Diffusion FreeBSD src repository 4e4741464889

ktls_ocf: Reject encrypted TLS records using AEAD that are too small.
4e4741464889
Actions

Tags

None

Referenced Files

None

Subscribers

MichalX.Gulbicki_intel.com

Description

ktls_ocf: Reject encrypted TLS records using AEAD that are too small.

If a TLS record is too small to contain the required explicit IV,
record_type (TLS 1.3), and MAC, reject attempts to decrypt it with
EMSGSIZE without submitting it to OCF. OCF drivers may not properly
detect that regions in the crypto request are outside the bounds of
the mbuf chain. The caller isn't supposed to submit such requests.

Reviewed by: markj
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D37372

Details

Provenance

jhb	Authored on Nov 15 2022, 8:02 PM

Reviewer

Differential Revision

D37372: ktls_ocf: Reject encrypted TLS records using AEAD that are too small.

Parents

rG64811651aa7c: ktls: Add tests for software AES-CBC decryption for TLS 1.1+.

Branches

Unknown

Tags

Unknown

Event Timeline

jhb committed rG4e4741464889: ktls_ocf: Reject encrypted TLS records using AEAD that are too small. (authored by jhb).Nov 15 2022, 8:02 PM

Herald added a subscriber: MichalX.Gulbicki_intel.com. · View Herald TranscriptNov 15 2022, 8:04 PM

jhb added an edge: D37372: ktls_ocf: Reject encrypted TLS records using AEAD that are too small..Nov 15 2022, 8:04 PM

jhb mentioned this in rG107daeb474b2: ktls_ocf: Reject encrypted TLS records using AEAD that are too small..Jan 24 2023, 5:43 AM

Changes (1)

Path

Size

sys/

opencrypto/

rG4e4741464889

sys/opencrypto/ktls_ocf.c

Loading...