Commit 7c2f227a authored by Mark Johnston's avatar Mark Johnston
Browse files

opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC

Otherwise we can end up comparing the computed digest with an
uninitialized kernel buffer.

In cryptoaead_op() we already unconditionally fail the request if a
pointer to a digest buffer is not specified.

Based on a patch by Simran Kathpalia.

Reported by:	syzkaller
Reviewed by:	jhb
MFC after:	1 week
Pull Request:
Differential Revision:
parent 1a25c51e
...@@ -889,7 +889,7 @@ cryptodev_op(struct csession *cse, const struct crypt_op *cop) ...@@ -889,7 +889,7 @@ cryptodev_op(struct csession *cse, const struct crypt_op *cop)
dst += cse->ivsize; dst += cse->ivsize;
} }
if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
error = copyin(cop->mac, cod->buf + crp->crp_digest_start, error = copyin(cop->mac, cod->buf + crp->crp_digest_start,
cse->hashsize); cse->hashsize);
if (error) { if (error) {
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment