From nobody Thu Oct 21 22:04:17 2021
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id BE97C1801469;
	Thu, 21 Oct 2021 22:04:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Hb1jG3dRFz3tf8;
	Thu, 21 Oct 2021 22:04:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0502522C5E;
	Thu, 21 Oct 2021 22:04:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19LM4HpN079554;
	Thu, 21 Oct 2021 22:04:17 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19LM4HV3079553;
	Thu, 21 Oct 2021 22:04:17 GMT
	(envelope-from git)
Date: Thu, 21 Oct 2021 22:04:17 GMT
Message-Id: <202110212204.19LM4HV3079553@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: 4cce6043c7d9 - stable/13 - aesni: Support multiple nonce lengths for AES-CCM.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 4cce6043c7d9be191883ad3a7ed46e8e4a1709af
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=4cce6043c7d9be191883ad3a7ed46e8e4a1709af

commit 4cce6043c7d9be191883ad3a7ed46e8e4a1709af
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-10-06 21:08:47 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-10-21 21:07:45 +0000

    aesni: Support multiple nonce lengths for AES-CCM.
    
    Reviewed by:    sef
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D32112
    
    (cherry picked from commit 8e6af6adfc2cc3d0ea89c20eaa5914e453c48b49)
---
 sys/crypto/aesni/aesni.c     | 13 +++++++++----
 sys/crypto/aesni/aesni_ccm.c | 32 ++++++++------------------------
 2 files changed, 17 insertions(+), 28 deletions(-)

diff --git a/sys/crypto/aesni/aesni.c b/sys/crypto/aesni/aesni.c
index 4debbae12c2b..67dcef123429 100644
--- a/sys/crypto/aesni/aesni.c
+++ b/sys/crypto/aesni/aesni.c
@@ -1,7 +1,7 @@
 /*-
  * Copyright (c) 2005-2008 Pawel Jakub Dawidek <pjd@FreeBSD.org>
  * Copyright (c) 2010 Konstantin Belousov <kib@FreeBSD.org>
- * Copyright (c) 2014 The FreeBSD Foundation
+ * Copyright (c) 2014-2021 The FreeBSD Foundation
  * Copyright (c) 2017 Conrad Meyer <cem@FreeBSD.org>
  * All rights reserved.
  *
@@ -9,6 +9,9 @@
  * under sponsorship of the FreeBSD Foundation and
  * Rubicon Communications, LLC (Netgate).
  *
+ * Portions of this software were developed by Ararat River
+ * Consulting, LLC under sponsorship of the FreeBSD Foundation.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -319,8 +322,7 @@ aesni_probesession(device_t dev, const struct crypto_session_params *csp)
 			if (csp->csp_auth_mlen != 0 &&
 			    csp->csp_auth_mlen != AES_CBC_MAC_HASH_LEN)
 				return (EINVAL);
-			if (csp->csp_ivlen != AES_CCM_IV_LEN ||
-			    !sc->has_aes)
+			if (!sc->has_aes)
 				return (EINVAL);
 			break;
 		default:
@@ -639,9 +641,12 @@ aesni_cipher_process(struct aesni_session *ses, struct cryptop *crp)
 
 	csp = crypto_get_params(crp->crp_session);
 	switch (csp->csp_cipher_alg) {
+	case CRYPTO_AES_CCM_16:
+		if (crp->crp_payload_length > ccm_max_payload_length(csp))
+			return (EMSGSIZE);
+		/* FALLTHROUGH */
 	case CRYPTO_AES_ICM:
 	case CRYPTO_AES_NIST_GCM_16:
-	case CRYPTO_AES_CCM_16:
 		if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0)
 			return (EINVAL);
 		break;
diff --git a/sys/crypto/aesni/aesni_ccm.c b/sys/crypto/aesni/aesni_ccm.c
index fc01e92c697f..9e2fa317b2ed 100644
--- a/sys/crypto/aesni/aesni_ccm.c
+++ b/sys/crypto/aesni/aesni_ccm.c
@@ -1,11 +1,15 @@
 /*-
- * Copyright (c) 2014 The FreeBSD Foundation
+ * Copyright (c) 2014-2021 The FreeBSD Foundation
  * Copyright (c) 2018 iXsystems, Inc
  * All rights reserved.
  *
- * This software was developed by John-Mark Gurney under
- * the sponsorship of the FreeBSD Foundation and
+ * Portions of this software were developed by John-Mark Gurney
+ * under the sponsorship of the FreeBSD Foundation and
  * Rubicon Communications, LLC (Netgate).
+ *
+ * Portions of this software were developed by Ararat River
+ * Consulting, LLC under sponsorship of the FreeBSD Foundation.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -185,12 +189,7 @@ cbc_mac_start(const unsigned char *auth_data, size_t auth_len,
  * however, they're always truncated from 16 bytes, and the tag
  * length isn't passed in.  (This could be fixed by changing the
  * code in aesni.c:aesni_cipher_crypt().)
- * Similarly, although the nonce length is passed in, the
- * OpenCrypto API that calls us doesn't have a way to set the nonce
- * other than by having different crypto algorithm types.  As a result,
- * this is currently always called with nlen=12; this means that we
- * also have a maximum message length of 16 megabytes.  And similarly,
- * since abytes is limited to a 32 bit value here, the AAD is
+ * Since abytes is limited to a 32 bit value here, the AAD is
  * limited to 4 gigabytes or less.
  */
 void
@@ -222,14 +221,6 @@ AES_CCM_encrypt(const unsigned char *in, unsigned char *out,
 	 */
 	L = sizeof(__m128i) - 1 - nlen;
 
-	/*
-	 * Now, this shouldn't happen, but let's make sure that
-	 * the data length isn't too big.
-	 */
-	KASSERT(nbytes <= ((1 << (8 * L)) - 1),
-	    ("%s: nbytes is %u, but length field is %d bytes",
-		__FUNCTION__, nbytes, L));
-
 	/*
 	 * Clear out the blocks
 	 */
@@ -399,13 +390,6 @@ AES_CCM_decrypt(const unsigned char *in, unsigned char *out,
 	 */
 	L = sizeof(__m128i) - 1 - nlen;
 
-	/*
-	 * Now, this shouldn't happen, but let's make sure that
-	 * the data length isn't too big.
-	 */
-	if (nbytes > ((1 << (8 * L)) - 1))
-		panic("%s: nbytes is %u, but length field is %d bytes",
-		      __FUNCTION__, nbytes, L);
 	/*
 	 * Clear out the blocks
 	 */