From 650747f93e7fc28d3189b25654fd6a3d50d60895 Mon Sep 17 00:00:00 2001 From: hshoexer Date: Mon, 20 Dec 2004 20:31:18 +0000 Subject: Allow the setkey function of a transform to fail, eg. when an insufficient number of key bits is supplied. Only AES and DES/3DES might fail. ok and help markus@ --- sys/crypto/cryptosoft.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'sys/crypto/cryptosoft.c') diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c index f61cc6248c7..dfb2329ccc6 100644 --- a/sys/crypto/cryptosoft.c +++ b/sys/crypto/cryptosoft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.c,v 1.41 2004/05/07 14:42:26 millert Exp $ */ +/* $OpenBSD: cryptosoft.c,v 1.42 2004/12/20 20:31:18 hshoexer Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -619,8 +619,11 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) txf = &enc_xform_null; goto enccommon; enccommon: - txf->setkey(&((*swd)->sw_kschedule), cri->cri_key, - cri->cri_klen / 8); + if (txf->setkey(&((*swd)->sw_kschedule), cri->cri_key, + cri->cri_klen / 8) < 0) { + swcr_freesession(i); + return EINVAL; + } (*swd)->sw_exf = txf; break; -- cgit v1.2.3-59-g8ed1b