Allow the setkey function of a transform to fail, eg. when an insufficient

number of key bits is supplied. Only AES and DES/3DES might fail. ok and help markus@
author: hshoexer <hshoexer@openbsd.org> 2004-12-20 20:31:18 +0000
committer: hshoexer <hshoexer@openbsd.org> 2004-12-20 20:31:18 +0000
commit: 650747f93e7fc28d3189b25654fd6a3d50d60895 (patch)
tree: bb281bba173d391579a653cac8caed55061ce6a6 /sys/crypto/cryptosoft.c
parent: RFC documents are not free enough (diff)
download: wireguard-openbsd-650747f93e7fc28d3189b25654fd6a3d50d60895.tar.xz
wireguard-openbsd-650747f93e7fc28d3189b25654fd6a3d50d60895.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c
index f61cc6248c7..dfb2329ccc6 100644
--- a/sys/crypto/cryptosoft.c
+++ b/sys/crypto/cryptosoft.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cryptosoft.c,v 1.41 2004/05/07 14:42:26 millert Exp $	*/
+/*	$OpenBSD: cryptosoft.c,v 1.42 2004/12/20 20:31:18 hshoexer Exp $	*/
 
 /*
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -619,8 +619,11 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri)
 			txf = &enc_xform_null;
 			goto enccommon;
 		enccommon:
-			txf->setkey(&((*swd)->sw_kschedule), cri->cri_key,
-			    cri->cri_klen / 8);
+			if (txf->setkey(&((*swd)->sw_kschedule), cri->cri_key,
+			    cri->cri_klen / 8) < 0) {
+				swcr_freesession(i);
+				return EINVAL;
+			}
 			(*swd)->sw_exf = txf;
 			break;
author	hshoexer <hshoexer@openbsd.org>	2004-12-20 20:31:18 +0000
committer	hshoexer <hshoexer@openbsd.org>	2004-12-20 20:31:18 +0000
commit	650747f93e7fc28d3189b25654fd6a3d50d60895 (patch)
tree	bb281bba173d391579a653cac8caed55061ce6a6 /sys/crypto/cryptosoft.c
parent	RFC documents are not free enough (diff)
download	wireguard-openbsd-650747f93e7fc28d3189b25654fd6a3d50d60895.tar.xz wireguard-openbsd-650747f93e7fc28d3189b25654fd6a3d50d60895.zip