Don't panic for empty CCM requests.

A request to encrypt an empty payload without any AAD is unusual, but
it is defined behavior.  Removing this assertion removes a panic and
instead returns the correct tag for an empty buffer.

Reviewed by:	cem, sef
MFC after:	2 weeks
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D20043
This commit is contained in:
John Baldwin 2019-04-24 23:27:39 +00:00
parent a2ad169e61
commit 8ccf3d974f

View File

@ -83,9 +83,6 @@ AES_CBC_MAC_Reinit(struct aes_cbc_mac_ctx *ctx, const uint8_t *nonce, uint16_t n
uint8_t L = 0; uint8_t L = 0;
uint64_t dataLength = ctx->cryptDataLength; uint64_t dataLength = ctx->cryptDataLength;
KASSERT(ctx->authDataLength != 0 || ctx->cryptDataLength != 0,
("Auth Data and Data lengths cannot both be 0"));
KASSERT(nonceLen >= 7 && nonceLen <= 13, KASSERT(nonceLen >= 7 && nonceLen <= 13,
("nonceLen must be between 7 and 13 bytes")); ("nonceLen must be between 7 and 13 bytes"));