d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bbbed78aaa
freebsd-dev/sys/netipsec
History
John Baldwin 897e43124e Don't pass bogus keys down for NULL algorithms. 
The changes in r359374 added various sanity checks in sessions and
requests created by crypto consumers in part to permit backend drivers
to make assumptions instead of duplicating checks for various edge
cases.  One of the new checks was to reject sessions which provide a
pointer to a key while claiming the key is zero bits long.

IPsec ESP tripped over this as it passes along whatever key is
provided for NULL, including a pointer to a zero-length key when an
empty string ("") is used with setkey(8).  One option would be to
teach the IPsec key layer to not allocate keys of zero length, but I
went with a simpler fix of just not passing any keys down and always
using a key length of zero for NULL algorithms.

PR:		245832
Reported by:	CI
2020-05-02 01:00:29 +00:00
..
ah_var.h
ah.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
esp_var.h
esp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipcomp_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipcomp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec6.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec_input.c Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook 2017-07-31 11:04:35 +00:00
ipsec_mbuf.c Merge r1.22-1.23 from NetBSD: 2018-04-26 12:23:31 +00:00
ipsec_mod.c
ipsec_output.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ipsec_pcb.c Remove unused argument to priv_check_cred. 2018-12-11 19:32:16 +00:00
ipsec_support.h
ipsec.c Remove support for IPsec algorithms deprecated in r348205 and r360202. 2020-05-02 00:06:58 +00:00
ipsec.h Remove support for IPsec algorithms deprecated in r348205 and r360202. 2020-05-02 00:06:58 +00:00
key_debug.c r335795 build fix: make static functions static 2018-06-29 14:51:36 +00:00
key_debug.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key.c Remove support for IPsec algorithms deprecated in r348205 and r360202. 2020-05-02 00:06:58 +00:00
key.h Replace read_random(9) with more appropriate arc4rand(9) KPIs 2019-04-04 01:02:50 +00:00
keydb.h OCF: Add a typedef for session identifiers 2018-07-13 23:46:07 +00:00
keysock.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
keysock.h Remove obsoleted and unused key_sendup() function. 2018-03-11 18:03:55 +00:00
subr_ipsec.c Fix witness warning in xform_init(). 2018-09-26 14:47:51 +00:00
udpencap.c Fix possible double releasing for SA reference. 2017-09-01 11:51:07 +00:00
xform_ah.c Don't pass bogus keys down for NULL algorithms. 2020-05-02 01:00:29 +00:00
xform_esp.c Don't pass bogus keys down for NULL algorithms. 2020-05-02 01:00:29 +00:00
xform_ipcomp.c Refactor driver and consumer interfaces for OCF (in-kernel crypto). 2020-03-27 18:25:23 +00:00
xform_tcp.c fix locking within tcp_ipsec_pcbctl() to match ipsec4_pcbctl(), ipsec4_pcbctl() 2018-07-04 17:10:07 +00:00
xform.h Refactor driver and consumer interfaces for OCF (in-kernel crypto). 2020-03-27 18:25:23 +00:00