The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=c172a407fb0d2e6b4389625ebf604b5a2f831054
commit c172a407fb0d2e6b4389625ebf604b5a2f831054 Author: John Baldwin <[email protected]> AuthorDate: 2021-12-09 19:52:41 +0000 Commit: John Baldwin <[email protected]> CommitDate: 2021-12-09 19:52:41 +0000 cryptosoft: Reject AES-CCM/GCM sessions with invalid key lengths. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33195 --- sys/opencrypto/cryptosoft.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c index 5013cf145288..84caf9d8c676 100644 --- a/sys/opencrypto/cryptosoft.c +++ b/sys/opencrypto/cryptosoft.c @@ -1508,6 +1508,15 @@ swcr_probesession(device_t dev, const struct crypto_session_params *csp) switch (csp->csp_cipher_alg) { case CRYPTO_AES_NIST_GCM_16: case CRYPTO_AES_CCM_16: + switch (csp->csp_cipher_klen * 8) { + case 128: + case 192: + case 256: + break; + default: + return (EINVAL); + } + break; case CRYPTO_CHACHA20_POLY1305: break; default:
