Page MenuHomeFreeBSD

cryptodev: Allow some CIOCCRYPT operations with an empty payload.
ClosedPublic

Authored by jhb on Sep 24 2021, 6:04 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 12 2024, 11:06 AM
Unknown Object (File)
Sep 29 2024, 3:39 AM
Unknown Object (File)
Sep 29 2024, 3:29 AM
Unknown Object (File)
Sep 29 2024, 1:30 AM
Unknown Object (File)
Sep 26 2024, 5:37 PM
Unknown Object (File)
Sep 26 2024, 9:15 AM
Unknown Object (File)
Sep 22 2024, 10:24 AM
Unknown Object (File)
Sep 19 2024, 10:27 PM
Subscribers

Details

Summary

If an operation would generate a MAC output (e.g. for digest operation
or for an AEAD or EtA operation), then an empty payload buffer is
valid. Only reject requests with an empty buffer for "plain" cipher
sessions.

Some of the AES-CCM NIST KAT vectors use an empty payload.

While here, don't advance crp_payload_start for requests that use an
empty payload with an inline IV. (*)

Reported by: syzbot+d4b94fbd9a44b032f428@syzkaller.appspotmail.com (*)
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Similar to D32108. this was triggered by AES-CCM tests via cryptotest.py.

sys/opencrypto/cryptodev.c
839

This is the change I talked about over in D32123 where I had relaxed this requirement for all but CSP_MODE_CIPHER.

I think we could further refine this to check for cop->len == cse->ivsize if cop->iv is NULL.

927–928

In your other review we could perhaps make this conditional on the updated crp_payload_length != 0 if we wanted to keep the assertion in crp_sanity()?

sys/opencrypto/cryptodev.c
839

Yes, I think that is necessary.

927–928

I think that's fine. To be clear, the idea is to have this instead:

crp->crp_payload_length -= cse->ivsize;
if (crp->crp_payload_length > 0)
    crp->crp_payload_start += cse->ivsize;

Do you want to just handle this in this review?

jhb marked 2 inline comments as done.Oct 1 2021, 9:27 PM
  • Check for cop->len == cse->ivsize.
  • Don't bump payload_start for an empty payload.
This revision is now accepted and ready to land.Oct 1 2021, 9:36 PM