Page MenuHomeFreeBSD

opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC
ClosedPublic

Authored by markj on Sep 24 2021, 6:26 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 5, 2:27 AM
Unknown Object (File)
Sat, Oct 4, 8:29 AM
Unknown Object (File)
Wed, Sep 24, 12:56 PM
Unknown Object (File)
Wed, Sep 17, 1:48 PM
Unknown Object (File)
Sep 10 2025, 10:13 AM
Unknown Object (File)
Aug 31 2025, 3:25 AM
Unknown Object (File)
Aug 29 2025, 3:45 PM
Unknown Object (File)
Aug 22 2025, 7:00 AM
Subscribers

Details

Summary

Otherwise we can end up comparing the computed digest with an
uninitialized kernel buffer.

In cryptoaead_op() we already unconditionally fail the request if a
pointer to a digest buffer is not specified.

Based on a patch by Simran Kathpalia.

Reported by: syzkaller

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable