Skip to content
Permalink
Browse files

MFC 346649: Don't panic for empty CCM requests.

A request to encrypt an empty payload without any AAD is unusual, but
it is defined behavior.  Removing this assertion removes a panic and
instead returns the correct tag for an empty buffer.
  • Loading branch information...
bsdjhb committed May 23, 2019
1 parent 0597be1 commit 71cf38a72587fcb47855679e4d7cb03d0bae610c
Showing with 0 additions and 3 deletions.
  1. +0 −3 sys/opencrypto/cbc_mac.c
@@ -82,9 +82,6 @@ AES_CBC_MAC_Reinit(struct aes_cbc_mac_ctx *ctx, const uint8_t *nonce, uint16_t n
uint8_t *bp = b0, flags = 0;
uint8_t L = 0;
uint64_t dataLength = ctx->cryptDataLength;

KASSERT(ctx->authDataLength != 0 || ctx->cryptDataLength != 0,
("Auth Data and Data lengths cannot both be 0"));

KASSERT(nonceLen >= 7 && nonceLen <= 13,
("nonceLen must be between 7 and 13 bytes"));

0 comments on commit 71cf38a

Please sign in to comment.
You can’t perform that action at this time.