git: aa2681752d0d - main - cryptosoft: Don't treat CRYPTO_NULL_HMAC as an hmac algorithm.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 15 Dec 2021 21:33:32 UTC
The branch main has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=aa2681752d0d4f8829f3b1ff8de137980b838bd0
commit aa2681752d0d4f8829f3b1ff8de137980b838bd0
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-12-15 21:28:30 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-12-15 21:33:15 +0000
cryptosoft: Don't treat CRYPTO_NULL_HMAC as an hmac algorithm.
Despite it's name, CRYPTO_NULL_HMAC is actually an unkeyed digest
similar to plain SHA-1 rather than a keyed HMAC algorithm.
Reported by: syzbot+17d7c656f1a797b0faae@syzkaller.appspotmail.com
Discussed with: markj
Fixes: 6113a08b98e4 cryptosoft: Fully support per-operation keys for auth algorithms.
Sponsored by: The FreeBSD Foundation
---
sys/opencrypto/cryptosoft.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index 54a44592b1f2..ebbc90aac05b 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -1219,7 +1219,6 @@ swcr_setup_auth(struct swcr_session *ses,
case CRYPTO_SHA2_256_HMAC:
case CRYPTO_SHA2_384_HMAC:
case CRYPTO_SHA2_512_HMAC:
- case CRYPTO_NULL_HMAC:
case CRYPTO_RIPEMD160_HMAC:
swa->sw_hmac = true;
if (csp->csp_auth_key != NULL) {
@@ -1238,6 +1237,7 @@ swcr_setup_auth(struct swcr_session *ses,
case CRYPTO_SHA2_256:
case CRYPTO_SHA2_384:
case CRYPTO_SHA2_512:
+ case CRYPTO_NULL_HMAC:
axf->Init(swa->sw_ictx);
break;
case CRYPTO_AES_NIST_GMAC: