From nobody Tue Nov 23 23:13:06 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A248318A2282; Tue, 23 Nov 2021 23:13:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HzKgR1hJPz3vn4; Tue, 23 Nov 2021 23:13:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E78431F725; Tue, 23 Nov 2021 23:13:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1ANND6k1037963; Tue, 23 Nov 2021 23:13:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1ANND6cB037962; Tue, 23 Nov 2021 23:13:06 GMT (envelope-from git) Date: Tue, 23 Nov 2021 23:13:06 GMT Message-Id: <202111232313.1ANND6cB037962@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 94280c58116f - stable/13 - ktls: Reject some invalid cipher suites. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 94280c58116f91f77436d8bb50f312492c1bb221 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1637709188; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RCIUOyJ5Ro/0WYU6DwWMYjoV4zFlW4gr7CJVvsi5Gic=; b=SLBAl1PotofYLg1B4xGBlZqbjetI2luJ0x9zyvrpPcd6tmRoXxSKLg/l9TIqNtlPCLSDp5 7hDd8Dk2UeA+X2D2rOJlBdZMbQCJDGgY0Mk4/1xn0AzwpQOfMsx2McSj4+xzp0yWyS+CcW uiBsns0dzK0dIOUhKh0O/lSPSXrSIPfAnLbqFlzEIEJp/w+GrtzpWzoIROz01uS/nj+fEq YJpBH686OOgW6qgQIh0hYpi+BVYKjp/+ZZbMBPweBlcIZFj7UJBOfOtfaX5Q7bObcVLxrY 6JG9m1yaIYyoUras8zUkSDWKnDCT9iDhG8zH5hWcwaH29GUHjfR26lcVXAWgSQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1637709188; a=rsa-sha256; cv=none; b=I93ue/ntl1m1NFK1DjGsW8ceGrrtBYfQjgS4h5M0y/9PbX1eVq6Lmw4k0EUWypJThmiEGB XN3lO1Z+zlbdJl40bxjDlcymbJHYIEgHaXTwCz3HLY/wuSZQmRNc9kLL+ZrGu64vyIxpyx 1s3eMHUMrmswNU0NGh05+J5P8ZxJsPzgdMT2A23mgWkB8v6UaHAUgfznprXfw974BkXNnD vB+2Zof5DoxcCGGC2wQWCP/378+cFTZAjbTxGztSEAwte20DK3gHmyfCgdBtin+gw/p/xn il0FcP1nzVldXNrsP/hcDZ6wfwZWzHI7Le0Jsa8WXsovsp+f+mqH8bg8ezMk+Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=94280c58116f91f77436d8bb50f312492c1bb221 commit 94280c58116f91f77436d8bb50f312492c1bb221 Author: John Baldwin AuthorDate: 2021-11-15 19:28:56 +0000 Commit: John Baldwin CommitDate: 2021-11-23 23:11:53 +0000 ktls: Reject some invalid cipher suites. - Reject AES-CBC cipher suites for TLS 1.0 and TLS 1.1 using auth algorithms other than SHA1-HMAC. - Reject AES-GCM cipher suites for TLS versions older than 1.2. Reviewed by: markj Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D32842 (cherry picked from commit 900a28fe33ef998aaee55cb243f4efa35471da07) --- sys/kern/uipc_ktls.c | 51 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index e9585d06841c..db4ab69e06cf 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -497,40 +497,51 @@ ktls_create_session(struct socket *so, struct tls_enable *en, } if (en->auth_key_len != 0) return (EINVAL); - if ((en->tls_vminor == TLS_MINOR_VER_TWO && - en->iv_len != TLS_AEAD_GCM_LEN) || - (en->tls_vminor == TLS_MINOR_VER_THREE && - en->iv_len != TLS_1_3_GCM_IV_LEN)) + switch (en->tls_vminor) { + case TLS_MINOR_VER_TWO: + if (en->iv_len != TLS_AEAD_GCM_LEN) + return (EINVAL); + break; + case TLS_MINOR_VER_THREE: + if (en->iv_len != TLS_1_3_GCM_IV_LEN) + return (EINVAL); + break; + default: return (EINVAL); + } break; case CRYPTO_AES_CBC: switch (en->auth_algorithm) { case CRYPTO_SHA1_HMAC: - /* - * TLS 1.0 requires an implicit IV. TLS 1.1+ - * all use explicit IVs. - */ - if (en->tls_vminor == TLS_MINOR_VER_ZERO) { - if (en->iv_len != TLS_CBC_IMPLICIT_IV_LEN) - return (EINVAL); - break; - } - - /* FALLTHROUGH */ + break; case CRYPTO_SHA2_256_HMAC: case CRYPTO_SHA2_384_HMAC: - /* Ignore any supplied IV. */ - en->iv_len = 0; + if (en->tls_vminor != TLS_MINOR_VER_TWO) + return (EINVAL); break; default: return (EINVAL); } if (en->auth_key_len == 0) return (EINVAL); - if (en->tls_vminor != TLS_MINOR_VER_ZERO && - en->tls_vminor != TLS_MINOR_VER_ONE && - en->tls_vminor != TLS_MINOR_VER_TWO) + + /* + * TLS 1.0 requires an implicit IV. TLS 1.1 and 1.2 + * use explicit IVs. + */ + switch (en->tls_vminor) { + case TLS_MINOR_VER_ZERO: + if (en->iv_len != TLS_CBC_IMPLICIT_IV_LEN) + return (EINVAL); + break; + case TLS_MINOR_VER_ONE: + case TLS_MINOR_VER_TWO: + /* Ignore any supplied IV. */ + en->iv_len = 0; + break; + default: return (EINVAL); + } break; case CRYPTO_CHACHA20_POLY1305: if (en->auth_algorithm != 0 || en->auth_key_len != 0)