svn commit: r356911 - stable/12/sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Mon Jan 20 11:54:01 UTC 2020
Author: jhb
Date: Mon Jan 20 11:54:00 2020
New Revision: 356911
URL: https://svnweb.freebsd.org/changeset/base/356911
Log:
MFC 356561: Add stricter checking on mac key lengths.
Negative lengths are always invalid. The key length should also
be zero for hash algorithms that do not accept a key.
admbugs: 949
Modified:
stable/12/sys/opencrypto/cryptodev.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/opencrypto/cryptodev.c
==============================================================================
--- stable/12/sys/opencrypto/cryptodev.c Mon Jan 20 11:45:18 2020 (r356910)
+++ stable/12/sys/opencrypto/cryptodev.c Mon Jan 20 11:54:00 2020 (r356911)
@@ -585,8 +585,8 @@ cryptof_ioctl(
if (thash) {
cria.cri_alg = thash->type;
cria.cri_klen = sop->mackeylen * 8;
- if (thash->keysize != 0 &&
- sop->mackeylen > thash->keysize) {
+ if (sop->mackeylen > thash->keysize ||
+ sop->mackeylen < 0) {
CRYPTDEB("invalid mac key length");
error = EINVAL;
SDT_PROBE1(opencrypto, dev, ioctl, error,
More information about the svn-src-stable-12
mailing list