ubsec(4) doesn't support explicitly provided keys. Return an error instead

of encrypting/decrypting data with a wrong key.
author: pjd <pjd@FreeBSD.org> 2006-04-10 18:37:46 +0000
committer: pjd <pjd@FreeBSD.org> 2006-04-10 18:37:46 +0000
commit: 23fa0188112e2637e2d02278960def09f6d3cba4 (patch)
tree: 415b8871aee70dcaeb7372601763de6c8c123e96 /sys/dev/ubsec
parent: d84c042d263d6eee5435c0cfb536f2e81f811e6f (diff)
download: FreeBSD-src-23fa0188112e2637e2d02278960def09f6d3cba4.zip
FreeBSD-src-23fa0188112e2637e2d02278960def09f6d3cba4.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/dev/ubsec/ubsec.c b/sys/dev/ubsec/ubsec.c
index 338ce63..eec7d48 100644
--- a/sys/dev/ubsec/ubsec.c
+++ b/sys/dev/ubsec/ubsec.c
@@ -1077,6 +1077,13 @@ ubsec_process(void *arg, struct cryptop *crp, int hint)
 	}
 	crd2 = crd1->crd_next;
 
+	if ((crd1->crd_flags & CRD_F_KEY_EXPLICIT) ||
+	    (crd2 != NULL && (crd2->crd_flags & CRD_F_KEY_EXPLICIT))) {
+		ubsecstats.hst_badflags++;
+		err = EINVAL;
+		goto errout;
+	}
+
 	if (crd2 == NULL) {
 		if (crd1->crd_alg == CRYPTO_MD5_HMAC ||
 		    crd1->crd_alg == CRYPTO_SHA1_HMAC) {
author	pjd <pjd@FreeBSD.org>	2006-04-10 18:37:46 +0000
committer	pjd <pjd@FreeBSD.org>	2006-04-10 18:37:46 +0000
commit	23fa0188112e2637e2d02278960def09f6d3cba4 (patch)
tree	415b8871aee70dcaeb7372601763de6c8c123e96 /sys/dev/ubsec
parent	d84c042d263d6eee5435c0cfb536f2e81f811e6f (diff)
download	FreeBSD-src-23fa0188112e2637e2d02278960def09f6d3cba4.zip FreeBSD-src-23fa0188112e2637e2d02278960def09f6d3cba4.tar.gz