Page MenuHomeFreeBSD
Differential D32109

cryptodev: Allow some CIOCCRYPT operations with an empty payload.
ClosedPublic
Actions

Authored by jhb on Sep 24 2021, 6:04 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 12 2024, 11:06 AM
Unknown Object (File)
Sep 29 2024, 3:39 AM
Unknown Object (File)
Sep 29 2024, 3:29 AM
Unknown Object (File)
Sep 29 2024, 1:30 AM
Unknown Object (File)
Sep 26 2024, 5:37 PM
Unknown Object (File)
Sep 26 2024, 9:15 AM
Unknown Object (File)
Sep 22 2024, 10:24 AM
Unknown Object (File)
Sep 19 2024, 10:27 PM
View All 94 Files
Subscribers
emaste
imp
jmg

Details

Reviewers
markj
Commits
rG5f9a61203779: cryptodev: Allow some CIOCCRYPT operations with an empty payload.
rGa0cbcbb7917b: cryptodev: Allow some CIOCCRYPT operations with an empty payload.
Summary

If an operation would generate a MAC output (e.g. for digest operation
or for an AEAD or EtA operation), then an empty payload buffer is
valid. Only reject requests with an empty buffer for "plain" cipher
sessions.

Some of the AES-CCM NIST KAT vectors use an empty payload.

While here, don't advance crp_payload_start for requests that use an
empty payload with an inline IV. (*)




Reported by:    syzbot+d4b94fbd9a44b032f428@syzkaller.appspotmail.com (*)

Sponsored by:	The FreeBSD Foundation
Diff Detail
Repository 
rS FreeBSD src repository - subversion 
Lint 
No Lint Coverage
 
Unit 
No Test Coverage
 
Build Status 
Buildable 41907
Build 38795: arc lint + arc unit
 
Event Timeline
jhb created this revision.Sep 24 2021, 6:04 PM
Herald added subscribers: jmg, imp.  ·  View Herald TranscriptSep 24 2021, 6:04 PM
jhb requested review of this revision.Sep 24 2021, 6:04 PM
jhb added a parent revision: D32108: cryptodev: Permit CIOCCRYPT for AEAD ciphers..
jhb added a child revision: D32110: cryptocheck: Support multiple IV sizes for AES-CCM..
Harbormaster completed remote builds in B41710: Diff 95643.Sep 24 2021, 6:05 PM
jhb added a comment.Sep 24 2021, 6:08 PM
Similar to D32108. this was triggered by AES-CCM tests via cryptotest.py.
jhb added a reviewer: markj.Sep 27 2021, 9:34 PM
jhb added inline comments.Sep 27 2021, 9:38 PM
sys/opencrypto/cryptodev.c


839
This is the change I talked about over in D32123 where I had relaxed this requirement for all but CSP_MODE_CIPHER.



I think we could further refine this to check for cop->len == cse->ivsize if cop->iv is NULL.


927–928
In your other review we could perhaps make this conditional on the updated crp_payload_length != 0 if we wanted to keep the assertion in crp_sanity()?
markj added inline comments.Sep 28 2021, 4:53 PM
sys/opencrypto/cryptodev.c


839
Yes, I think that is necessary.


927–928
I think that's fine. To be clear, the idea is to have this instead:



crp->crp_payload_length -= cse->ivsize;
if (crp->crp_payload_length > 0)
    crp->crp_payload_start += cse->ivsize;



Do you want to just handle this in this review?
jhb marked 2 inline comments as done.Oct 1 2021, 9:27 PM
jhb updated this revision to Diff 96115.Oct 1 2021, 9:30 PM
    

  • Check for cop->len == cse->ivsize.
    • 

  • Don't bump payload_start for an empty payload.
    • 

Harbormaster completed remote builds in B41907: Diff 96115.Oct 1 2021, 9:30 PM
markj accepted this revision.Oct 1 2021, 9:36 PM
This revision is now accepted and ready to land.Oct 1 2021, 9:36 PM
markj mentioned this in D32123: opencrypto: Relax checks for zero-length payloads.Oct 1 2021, 9:36 PM
jhb edited the summary of this revision. (Show Details)Oct 1 2021, 9:45 PM
Closed by commit rGa0cbcbb7917b: cryptodev: Allow some CIOCCRYPT operations with an empty payload. (authored by jhb).  ·  Explain WhyOct 6 2021, 9:11 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGa0cbcbb7917b: cryptodev: Allow some CIOCCRYPT operations with an empty payload..
jhb added a commit: rG5f9a61203779: cryptodev: Allow some CIOCCRYPT operations with an empty payload..Oct 21 2021, 10:04 PM
Revision Contents
Changeset List
PathSize
sys/
opencrypto/
11 lines
Diff 96115
View Options
sys/opencrypto/cryptodev.c
Loading...