d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't panic for empty CCM requests.

Browse Source 
A request to encrypt an empty payload without any AAD is unusual, but
it is defined behavior.  Removing this assertion removes a panic and
instead returns the correct tag for an empty buffer.

Reviewed by:	cem, sef
MFC after:	2 weeks
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D20043
This commit is contained in:
John Baldwin 2019-04-24 23:27:39 +00:00
parent a2ad169e61
commit 8ccf3d974f
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/opencrypto/cbc_mac.c
View File

@ -82,9 +82,6 @@ AES_CBC_MAC_Reinit(struct aes_cbc_mac_ctx *ctx, const uint8_t *nonce, uint16_t n
uint8_t *bp = b0, flags = 0;
uint8_t L = 0;
uint64_t dataLength = ctx->cryptDataLength;
KASSERT(ctx->authDataLength != 0 || ctx->cryptDataLength != 0,
("Auth Data and Data lengths cannot both be 0"));
KASSERT(nonceLen >= 7 && nonceLen <= 13,
("nonceLen must be between 7 and 13 bytes"));