Author: jhb Date: Wed Apr 24 23:27:39 2019 New Revision: 346649 URL: https://svnweb.freebsd.org/changeset/base/346649
Log: Don't panic for empty CCM requests. A request to encrypt an empty payload without any AAD is unusual, but it is defined behavior. Removing this assertion removes a panic and instead returns the correct tag for an empty buffer. Reviewed by: cem, sef MFC after: 2 weeks Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D20043 Modified: head/sys/opencrypto/cbc_mac.c Modified: head/sys/opencrypto/cbc_mac.c ============================================================================== --- head/sys/opencrypto/cbc_mac.c Wed Apr 24 23:18:10 2019 (r346648) +++ head/sys/opencrypto/cbc_mac.c Wed Apr 24 23:27:39 2019 (r346649) @@ -82,9 +82,6 @@ AES_CBC_MAC_Reinit(struct aes_cbc_mac_ctx *ctx, const uint8_t *bp = b0, flags = 0; uint8_t L = 0; uint64_t dataLength = ctx->cryptDataLength; - - KASSERT(ctx->authDataLength != 0 || ctx->cryptDataLength != 0, - ("Auth Data and Data lengths cannot both be 0")); KASSERT(nonceLen >= 7 && nonceLen <= 13, ("nonceLen must be between 7 and 13 bytes")); _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
