git: ff9b4d5d031f - stable/13 - cryptosoft: Reject AES-CCM/GCM sessions with invalid key lengths.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 29 Apr 2022 20:55:03 UTC
The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=ff9b4d5d031f2cf7b53877bcb1adc1cc0d12ec1b commit ff9b4d5d031f2cf7b53877bcb1adc1cc0d12ec1b Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2021-12-09 19:52:41 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2022-04-29 20:50:04 +0000 cryptosoft: Reject AES-CCM/GCM sessions with invalid key lengths. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33195 (cherry picked from commit c172a407fb0d2e6b4389625ebf604b5a2f831054) --- sys/opencrypto/cryptosoft.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c index b6c964b540bc..b77a86e8b93a 100644 --- a/sys/opencrypto/cryptosoft.c +++ b/sys/opencrypto/cryptosoft.c @@ -1508,6 +1508,15 @@ swcr_probesession(device_t dev, const struct crypto_session_params *csp) switch (csp->csp_cipher_alg) { case CRYPTO_AES_NIST_GCM_16: case CRYPTO_AES_CCM_16: + switch (csp->csp_cipher_klen * 8) { + case 128: + case 192: + case 256: + break; + default: + return (EINVAL); + } + break; case CRYPTO_CHACHA20_POLY1305: break; default: