svn commit: r356911 - stable/12/sys/opencrypto

John Baldwin jhb at FreeBSD.org
Mon Jan 20 11:54:01 UTC 2020


Author: jhb
Date: Mon Jan 20 11:54:00 2020
New Revision: 356911
URL: https://svnweb.freebsd.org/changeset/base/356911

Log:
  MFC 356561: Add stricter checking on mac key lengths.
  
  Negative lengths are always invalid.  The key length should also
  be zero for hash algorithms that do not accept a key.
  
  admbugs:	949

Modified:
  stable/12/sys/opencrypto/cryptodev.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/opencrypto/cryptodev.c
==============================================================================
--- stable/12/sys/opencrypto/cryptodev.c	Mon Jan 20 11:45:18 2020	(r356910)
+++ stable/12/sys/opencrypto/cryptodev.c	Mon Jan 20 11:54:00 2020	(r356911)
@@ -585,8 +585,8 @@ cryptof_ioctl(
 		if (thash) {
 			cria.cri_alg = thash->type;
 			cria.cri_klen = sop->mackeylen * 8;
-			if (thash->keysize != 0 &&
-			    sop->mackeylen > thash->keysize) {
+			if (sop->mackeylen > thash->keysize ||
+			    sop->mackeylen < 0) {
 				CRYPTDEB("invalid mac key length");
 				error = EINVAL;
 				SDT_PROBE1(opencrypto, dev, ioctl, error,


More information about the svn-src-all mailing list