git: ff9b4d5d031f - stable/13 - cryptosoft: Reject AES-CCM/GCM sessions with invalid key lengths.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 29 Apr 2022 20:55:03 UTC
The branch stable/13 has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=ff9b4d5d031f2cf7b53877bcb1adc1cc0d12ec1b
commit ff9b4d5d031f2cf7b53877bcb1adc1cc0d12ec1b
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-12-09 19:52:41 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-04-29 20:50:04 +0000
cryptosoft: Reject AES-CCM/GCM sessions with invalid key lengths.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33195
(cherry picked from commit c172a407fb0d2e6b4389625ebf604b5a2f831054)
---
sys/opencrypto/cryptosoft.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index b6c964b540bc..b77a86e8b93a 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -1508,6 +1508,15 @@ swcr_probesession(device_t dev, const struct crypto_session_params *csp)
switch (csp->csp_cipher_alg) {
case CRYPTO_AES_NIST_GCM_16:
case CRYPTO_AES_CCM_16:
+ switch (csp->csp_cipher_klen * 8) {
+ case 128:
+ case 192:
+ case 256:
+ break;
+ default:
+ return (EINVAL);
+ }
+ break;
case CRYPTO_CHACHA20_POLY1305:
break;
default: