Don't panic for empty CCM requests.
A request to encrypt an empty payload without any AAD is unusual, but it is defined behavior. Removing this assertion removes a panic and instead returns the correct tag for an empty buffer. Reviewed by: cem, sef MFC after: 2 weeks Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D20043
This commit is contained in:
parent
a2ad169e61
commit
8ccf3d974f
@ -82,9 +82,6 @@ AES_CBC_MAC_Reinit(struct aes_cbc_mac_ctx *ctx, const uint8_t *nonce, uint16_t n
|
|||||||
uint8_t *bp = b0, flags = 0;
|
uint8_t *bp = b0, flags = 0;
|
||||||
uint8_t L = 0;
|
uint8_t L = 0;
|
||||||
uint64_t dataLength = ctx->cryptDataLength;
|
uint64_t dataLength = ctx->cryptDataLength;
|
||||||
|
|
||||||
KASSERT(ctx->authDataLength != 0 || ctx->cryptDataLength != 0,
|
|
||||||
("Auth Data and Data lengths cannot both be 0"));
|
|
||||||
|
|
||||||
KASSERT(nonceLen >= 7 && nonceLen <= 13,
|
KASSERT(nonceLen >= 7 && nonceLen <= 13,
|
||||||
("nonceLen must be between 7 and 13 bytes"));
|
("nonceLen must be between 7 and 13 bytes"));
|
||||||
|
Loading…
x
Reference in New Issue
Block a user