From nobody Tue Jan 18 00:01:48 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3F3C4196FC5F; Tue, 18 Jan 2022 00:01:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Jd88F0Gwfz3CY2; Tue, 18 Jan 2022 00:01:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642464109; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ICXS8w00Jzdj5pq9jgLwaTb9hOcW1nc77DoAWPlLdbk=; b=STUj8HjGUZrTsih2CL1YGPp+T/vEzTk4SQrnr+FmlfWY//n1/siHheLV2ac+Ou7G2/9Vzs CCZxkc7oTTh8eKYyo/KUOgkOXDyuVNX5uSPFoR7VKRi0JZAl8QopNY8+y8/7v1Y4piRuqX RnDykodAzRJzA0ALXaDqK1haG3LuwPzdjPtky5/4G0KKFhF1n8VqP2uiU59APhpMkcwjkN vNiYf/YqbhsPLkzhmDUHCP33nL+C6MFjCVSKT2Wmvpmv//LuNY0CdSyFi/sU09FDlq9wjT d/dkgayC7tz70ZvEVDm4upr42zA9QttSJczWJmuvjx/WzajL+aPh33ig87mUlA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CE3B117514; Tue, 18 Jan 2022 00:01:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20I01me9032162; Tue, 18 Jan 2022 00:01:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20I01m0A032161; Tue, 18 Jan 2022 00:01:48 GMT (envelope-from git) Date: Tue, 18 Jan 2022 00:01:48 GMT Message-Id: <202201180001.20I01m0A032161@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 50722514280a - main - cryptosoft: Avoid referencing end-of-buffer cursors List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 50722514280a6d044fe93fdbcccd0ee521f08f1d Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642464109; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ICXS8w00Jzdj5pq9jgLwaTb9hOcW1nc77DoAWPlLdbk=; b=lfMSnhnfx0/gCSPttUHT3xX4fBK5AZtM2U8RUpsHNCn+UW3go7bc9aHnSSSWLwPqP9n49r EPp/lzk4pCRsWTkjAg9WQN4yYnNBdJPrMuB1ioAjJWstLhSXVjZw+kg/qo1IfV/nQ2V3Ph XHEDCqwvJOgjlvNTk3uEgNsBnw3pw9FqY8tmEpt/2gAAPXu3x2Zck488gWsee+rHTYF/vN d/9O5rRjWNf5K6M+ZChXl5MAFBsEuoW/2cUqx4bAHajsjY+YdYoO50adtYLOIBC8sjZZek +AV65mprMfERqUlAPLZuvsAEOOc+8pTy/QHfo6GccvQ2DdSZkF8tlkIIkOY6Dw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1642464109; a=rsa-sha256; cv=none; b=De9ff+ggeWT9wMCzlMGveYHd3ufvQc2OEK6yXPuNHmiATV2b1ASmuSG7aHhnwDJFEUzuYT 8kNIlGRE3Z9nRb7v4gDdeFZ5RfrnfWAs0adZhWIyD3ImOoWtGfQM8tm8yd3jGR/e0FPYuC XedyyCui9IwQjo6mcgj6zCHQKz+PEYYWBDCmb5zP9Qo3ohz3jOaaF1y2PDicpc5Z0Ka8i5 19EQofH6QXYiEo09iDytAA5luhawy4aVudOJ7jU/ga05iic5f9JsW2qvx55cBfPI+Xqwu/ VM37kPpcyQrJJmalo9x4bwWgolRD2L1isfooVZjycc9mkyLYmqUTCgMXxJ2kEg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=50722514280a6d044fe93fdbcccd0ee521f08f1d commit 50722514280a6d044fe93fdbcccd0ee521f08f1d Author: Mark Johnston AuthorDate: 2022-01-18 00:01:24 +0000 Commit: Mark Johnston CommitDate: 2022-01-18 00:01:24 +0000 cryptosoft: Avoid referencing end-of-buffer cursors Once a crypto cursor has reached the end of its buffer, it is invalid to call crypto_cursor_segment() for at least some crypto buffer types. Reorganize loops to avoid this. Fixes: cfb7b942bed7 ("cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers.") Fixes: a221a8f4a0de ("cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.") Fixes: f8580fcaa1e1 ("cryptosoft: Use multi-block encrypt/decrypt for AES-CCM.") Fixes: 5022c68732e6 ("cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.") Reported and tested by: madpilot Discussed with: jhb Sponsored by: The FreeBSD Foundation --- sys/opencrypto/cryptosoft.c | 93 +++++++++++++++++++++------------------------ 1 file changed, 43 insertions(+), 50 deletions(-) diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c index 4d0f7d8718cc..2aa7aecef146 100644 --- a/sys/opencrypto/cryptosoft.c +++ b/sys/opencrypto/cryptosoft.c @@ -146,13 +146,11 @@ swcr_encdec(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_init(&cc_in, &crp->crp_buf); crypto_cursor_advance(&cc_in, crp->crp_payload_start); - inblk = crypto_cursor_segment(&cc_in, &inlen); if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) { crypto_cursor_init(&cc_out, &crp->crp_obuf); crypto_cursor_advance(&cc_out, crp->crp_payload_output_start); } else cc_out = cc_in; - outblk = crypto_cursor_segment(&cc_out, &outlen); encrypting = CRYPTO_OP_IS_ENCRYPT(crp->crp_op); @@ -162,7 +160,13 @@ swcr_encdec(const struct swcr_session *ses, struct cryptop *crp) * 'outlen' is the remaining length of current segment in the * output buffer. */ + inlen = outlen = 0; for (resid = crp->crp_payload_length; resid >= blksz; resid -= todo) { + if (inlen == 0) + inblk = crypto_cursor_segment(&cc_in, &inlen); + if (outlen == 0) + outblk = crypto_cursor_segment(&cc_out, &outlen); + /* * If the current block is not contained within the * current input/output segment, use 'blk' as a local @@ -191,8 +195,6 @@ swcr_encdec(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_in, todo); inlen -= todo; inblk += todo; - if (inlen == 0) - inblk = crypto_cursor_segment(&cc_in, &inlen); } if (outblk == blk) { @@ -202,9 +204,6 @@ swcr_encdec(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_out, todo); outlen -= todo; outblk += todo; - if (outlen == 0) - outblk = crypto_cursor_segment(&cc_out, - &outlen); } } @@ -476,15 +475,19 @@ swcr_gcm(const struct swcr_session *ses, struct cryptop *crp) /* Do encryption with MAC */ crypto_cursor_init(&cc_in, &crp->crp_buf); crypto_cursor_advance(&cc_in, crp->crp_payload_start); - inblk = crypto_cursor_segment(&cc_in, &inlen); if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) { crypto_cursor_init(&cc_out, &crp->crp_obuf); crypto_cursor_advance(&cc_out, crp->crp_payload_output_start); } else cc_out = cc_in; - outblk = crypto_cursor_segment(&cc_out, &outlen); + inlen = outlen = 0; for (resid = crp->crp_payload_length; resid >= blksz; resid -= todo) { + if (inlen == 0) + inblk = crypto_cursor_segment(&cc_in, &inlen); + if (outlen == 0) + outblk = crypto_cursor_segment(&cc_out, &outlen); + if (inlen < blksz) { crypto_cursor_copydata(&cc_in, blksz, blk); inblk = blk; @@ -510,9 +513,6 @@ swcr_gcm(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_out, todo); outlen -= todo; outblk += todo; - if (outlen == 0) - outblk = crypto_cursor_segment(&cc_out, - &outlen); } } else { todo = rounddown2(MIN(resid, inlen), blksz); @@ -525,8 +525,6 @@ swcr_gcm(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_in, todo); inlen -= todo; inblk += todo; - if (inlen == 0) - inblk = crypto_cursor_segment(&cc_in, &inlen); } } if (resid > 0) { @@ -563,10 +561,14 @@ swcr_gcm(const struct swcr_session *ses, struct cryptop *crp) /* tag matches, decrypt data */ crypto_cursor_init(&cc_in, &crp->crp_buf); crypto_cursor_advance(&cc_in, crp->crp_payload_start); - inblk = crypto_cursor_segment(&cc_in, &inlen); + inlen = 0; for (resid = crp->crp_payload_length; resid > blksz; resid -= todo) { + if (inlen == 0) + inblk = crypto_cursor_segment(&cc_in, &inlen); + if (outlen == 0) + outblk = crypto_cursor_segment(&cc_out, &outlen); if (inlen < blksz) { crypto_cursor_copydata(&cc_in, blksz, blk); inblk = blk; @@ -588,9 +590,6 @@ swcr_gcm(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_in, todo); inlen -= todo; inblk += todo; - if (inlen == 0) - inblk = crypto_cursor_segment(&cc_in, - &inlen); } if (outblk == blk) { @@ -601,9 +600,6 @@ swcr_gcm(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_out, todo); outlen -= todo; outblk += todo; - if (outlen == 0) - outblk = crypto_cursor_segment(&cc_out, - &outlen); } } if (resid > 0) { @@ -809,15 +805,19 @@ swcr_ccm(const struct swcr_session *ses, struct cryptop *crp) /* Do encryption/decryption with MAC */ crypto_cursor_init(&cc_in, &crp->crp_buf); crypto_cursor_advance(&cc_in, crp->crp_payload_start); - inblk = crypto_cursor_segment(&cc_in, &inlen); if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) { crypto_cursor_init(&cc_out, &crp->crp_obuf); crypto_cursor_advance(&cc_out, crp->crp_payload_output_start); } else cc_out = cc_in; - outblk = crypto_cursor_segment(&cc_out, &outlen); + inlen = outlen = 0; for (resid = crp->crp_payload_length; resid >= blksz; resid -= todo) { + if (inlen == 0) + inblk = crypto_cursor_segment(&cc_in, &inlen); + if (outlen == 0) + outblk = crypto_cursor_segment(&cc_out, &outlen); + if (inlen < blksz) { crypto_cursor_copydata(&cc_in, blksz, blk); inblk = blk; @@ -843,9 +843,6 @@ swcr_ccm(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_out, todo); outlen -= todo; outblk += todo; - if (outlen == 0) - outblk = crypto_cursor_segment(&cc_out, - &outlen); } } else { /* @@ -867,8 +864,6 @@ swcr_ccm(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_in, todo); inlen -= todo; inblk += todo; - if (inlen == 0) - inblk = crypto_cursor_segment(&cc_in, &inlen); } } if (resid > 0) { @@ -901,10 +896,16 @@ swcr_ccm(const struct swcr_session *ses, struct cryptop *crp) exf->reinit(ctx, crp->crp_iv, ivlen); crypto_cursor_init(&cc_in, &crp->crp_buf); crypto_cursor_advance(&cc_in, crp->crp_payload_start); - inblk = crypto_cursor_segment(&cc_in, &inlen); + inlen = 0; for (resid = crp->crp_payload_length; resid >= blksz; resid -= todo) { + if (inlen == 0) + inblk = crypto_cursor_segment(&cc_in, &inlen); + if (outlen == 0) + outblk = crypto_cursor_segment(&cc_out, + &outlen); + if (inlen < blksz) { crypto_cursor_copydata(&cc_in, blksz, blk); inblk = blk; @@ -926,9 +927,6 @@ swcr_ccm(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_in, todo); inlen -= todo; inblk += todo; - if (inlen == 0) - inblk = crypto_cursor_segment(&cc_in, - &inlen); } if (outblk == blk) { @@ -939,9 +937,6 @@ swcr_ccm(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_out, todo); outlen -= todo; outblk += todo; - if (outlen == 0) - outblk = crypto_cursor_segment(&cc_out, - &outlen); } } if (resid > 0) { @@ -1017,17 +1012,22 @@ swcr_chacha20_poly1305(const struct swcr_session *ses, struct cryptop *crp) /* Do encryption with MAC */ crypto_cursor_init(&cc_in, &crp->crp_buf); crypto_cursor_advance(&cc_in, crp->crp_payload_start); - inblk = crypto_cursor_segment(&cc_in, &inlen); if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) { crypto_cursor_init(&cc_out, &crp->crp_obuf); crypto_cursor_advance(&cc_out, crp->crp_payload_output_start); } else cc_out = cc_in; - outblk = crypto_cursor_segment(&cc_out, &outlen); + inlen = outlen = 0; if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { for (resid = crp->crp_payload_length; resid >= blksz; resid -= todo) { + if (inlen == 0) + inblk = crypto_cursor_segment(&cc_in, &inlen); + if (outlen == 0) + outblk = crypto_cursor_segment(&cc_out, + &outlen); + if (inlen < blksz) { crypto_cursor_copydata(&cc_in, blksz, blk); inblk = blk; @@ -1051,9 +1051,6 @@ swcr_chacha20_poly1305(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_in, todo); inlen -= todo; inblk += todo; - if (inlen == 0) - inblk = crypto_cursor_segment(&cc_in, - &inlen); } if (outblk == blk) { @@ -1063,9 +1060,6 @@ swcr_chacha20_poly1305(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_out, todo); outlen -= todo; outblk += todo; - if (outlen == 0) - outblk = crypto_cursor_segment(&cc_out, - &outlen); } } if (resid > 0) { @@ -1107,10 +1101,15 @@ swcr_chacha20_poly1305(const struct swcr_session *ses, struct cryptop *crp) /* tag matches, decrypt data */ crypto_cursor_init(&cc_in, &crp->crp_buf); crypto_cursor_advance(&cc_in, crp->crp_payload_start); - inblk = crypto_cursor_segment(&cc_in, &inlen); + inlen = 0; for (resid = crp->crp_payload_length; resid > blksz; resid -= todo) { + if (inlen == 0) + inblk = crypto_cursor_segment(&cc_in, &inlen); + if (outlen == 0) + outblk = crypto_cursor_segment(&cc_out, + &outlen); if (inlen < blksz) { crypto_cursor_copydata(&cc_in, blksz, blk); inblk = blk; @@ -1132,9 +1131,6 @@ swcr_chacha20_poly1305(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_in, todo); inlen -= todo; inblk += todo; - if (inlen == 0) - inblk = crypto_cursor_segment(&cc_in, - &inlen); } if (outblk == blk) { @@ -1145,9 +1141,6 @@ swcr_chacha20_poly1305(const struct swcr_session *ses, struct cryptop *crp) crypto_cursor_advance(&cc_out, todo); outlen -= todo; outblk += todo; - if (outlen == 0) - outblk = crypto_cursor_segment(&cc_out, - &outlen); } } if (resid > 0) {