Page MenuHomeFreeBSD

opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC
ClosedPublic

Authored by markj on Sep 24 2021, 6:26 PM.

Details

Summary

Otherwise we can end up comparing the computed digest with an
uninitialized kernel buffer.

In cryptoaead_op() we already unconditionally fail the request if a
pointer to a digest buffer is not specified.

Based on a patch by Simran Kathpalia.

Reported by: syzkaller

Diff Detail

Repository
rG FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.