Commit d04c1276 authored by Mark Johnston's avatar Mark Johnston
Browse files

opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC

Otherwise we can end up comparing the computed digest with an
uninitialized kernel buffer.

In cryptoaead_op() we already unconditionally fail the request if a
pointer to a digest buffer is not specified.

Based on a patch by Simran Kathpalia.

Reported by:	syzkaller
Reviewed by:	jhb
Pull Request:	https://github.com/freebsd/freebsd-src/pull/529

(cherry picked from commit 7c2f227a)
parent 8b1039f9
......@@ -943,7 +943,7 @@ cryptodev_op(struct csession *cse, const struct crypt_op *cop)
dst += cse->ivsize;
}
if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
error = copyin(cop->mac, cod->buf + crp->crp_digest_start,
cse->hashsize);
if (error) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment