src/sys/opencrypto, branch releng/13.3

opencrypto: Respect alignment constraints in xor_and_encrypt()

2023-08-24T13:32:59Z

Copy operands to an aligned buffer before performing operations which require alignment. Otherwise it's possible for this code to trigger an alignment fault on armv7. Reviewed by: jhb MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D41211 (cherry picked from commit 96c2538121390c872f68ac48f97b35fb973c11dc)

sys: Remove $FreeBSD$: one-line sh pattern

2023-08-23T17:43:27Z

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ Similar commit in current: (cherry picked from commit 031beb4e239b)

sys: Remove $FreeBSD$: one-line .c pattern

2023-08-23T17:43:25Z

Remove /^[\s*]*__FBSDID$"\$FreeBSD\$"$;?\s*\n/ Similar commit in current: (cherry picked from commit 685dc743dc3b)

sys: Remove $FreeBSD$: one-line .c comment pattern

2023-08-23T17:43:22Z

Remove /^/[*/]\s*\$FreeBSD\$.*\n/ Similar commit in current: (cherry picked from commit 71625ec9ad2a)

sys: Remove $FreeBSD$: one-line .h pattern

2023-08-23T17:43:22Z

Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/ Similar commit in current: (cherry picked from commit 2ff63af9b88c)

sys: Remove $FreeBSD$: two-line .h pattern

2023-08-23T17:43:20Z

Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/ Similar commit in current: (cherry picked from commit 95ee2897e98f)

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

2023-07-25T15:13:49Z

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix (cherry picked from commit 4d846d260e2b9a3d4d0a701462568268cbfe7a5b)

crypto: Advance the correct pointer in crypto_cursor_copydata()

2023-06-19T12:57:08Z

PR: 271766 Reported by: Michael Laß MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D40468 (cherry picked from commit 9f7fdd8c1ab153104275e59b49b2d567cec95256)

opencrypto: Handle end-of-cursor conditions in crypto_cursor_segment()

2023-06-19T12:56:56Z

Some consumers, e.g., swcr_encdec(), may call crypto_cursor_segment() after having advanced the cursor to the end of the buffer. In this case I believe the right behaviour is to return NULL and a length of 0. When this occurs with a CRYPTO_BUF_VMPAGE buffer, the cc_vmpage pointer will point past the end of the page pointer array, so crypto_cursor_segment() ends up dereferencing a random pointer before the function returns a length of 0. The uio-backed cursor has a similar problem. Address this by keeping track of the residual buffer length and returning immediately once the length is zero. PR: 271766 Reported by: Andrew "RhodiumToad" Gierth Reviewed by: jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D40428 (cherry picked from commit 718d4a1d5643c2faf409001320c3fd64aae57638)

ktls_ocf: Reject encrypted TLS records using AEAD that are too small.

2023-01-24T05:08:09Z

If a TLS record is too small to contain the required explicit IV, record_type (TLS 1.3), and MAC, reject attempts to decrypt it with EMSGSIZE without submitting it to OCF. OCF drivers may not properly detect that regions in the crypto request are outside the bounds of the mbuf chain. The caller isn't supposed to submit such requests. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D37372 (cherry picked from commit 4e47414648894943413091984124d93bd43e5da1)