git: 7e9e6d5d491c - releng/14.0 - ossl: Fix handling of separate AAD buffers in ossl_aes_gcm()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 05 Dec 2023 18:27:31 UTC
The branch releng/14.0 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=7e9e6d5d491cd844677331980cc2ea92b9130ed1
commit 7e9e6d5d491cd844677331980cc2ea92b9130ed1
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-11-28 19:35:49 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-12-04 14:01:24 +0000
ossl: Fix handling of separate AAD buffers in ossl_aes_gcm()
Consumers may optionally provide a reference to a separate buffer
containing AAD, but ossl_aes_gcm() didn't handle this and would thus
compute an incorrect digest.
Fixes: 9a3444d91c70 ("ossl: Add a VAES-based AES-GCM implementation for amd64")
Reviewed by: jhb
MFC after: 3 days
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D42736
Approved by: so
Security: FreeBSD-EN-23:17.ossl
(cherry picked from commit 87826c87c63b2995cb69e9c1a624c7e20dd70fcd)
(cherry picked from commit 24cd42aeb6232b4678f45dc6d242e8982dbea8e6)
---
sys/crypto/openssl/ossl_aes.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/sys/crypto/openssl/ossl_aes.c b/sys/crypto/openssl/ossl_aes.c
index 84d694a7199f..40162b6943df 100644
--- a/sys/crypto/openssl/ossl_aes.c
+++ b/sys/crypto/openssl/ossl_aes.c
@@ -199,14 +199,20 @@ ossl_aes_gcm(struct ossl_session_cipher *s, struct cryptop *crp,
crypto_read_iv(crp, iv);
ctx->ops->setiv(ctx, iv, csp->csp_ivlen);
- crypto_cursor_init(&cc_in, &crp->crp_buf);
- crypto_cursor_advance(&cc_in, crp->crp_aad_start);
- for (size_t alen = crp->crp_aad_length; alen > 0; alen -= seglen) {
- inseg = crypto_cursor_segment(&cc_in, &inlen);
- seglen = MIN(alen, inlen);
- if (ctx->ops->aad(ctx, inseg, seglen) != 0)
+ if (crp->crp_aad != NULL) {
+ if (ctx->ops->aad(ctx, crp->crp_aad, crp->crp_aad_length) != 0)
return (EINVAL);
- crypto_cursor_advance(&cc_in, seglen);
+ } else {
+ crypto_cursor_init(&cc_in, &crp->crp_buf);
+ crypto_cursor_advance(&cc_in, crp->crp_aad_start);
+ for (size_t alen = crp->crp_aad_length; alen > 0;
+ alen -= seglen) {
+ inseg = crypto_cursor_segment(&cc_in, &inlen);
+ seglen = MIN(alen, inlen);
+ if (ctx->ops->aad(ctx, inseg, seglen) != 0)
+ return (EINVAL);
+ crypto_cursor_advance(&cc_in, seglen);
+ }
}
crypto_cursor_init(&cc_in, &crp->crp_buf);