diff --git a/FreeBSD-EN-23:17.ossl b/FreeBSD-EN-23:17.ossl --- /dev/null +++ b/FreeBSD-EN-23:17.ossl @@ -0,0 +1,128 @@ +============================================================================= +FreeBSD-EN-23:17.ossl Errata Notice + The FreeBSD Project + +Topic: ossl(4)'s AES-GCM implementation may give incorrect results + +Category: core +Module: ossl +Announced: 2023-XX-XX +Affects: FreeBSD 14.0 +Corrected: 2023-XX-XX XX:XX:XX UTC (stable/14, 14.0-STABLE) + 2023-XX-XX XX:XX:XX UTC (releng/14.0, 14.0-RELEASE-pXX) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +ossl(4) is a kernel module which implements some cryptographic +operations using implementations derived from OpenSSL and integrated +into the FreeBSD kernel's OpenCrypto Framework (OCF). + +II. Problem Description + +ossl(4) contains an implementation of AES-GCM for amd64. This +implementation does not properly implement some aspects of the OCF +interface. In particular, ossl(4) AES-GCM sessions are not thread-safe, +and do not handle an AAD buffer outside of the main plaintext/ciphertext +buffer. The former bug affects consumers which dispatch multiple +requests in parallel on a single session, such as ZFS when encrypted +datasets are configured. External AAD buffers are used by some network +features such as ktls(4). + +III. Impact + +On amd64 systems, ossl(4) could give incorrect output for AES-GCM +operations if consumers trigger either of the bugs described above. +This could, for example, result in packet loss, if ossl is used to +encrypt/decrypt tunnelled traffic, or data corruption if ossl is used to +encrypt/decrypt filesystem data. + +Users are not affected by default, as ossl.ko is not loaded by default. +To be affected, a system must either be running a custom kernel which +contains ossl(4), or be configured to load ossl.ko via loader.conf(5). + +IV. Workaround + +Disable the use of ossl(4), either by removing it from loader.conf or +the kernel configuration, and reboot the system. The built-in aesni(4) +module implements all of the same operations as ossl. + +V. Solution + + + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. +[XX Needs reboot? Mention please] + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +[XX Needs reboot? Mention please] + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.4] +# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch +# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch.asc +# gpg --verify XXXX.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +------------------------------------------------------------------------- +stable/14/ 118b866d9c39 stable/14-n265898 +releng/14.0/ XXXXXXXXXXXX releng/14.0-nXXXXXX +------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + + + + + +The latest revision of this advisory is available at +