opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC

Otherwise we can end up comparing the computed digest with an uninitialized kernel buffer. In cryptoaead_op() we already unconditionally fail the request if a pointer to a digest buffer is not specified. Based on a patch by Simran Kathpalia. Reported by: syzkaller Reviewed by: jhb MFC after: 1 week Pull Request: https://github.com/freebsd/freebsd-src/pull/529 Differential Revision: https://reviews.freebsd.org/D32124
2021-09-24 15:04:45 -04:00 · 2021-09-24 15:04:45 -04:00 · 7c2f227a17
commit 7c2f227a17
parent 1a25c51e38
1 changed files with 1 additions and 1 deletions
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@ -889,7 +889,7 @@ cryptodev_op(struct csession *cse, const struct crypt_op *cop)
 		dst += cse->ivsize;
 	}

-	if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
+	if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
 		error = copyin(cop->mac, cod->buf + crp->crp_digest_start,
 		    cse->hashsize);
 		if (error) {