From a4071b836a496570fbc0647b522984a444e6d4a2 Mon Sep 17 00:00:00 2001
From: pjd <pjd@FreeBSD.org>
Date: Thu, 20 Apr 2006 06:31:44 +0000
Subject: padlock(4) doesn't support explicitly provided keys yet. Return an
 error instead of encrypting/decrypting data with a wrong key.

---
 sys/crypto/via/padlock.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sys/crypto')

diff --git a/sys/crypto/via/padlock.c b/sys/crypto/via/padlock.c
index 33dbae8..606747f 100644
--- a/sys/crypto/via/padlock.c
+++ b/sys/crypto/via/padlock.c
@@ -366,6 +366,10 @@ padlock_process(void *arg __unused, struct cryptop *crp, int hint __unused)
 		err = EINVAL;
 		goto out;
 	}
+	if ((crd->crd_flags & CRD_F_KEY_EXPLICIT) != 0) {
+		err = EINVAL;
+		goto out;
+	}
 
 	mtx_lock(&sc->sc_sessions_mtx);
 	TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) {
-- 
cgit v1.1