: cryptodev: Fix some input validation bugs
Summary


- When we do not have a separate IV, make sure that the IV length
specified by the session is not larger than the payload size.
- Disallow AEAD requests without a separate IV. crp_sanity() asserts
that CRYPTO_F_IV_SEPARATE is set. I'm not sure if this is the correct
solution. Some drivers permit inline IVs with GCM and CCM. Others
(e.g., cryptosoft, aesni, ccr) explicitly do not. So it may be
reasonable to simply drop this assertion.

Reported by: syzbot+c9e8f6ff5cb7fa6a1250@syzkaller.appspotmail.com
Reported by: syzbot+007341439ae295cee74f@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 39061
Build 35950: arc lint + arc unit

Event Timeline

markj created this revision.May 6 2021, 11:07 PM
Herald added subscribers: jmg, imp. · View Herald TranscriptMay 6 2021, 11:07 PM
markj requested review of this revision.May 6 2021, 11:07 PM
Harbormaster completed remote builds in B39061: Diff 88758.May 6 2021, 11:07 PM
markj added a comment.May 11 2021, 4:13 PM

Ping? This is responsible for 4-5 syzbot reports now, it would be nice to get this fixed soon.

jhb accepted this revision.May 11 2021, 8:51 PM

I don't really know why some of the drivers mandate separate IVs for CCM/GCM. I did that in ccr(4) because I was copying what was done in cryptosoft and was less familiar with how GCM worked, per se. That said, it seems like all the use cases of AEAD ciphers require some part of the IV/nonce to be implicit, so inline IVs don't seem practical for AEAD.

This revision is now accepted and ready to land.May 11 2021, 8:51 PM
Closed by commit rG1a04f0156c4e: cryptodev: Fix some input validation bugs (authored by markj). · Explain WhyMay 11 2021, 9:36 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG1a04f0156c4e: cryptodev: Fix some input validation bugs.
markj added a commit: rGabd116de1d42: cryptodev: Fix some input validation bugs.May 14 2021, 2:03 PM

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
12 lines

Diff 88758

View Options

sys/opencrypto/cryptodev.c

Loading...