Page MenuHomeFreeBSD

Don't panic for empty CCM requests.

Authored by jhb on Apr 24 2019, 10:45 PM.



A request to encrypt an empty payload without any AAD is unusual, but
it is defined behavior. Removing this assertion removes a panic and
instead returns the correct tag for an empty buffer.

Test Plan
  • 'cryptocheck -d soft -va aes-ccm 0' now gets a result matching OpenSSL instead of triggering a panic

Diff Detail

rS FreeBSD src repository - subversion
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Something made me think that it was not acceptable, but now I can't remember what it was, so it's clearly wrong.

This revision is now accepted and ready to land.Apr 24 2019, 10:46 PM

Yeah, I think we talked about this in one of sef@'s reviews. It might've been a later one, though.

This revision was automatically updated to reflect the committed changes.