HomeFreeBSD

cryptodev: Fix some input validation bugs

Description

cryptodev: Fix some input validation bugs

  • When we do not have a separate IV, make sure that the IV length specified by the session is not larger than the payload size.
  • Disallow AEAD requests without a separate IV. crp_sanity() asserts that CRYPTO_F_IV_SEPARATE is set for AEAD requests, and some (but not all) drivers require it.
  • Return EINVAL for AEAD requests if an IV is specified but the transform does not expect one.

Reported by: syzbot+c9e8f6ff5cb7fa6a1250@syzkaller.appspotmail.com
Reported by: syzbot+007341439ae295cee74f@syzkaller.appspotmail.com
Reported by: syzbot+46e0cc42a428b3b0a40d@syzkaller.appspotmail.com
Reported by: syzbot+2c4d670173b8bdb947df@syzkaller.appspotmail.com
Reported by: syzbot+220faa5eeb4d47b23877@syzkaller.appspotmail.com
Reported by: syzbot+e83434b40f05843722f7@syzkaller.appspotmail.com
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30154

(cherry picked from commit 1a04f0156c4e6abfc01d5841341a94179f317f31)

Details

Provenance
markjAuthored on May 11 2021, 9:36 PM
Reviewer
jhb
Differential Revision
D30154: cryptodev: Fix some input validation bugs
Parents
rG2886c93d1bca: libc: Some enhancements to syslog(3)
Branches
Unknown
Tags
Unknown