Date: Fri, 29 Apr 2022 20:55:02 GMT From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: a41ff1661bc0 - stable/13 - crypto: Validate AES-GCM IV length in check_csp(). Message-ID: <202204292055.23TKt2at055109@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=a41ff1661bc019abbfbc3d6df2ad7e58126cc4ef commit a41ff1661bc019abbfbc3d6df2ad7e58126cc4ef Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2021-12-09 19:52:41 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2022-04-29 20:50:04 +0000 crypto: Validate AES-GCM IV length in check_csp(). This centralizes the check for valid nonce lengths for AES-GCM. While here, remove some duplicate checks for valid AES-GCM tag lengths from ccp(4) and ccr(4). Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33194 (cherry picked from commit 6e17a2e00d62fd3041e0bb511fe925079ad1c0d7) --- sys/crypto/aesni/aesni.c | 3 +-- sys/crypto/armv8/armv8_crypto.c | 2 -- sys/crypto/ccp/ccp.c | 5 ----- sys/dev/cxgbe/crypto/t4_crypto.c | 6 ------ sys/dev/qat/qat.c | 2 -- sys/dev/safexcel/safexcel.c | 3 --- sys/opencrypto/crypto.c | 5 ++++- sys/opencrypto/cryptosoft.c | 3 --- 8 files changed, 5 insertions(+), 24 deletions(-) diff --git a/sys/crypto/aesni/aesni.c b/sys/crypto/aesni/aesni.c index de797abd1af5..eea32532131f 100644 --- a/sys/crypto/aesni/aesni.c +++ b/sys/crypto/aesni/aesni.c @@ -305,8 +305,7 @@ aesni_probesession(device_t dev, const struct crypto_session_params *csp) if (csp->csp_auth_mlen != 0 && csp->csp_auth_mlen != GMAC_DIGEST_LEN) return (EINVAL); - if (csp->csp_ivlen != AES_GCM_IV_LEN || - !sc->has_aes) + if (!sc->has_aes) return (EINVAL); break; case CRYPTO_AES_CCM_16: diff --git a/sys/crypto/armv8/armv8_crypto.c b/sys/crypto/armv8/armv8_crypto.c index 077667a4bb2a..18b0870f380b 100644 --- a/sys/crypto/armv8/armv8_crypto.c +++ b/sys/crypto/armv8/armv8_crypto.c @@ -217,8 +217,6 @@ armv8_crypto_probesession(device_t dev, case CRYPTO_AES_NIST_GCM_16: if (!sc->has_pmul) return (EINVAL); - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return (EINVAL); if (csp->csp_auth_mlen != 0 && csp->csp_auth_mlen != GMAC_DIGEST_LEN) return (EINVAL); diff --git a/sys/crypto/ccp/ccp.c b/sys/crypto/ccp/ccp.c index 7cc38b14f3fd..2b059dcee2ca 100644 --- a/sys/crypto/ccp/ccp.c +++ b/sys/crypto/ccp/ccp.c @@ -378,11 +378,6 @@ ccp_probesession(device_t dev, const struct crypto_session_params *csp) case CSP_MODE_AEAD: switch (csp->csp_cipher_alg) { case CRYPTO_AES_NIST_GCM_16: - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return (EINVAL); - if (csp->csp_auth_mlen < 0 || - csp->csp_auth_mlen > AES_GMAC_HASH_LEN) - return (EINVAL); if ((sc->hw_features & VERSION_CAP_AES) == 0) return (EINVAL); break; diff --git a/sys/dev/cxgbe/crypto/t4_crypto.c b/sys/dev/cxgbe/crypto/t4_crypto.c index 7c233897dff6..325aba60a742 100644 --- a/sys/dev/cxgbe/crypto/t4_crypto.c +++ b/sys/dev/cxgbe/crypto/t4_crypto.c @@ -2542,12 +2542,6 @@ ccr_probesession(device_t dev, const struct crypto_session_params *csp) case CSP_MODE_AEAD: switch (csp->csp_cipher_alg) { case CRYPTO_AES_NIST_GCM_16: - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return (EINVAL); - if (csp->csp_auth_mlen < 0 || - csp->csp_auth_mlen > AES_GMAC_HASH_LEN) - return (EINVAL); - break; case CRYPTO_AES_CCM_16: break; default: diff --git a/sys/dev/qat/qat.c b/sys/dev/qat/qat.c index b5d3f4d9629a..dddfe4da1083 100644 --- a/sys/dev/qat/qat.c +++ b/sys/dev/qat/qat.c @@ -1900,8 +1900,6 @@ qat_probesession(device_t dev, const struct crypto_session_params *csp) case CSP_MODE_AEAD: switch (csp->csp_cipher_alg) { case CRYPTO_AES_NIST_GCM_16: - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return EINVAL; break; default: return EINVAL; diff --git a/sys/dev/safexcel/safexcel.c b/sys/dev/safexcel/safexcel.c index 242f1bcfb90a..16978632a1be 100644 --- a/sys/dev/safexcel/safexcel.c +++ b/sys/dev/safexcel/safexcel.c @@ -2304,9 +2304,6 @@ safexcel_probesession(device_t dev, const struct crypto_session_params *csp) case CSP_MODE_AEAD: switch (csp->csp_cipher_alg) { case CRYPTO_AES_NIST_GCM_16: - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return (EINVAL); - break; case CRYPTO_AES_CCM_16: break; default: diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index 576382406d88..5332ab5f07ce 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -881,7 +881,10 @@ check_csp(const struct crypto_session_params *csp) return (false); break; case CRYPTO_AES_NIST_GCM_16: - if (csp->csp_auth_mlen > 16) + if (csp->csp_auth_mlen > AES_GMAC_HASH_LEN) + return (false); + + if (csp->csp_ivlen != AES_GCM_IV_LEN) return (false); break; case CRYPTO_CHACHA20_POLY1305: diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c index 567a0f4748d5..b6c964b540bc 100644 --- a/sys/opencrypto/cryptosoft.c +++ b/sys/opencrypto/cryptosoft.c @@ -1308,9 +1308,6 @@ swcr_setup_gcm(struct swcr_session *ses, struct swcr_auth *swa; struct auth_hash *axf; - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return (EINVAL); - /* First, setup the auth side. */ swa = &ses->swcr_auth; switch (csp->csp_cipher_klen * 8) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202204292055.23TKt2at055109>