From nobody Thu Dec 09 20:17:40 2021 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0B2ED18DA363; Thu, 9 Dec 2021 20:17:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J951c4DK1z4r7K; Thu, 9 Dec 2021 20:17:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7226D550C; Thu, 9 Dec 2021 20:17:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1B9KHeeh053678; Thu, 9 Dec 2021 20:17:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1B9KHe43053677; Thu, 9 Dec 2021 20:17:40 GMT (envelope-from git) Date: Thu, 9 Dec 2021 20:17:40 GMT Message-Id: <202112092017.1B9KHe43053677@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 6e17a2e00d62 - main - crypto: Validate AES-GCM IV length in check_csp(). List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6e17a2e00d62fd3041e0bb511fe925079ad1c0d7 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1639081060; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=A6p7e9Dm0q5UjJXx+//WELEnVP96KNnhOTGpC0FPEcs=; b=xHwYb0c7bpvM742Huu70R8rE8DYg4cfLoFgMVoaL0O4F5lUwVNK4pN/rGAv3u4oSQxiRek CPxjCjLLeQRwY8vwVA7vlkf9M674aTtqPFwlXmcp6gbKTbljASC+0dQd0D8UeUcXbUvZyf r7/aVytpwee+S6LVU+jqTlXNScl7FvCtHbut/sfpFFL8tq0EORVEYBrYa1wRJqicEQGVpX fijBjiYEJ1SAjAex8/THf783acJCC35Vw+c0r6Orjoh2xUA2w0xUdUqYwjU312gV9XH9Cd kwpFI++i94+QzeTnS78WglctTuJxI5Z6xlGFBAWQxh4oAcwXe2Qa7JPSHdyurQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1639081060; a=rsa-sha256; cv=none; b=nVEirCdZVSXu2JXy6mmJYfcKUo2NDIYdQPU7xULVaTymOJBBwakAObBAKX62f1fiZ1Lypz CuL/xjvcRqSGu7UuqN/8/obkryWS9YKy2uaFgUaTtuLslUAyXH9ZFzFiRu6FJwOE3kRD/I gkc+L7wlzYw9rrn8Oo0TgqsZC/wODcLDe3RjrBtGV15hQTm8aSXttuScXRWFV72b/b+vXZ h127nvsNCbO0pyDFsTg3koeOVPSdRcDCg9KlOsR0MbcYVUlIG+cl+Ja9UKXS+5st3N3fZ0 SvfoXtkVDMXwABxQ6nom1Bzm7Nf1iBv1C3rqm07GSWGnhHOn9m+rsxeBYNqNNA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=6e17a2e00d62fd3041e0bb511fe925079ad1c0d7 commit 6e17a2e00d62fd3041e0bb511fe925079ad1c0d7 Author: John Baldwin AuthorDate: 2021-12-09 19:52:41 +0000 Commit: John Baldwin CommitDate: 2021-12-09 19:52:41 +0000 crypto: Validate AES-GCM IV length in check_csp(). This centralizes the check for valid nonce lengths for AES-GCM. While here, remove some duplicate checks for valid AES-GCM tag lengths from ccp(4) and ccr(4). Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33194 --- sys/crypto/aesni/aesni.c | 3 +-- sys/crypto/armv8/armv8_crypto.c | 2 -- sys/crypto/ccp/ccp.c | 5 ----- sys/dev/cxgbe/crypto/t4_crypto.c | 6 ------ sys/dev/qat/qat.c | 2 -- sys/dev/safexcel/safexcel.c | 3 --- sys/opencrypto/crypto.c | 5 ++++- sys/opencrypto/cryptosoft.c | 3 --- 8 files changed, 5 insertions(+), 24 deletions(-) diff --git a/sys/crypto/aesni/aesni.c b/sys/crypto/aesni/aesni.c index cd31287b08f0..a69488971cac 100644 --- a/sys/crypto/aesni/aesni.c +++ b/sys/crypto/aesni/aesni.c @@ -305,8 +305,7 @@ aesni_probesession(device_t dev, const struct crypto_session_params *csp) if (csp->csp_auth_mlen != 0 && csp->csp_auth_mlen != GMAC_DIGEST_LEN) return (EINVAL); - if (csp->csp_ivlen != AES_GCM_IV_LEN || - !sc->has_aes) + if (!sc->has_aes) return (EINVAL); break; case CRYPTO_AES_CCM_16: diff --git a/sys/crypto/armv8/armv8_crypto.c b/sys/crypto/armv8/armv8_crypto.c index 95bb96124323..0811a1c03390 100644 --- a/sys/crypto/armv8/armv8_crypto.c +++ b/sys/crypto/armv8/armv8_crypto.c @@ -217,8 +217,6 @@ armv8_crypto_probesession(device_t dev, case CRYPTO_AES_NIST_GCM_16: if (!sc->has_pmul) return (EINVAL); - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return (EINVAL); if (csp->csp_auth_mlen != 0 && csp->csp_auth_mlen != GMAC_DIGEST_LEN) return (EINVAL); diff --git a/sys/crypto/ccp/ccp.c b/sys/crypto/ccp/ccp.c index 51679942c386..4ceb028b593e 100644 --- a/sys/crypto/ccp/ccp.c +++ b/sys/crypto/ccp/ccp.c @@ -378,11 +378,6 @@ ccp_probesession(device_t dev, const struct crypto_session_params *csp) case CSP_MODE_AEAD: switch (csp->csp_cipher_alg) { case CRYPTO_AES_NIST_GCM_16: - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return (EINVAL); - if (csp->csp_auth_mlen < 0 || - csp->csp_auth_mlen > AES_GMAC_HASH_LEN) - return (EINVAL); if ((sc->hw_features & VERSION_CAP_AES) == 0) return (EINVAL); break; diff --git a/sys/dev/cxgbe/crypto/t4_crypto.c b/sys/dev/cxgbe/crypto/t4_crypto.c index fae77423aaa5..5ad239d56dfc 100644 --- a/sys/dev/cxgbe/crypto/t4_crypto.c +++ b/sys/dev/cxgbe/crypto/t4_crypto.c @@ -2540,12 +2540,6 @@ ccr_probesession(device_t dev, const struct crypto_session_params *csp) case CSP_MODE_AEAD: switch (csp->csp_cipher_alg) { case CRYPTO_AES_NIST_GCM_16: - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return (EINVAL); - if (csp->csp_auth_mlen < 0 || - csp->csp_auth_mlen > AES_GMAC_HASH_LEN) - return (EINVAL); - break; case CRYPTO_AES_CCM_16: break; default: diff --git a/sys/dev/qat/qat.c b/sys/dev/qat/qat.c index 49cb408fd702..68a3d2053f54 100644 --- a/sys/dev/qat/qat.c +++ b/sys/dev/qat/qat.c @@ -1911,8 +1911,6 @@ qat_probesession(device_t dev, const struct crypto_session_params *csp) case CSP_MODE_AEAD: switch (csp->csp_cipher_alg) { case CRYPTO_AES_NIST_GCM_16: - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return EINVAL; break; default: return EINVAL; diff --git a/sys/dev/safexcel/safexcel.c b/sys/dev/safexcel/safexcel.c index dc43b7dfc026..5a0ddc804da0 100644 --- a/sys/dev/safexcel/safexcel.c +++ b/sys/dev/safexcel/safexcel.c @@ -2304,9 +2304,6 @@ safexcel_probesession(device_t dev, const struct crypto_session_params *csp) case CSP_MODE_AEAD: switch (csp->csp_cipher_alg) { case CRYPTO_AES_NIST_GCM_16: - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return (EINVAL); - break; case CRYPTO_AES_CCM_16: break; default: diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index cc0e5860c882..1fe8a1377157 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -851,7 +851,10 @@ check_csp(const struct crypto_session_params *csp) return (false); break; case CRYPTO_AES_NIST_GCM_16: - if (csp->csp_auth_mlen > 16) + if (csp->csp_auth_mlen > AES_GMAC_HASH_LEN) + return (false); + + if (csp->csp_ivlen != AES_GCM_IV_LEN) return (false); break; case CRYPTO_CHACHA20_POLY1305: diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c index f8dfef5323d5..5013cf145288 100644 --- a/sys/opencrypto/cryptosoft.c +++ b/sys/opencrypto/cryptosoft.c @@ -1308,9 +1308,6 @@ swcr_setup_gcm(struct swcr_session *ses, struct swcr_auth *swa; const struct auth_hash *axf; - if (csp->csp_ivlen != AES_GCM_IV_LEN) - return (EINVAL); - /* First, setup the auth side. */ swa = &ses->swcr_auth; switch (csp->csp_cipher_klen * 8) {