From nobody Tue Nov 23 23:13:06 2021
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A248318A2282;
	Tue, 23 Nov 2021 23:13:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4HzKgR1hJPz3vn4;
	Tue, 23 Nov 2021 23:13:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E78431F725;
	Tue, 23 Nov 2021 23:13:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1ANND6k1037963;
	Tue, 23 Nov 2021 23:13:06 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1ANND6cB037962;
	Tue, 23 Nov 2021 23:13:06 GMT
	(envelope-from git)
Date: Tue, 23 Nov 2021 23:13:06 GMT
Message-Id: <202111232313.1ANND6cB037962@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: 94280c58116f - stable/13 - ktls: Reject some invalid cipher suites.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 94280c58116f91f77436d8bb50f312492c1bb221
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1637709188;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=RCIUOyJ5Ro/0WYU6DwWMYjoV4zFlW4gr7CJVvsi5Gic=;
	b=SLBAl1PotofYLg1B4xGBlZqbjetI2luJ0x9zyvrpPcd6tmRoXxSKLg/l9TIqNtlPCLSDp5
	7hDd8Dk2UeA+X2D2rOJlBdZMbQCJDGgY0Mk4/1xn0AzwpQOfMsx2McSj4+xzp0yWyS+CcW
	uiBsns0dzK0dIOUhKh0O/lSPSXrSIPfAnLbqFlzEIEJp/w+GrtzpWzoIROz01uS/nj+fEq
	YJpBH686OOgW6qgQIh0hYpi+BVYKjp/+ZZbMBPweBlcIZFj7UJBOfOtfaX5Q7bObcVLxrY
	6JG9m1yaIYyoUras8zUkSDWKnDCT9iDhG8zH5hWcwaH29GUHjfR26lcVXAWgSQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1637709188; a=rsa-sha256; cv=none;
	b=I93ue/ntl1m1NFK1DjGsW8ceGrrtBYfQjgS4h5M0y/9PbX1eVq6Lmw4k0EUWypJThmiEGB
	XN3lO1Z+zlbdJl40bxjDlcymbJHYIEgHaXTwCz3HLY/wuSZQmRNc9kLL+ZrGu64vyIxpyx
	1s3eMHUMrmswNU0NGh05+J5P8ZxJsPzgdMT2A23mgWkB8v6UaHAUgfznprXfw974BkXNnD
	vB+2Zof5DoxcCGGC2wQWCP/378+cFTZAjbTxGztSEAwte20DK3gHmyfCgdBtin+gw/p/xn
	il0FcP1nzVldXNrsP/hcDZ6wfwZWzHI7Le0Jsa8WXsovsp+f+mqH8bg8ezMk+Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=94280c58116f91f77436d8bb50f312492c1bb221

commit 94280c58116f91f77436d8bb50f312492c1bb221
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-11-15 19:28:56 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-11-23 23:11:53 +0000

    ktls: Reject some invalid cipher suites.
    
    - Reject AES-CBC cipher suites for TLS 1.0 and TLS 1.1 using auth
      algorithms other than SHA1-HMAC.
    
    - Reject AES-GCM cipher suites for TLS versions older than 1.2.
    
    Reviewed by:    markj
    Sponsored by:   Netflix
    Differential Revision:  https://reviews.freebsd.org/D32842
    
    (cherry picked from commit 900a28fe33ef998aaee55cb243f4efa35471da07)
---
 sys/kern/uipc_ktls.c | 51 +++++++++++++++++++++++++++++++--------------------
 1 file changed, 31 insertions(+), 20 deletions(-)

diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index e9585d06841c..db4ab69e06cf 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -497,40 +497,51 @@ ktls_create_session(struct socket *so, struct tls_enable *en,
 		}
 		if (en->auth_key_len != 0)
 			return (EINVAL);
-		if ((en->tls_vminor == TLS_MINOR_VER_TWO &&
-			en->iv_len != TLS_AEAD_GCM_LEN) ||
-		    (en->tls_vminor == TLS_MINOR_VER_THREE &&
-			en->iv_len != TLS_1_3_GCM_IV_LEN))
+		switch (en->tls_vminor) {
+		case TLS_MINOR_VER_TWO:
+			if (en->iv_len != TLS_AEAD_GCM_LEN)
+				return (EINVAL);
+			break;
+		case TLS_MINOR_VER_THREE:
+			if (en->iv_len != TLS_1_3_GCM_IV_LEN)
+				return (EINVAL);
+			break;
+		default:
 			return (EINVAL);
+		}
 		break;
 	case CRYPTO_AES_CBC:
 		switch (en->auth_algorithm) {
 		case CRYPTO_SHA1_HMAC:
-			/*
-			 * TLS 1.0 requires an implicit IV.  TLS 1.1+
-			 * all use explicit IVs.
-			 */
-			if (en->tls_vminor == TLS_MINOR_VER_ZERO) {
-				if (en->iv_len != TLS_CBC_IMPLICIT_IV_LEN)
-					return (EINVAL);
-				break;
-			}
-
-			/* FALLTHROUGH */
+			break;
 		case CRYPTO_SHA2_256_HMAC:
 		case CRYPTO_SHA2_384_HMAC:
-			/* Ignore any supplied IV. */
-			en->iv_len = 0;
+			if (en->tls_vminor != TLS_MINOR_VER_TWO)
+				return (EINVAL);
 			break;
 		default:
 			return (EINVAL);
 		}
 		if (en->auth_key_len == 0)
 			return (EINVAL);
-		if (en->tls_vminor != TLS_MINOR_VER_ZERO &&
-		    en->tls_vminor != TLS_MINOR_VER_ONE &&
-		    en->tls_vminor != TLS_MINOR_VER_TWO)
+
+		/*
+		 * TLS 1.0 requires an implicit IV.  TLS 1.1 and 1.2
+		 * use explicit IVs.
+		 */
+		switch (en->tls_vminor) {
+		case TLS_MINOR_VER_ZERO:
+			if (en->iv_len != TLS_CBC_IMPLICIT_IV_LEN)
+				return (EINVAL);
+			break;
+		case TLS_MINOR_VER_ONE:
+		case TLS_MINOR_VER_TWO:
+			/* Ignore any supplied IV. */
+			en->iv_len = 0;
+			break;
+		default:
 			return (EINVAL);
+		}
 		break;
 	case CRYPTO_CHACHA20_POLY1305:
 		if (en->auth_algorithm != 0 || en->auth_key_len != 0)