upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-04 17:05:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

cryptosoft: Don't treat CRYPTO_NULL_HMAC as an hmac algorithm.

Browse source 
Despite it's name, CRYPTO_NULL_HMAC is actually an unkeyed digest
similar to plain SHA-1 rather than a keyed HMAC algorithm.

Reported by:	syzbot+17d7c656f1a797b0faae@syzkaller.appspotmail.com
Discussed with:	markj
Fixes:		6113a08b98 cryptosoft: Fully support per-operation keys for auth algorithms.
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
John Baldwin 2021-12-15 13:28:30 -08:00
parent 5a925e4644
commit aa2681752d
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/opencrypto/cryptosoft.c
View file

@ -1219,7 +1219,6 @@ swcr_setup_auth(struct swcr_session *ses,
case CRYPTO_SHA2_256_HMAC:
case CRYPTO_SHA2_384_HMAC:
case CRYPTO_SHA2_512_HMAC:
case CRYPTO_NULL_HMAC:
case CRYPTO_RIPEMD160_HMAC:
swa->sw_hmac = true;
if (csp->csp_auth_key != NULL) {
@ -1238,6 +1237,7 @@ swcr_setup_auth(struct swcr_session *ses,
case CRYPTO_SHA2_256:
case CRYPTO_SHA2_384:
case CRYPTO_SHA2_512:
case CRYPTO_NULL_HMAC:
axf->Init(swa->sw_ictx);
break;
case CRYPTO_AES_NIST_GMAC: