From 928384869490921c8ed04dc2aa155cbca53eaefa Mon Sep 17 00:00:00 2001
From: Gordon Tetlow <gordon@FreeBSD.org>
Date: Tue, 12 May 2020 16:59:09 +0000
Subject: [PATCH] Fix insufficient cryptodev MAC key length check.

Approved by:	so
Security:	FreeBSD-SA-20:16.cryptodev
Security:	CVE-2019-15880
---
 sys/opencrypto/cryptodev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c
index 8feee00b7a8..ff8455528db 100644
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@@ -602,8 +602,8 @@ cryptof_ioctl(
 		if (thash) {
 			cria.cri_alg = thash->type;
 			cria.cri_klen = sop->mackeylen * 8;
-			if (thash->keysize != 0 &&
-			    sop->mackeylen > thash->keysize) {
+			if (sop->mackeylen > thash->keysize ||
+			    sop->mackeylen < 0) {
 				CRYPTDEB("invalid mac key length");
 				error = EINVAL;
 				SDT_PROBE1(opencrypto, dev, ioctl, error,
-- 
2.45.0