aboutsummaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorJohn Baldwin <jhb@FreeBSD.org>2021-10-06 21:08:47 +0000
committerJohn Baldwin <jhb@FreeBSD.org>2021-10-06 21:08:47 +0000
commit8e6af6adfc2cc3d0ea89c20eaa5914e453c48b49 (patch)
tree0090b2a60f150c26e76c5babd043d1a2975d8405 /sys
parentae18720d2792287c9ec658404f1a3173014d4979 (diff)
downloadsrc-8e6af6adfc2cc3d0ea89c20eaa5914e453c48b49.tar.gz
src-8e6af6adfc2cc3d0ea89c20eaa5914e453c48b49.zip
Diffstat (limited to 'sys')
-rw-r--r--sys/crypto/aesni/aesni.c13
-rw-r--r--sys/crypto/aesni/aesni_ccm.c32
2 files changed, 17 insertions, 28 deletions
diff --git a/sys/crypto/aesni/aesni.c b/sys/crypto/aesni/aesni.c
index 4debbae12c2b..67dcef123429 100644
--- a/sys/crypto/aesni/aesni.c
+++ b/sys/crypto/aesni/aesni.c
@@ -1,7 +1,7 @@
/*-
* Copyright (c) 2005-2008 Pawel Jakub Dawidek <pjd@FreeBSD.org>
* Copyright (c) 2010 Konstantin Belousov <kib@FreeBSD.org>
- * Copyright (c) 2014 The FreeBSD Foundation
+ * Copyright (c) 2014-2021 The FreeBSD Foundation
* Copyright (c) 2017 Conrad Meyer <cem@FreeBSD.org>
* All rights reserved.
*
@@ -9,6 +9,9 @@
* under sponsorship of the FreeBSD Foundation and
* Rubicon Communications, LLC (Netgate).
*
+ * Portions of this software were developed by Ararat River
+ * Consulting, LLC under sponsorship of the FreeBSD Foundation.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -319,8 +322,7 @@ aesni_probesession(device_t dev, const struct crypto_session_params *csp)
if (csp->csp_auth_mlen != 0 &&
csp->csp_auth_mlen != AES_CBC_MAC_HASH_LEN)
return (EINVAL);
- if (csp->csp_ivlen != AES_CCM_IV_LEN ||
- !sc->has_aes)
+ if (!sc->has_aes)
return (EINVAL);
break;
default:
@@ -639,9 +641,12 @@ aesni_cipher_process(struct aesni_session *ses, struct cryptop *crp)
csp = crypto_get_params(crp->crp_session);
switch (csp->csp_cipher_alg) {
+ case CRYPTO_AES_CCM_16:
+ if (crp->crp_payload_length > ccm_max_payload_length(csp))
+ return (EMSGSIZE);
+ /* FALLTHROUGH */
case CRYPTO_AES_ICM:
case CRYPTO_AES_NIST_GCM_16:
- case CRYPTO_AES_CCM_16:
if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0)
return (EINVAL);
break;
diff --git a/sys/crypto/aesni/aesni_ccm.c b/sys/crypto/aesni/aesni_ccm.c
index fc01e92c697f..9e2fa317b2ed 100644
--- a/sys/crypto/aesni/aesni_ccm.c
+++ b/sys/crypto/aesni/aesni_ccm.c
@@ -1,11 +1,15 @@
/*-
- * Copyright (c) 2014 The FreeBSD Foundation
+ * Copyright (c) 2014-2021 The FreeBSD Foundation
* Copyright (c) 2018 iXsystems, Inc
* All rights reserved.
*
- * This software was developed by John-Mark Gurney under
- * the sponsorship of the FreeBSD Foundation and
+ * Portions of this software were developed by John-Mark Gurney
+ * under the sponsorship of the FreeBSD Foundation and
* Rubicon Communications, LLC (Netgate).
+ *
+ * Portions of this software were developed by Ararat River
+ * Consulting, LLC under sponsorship of the FreeBSD Foundation.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -185,12 +189,7 @@ cbc_mac_start(const unsigned char *auth_data, size_t auth_len,
* however, they're always truncated from 16 bytes, and the tag
* length isn't passed in. (This could be fixed by changing the
* code in aesni.c:aesni_cipher_crypt().)
- * Similarly, although the nonce length is passed in, the
- * OpenCrypto API that calls us doesn't have a way to set the nonce
- * other than by having different crypto algorithm types. As a result,
- * this is currently always called with nlen=12; this means that we
- * also have a maximum message length of 16 megabytes. And similarly,
- * since abytes is limited to a 32 bit value here, the AAD is
+ * Since abytes is limited to a 32 bit value here, the AAD is
* limited to 4 gigabytes or less.
*/
void
@@ -223,14 +222,6 @@ AES_CCM_encrypt(const unsigned char *in, unsigned char *out,
L = sizeof(__m128i) - 1 - nlen;
/*
- * Now, this shouldn't happen, but let's make sure that
- * the data length isn't too big.
- */
- KASSERT(nbytes <= ((1 << (8 * L)) - 1),
- ("%s: nbytes is %u, but length field is %d bytes",
- __FUNCTION__, nbytes, L));
-
- /*
* Clear out the blocks
*/
s0 = _mm_setzero_si128();
@@ -400,13 +391,6 @@ AES_CCM_decrypt(const unsigned char *in, unsigned char *out,
L = sizeof(__m128i) - 1 - nlen;
/*
- * Now, this shouldn't happen, but let's make sure that
- * the data length isn't too big.
- */
- if (nbytes > ((1 << (8 * L)) - 1))
- panic("%s: nbytes is %u, but length field is %d bytes",
- __FUNCTION__, nbytes, L);
- /*
* Clear out the blocks
*/
s0 = _mm_setzero_si128();