git: c172a407fb0d - main - cryptosoft: Reject AES-CCM/GCM sessions with invalid key lengths.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 09 Dec 2021 20:17:41 UTC
The branch main has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=c172a407fb0d2e6b4389625ebf604b5a2f831054
commit c172a407fb0d2e6b4389625ebf604b5a2f831054
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-12-09 19:52:41 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-12-09 19:52:41 +0000
cryptosoft: Reject AES-CCM/GCM sessions with invalid key lengths.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33195
---
sys/opencrypto/cryptosoft.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index 5013cf145288..84caf9d8c676 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -1508,6 +1508,15 @@ swcr_probesession(device_t dev, const struct crypto_session_params *csp)
switch (csp->csp_cipher_alg) {
case CRYPTO_AES_NIST_GCM_16:
case CRYPTO_AES_CCM_16:
+ switch (csp->csp_cipher_klen * 8) {
+ case 128:
+ case 192:
+ case 256:
+ break;
+ default:
+ return (EINVAL);
+ }
+ break;
case CRYPTO_CHACHA20_POLY1305:
break;
default: