From fbb739eb267b044ccd8998fbc4cb30373da24eb6 Mon Sep 17 00:00:00 2001
From: krw <krw@openbsd.org>
Date: Sun, 29 Mar 2020 13:43:13 +0000
Subject: [PATCH] Don't access past end of cc_alg[] when trying to avoid
 unregistering an invalid algorithm.

CID 1453298

ok kettenis@ (with suggested improvements to come)
---
 sys/crypto/crypto.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys/crypto/crypto.c b/sys/crypto/crypto.c
index 84574284a56..6a07880846f 100644
--- a/sys/crypto/crypto.c
+++ b/sys/crypto/crypto.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto.c,v 1.80 2017/11/30 16:31:12 visa Exp $	*/
+/*	$OpenBSD: crypto.c,v 1.81 2020/03/29 13:43:13 krw Exp $	*/
 /*
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
  *
@@ -331,9 +331,9 @@ crypto_unregister(u_int32_t driverid, int alg)
 
 	/* Sanity checks. */
 	if (driverid >= crypto_drivers_num || crypto_drivers == NULL ||
-	    ((alg <= 0 || alg > CRYPTO_ALGORITHM_MAX) &&
-		alg != CRYPTO_ALGORITHM_MAX + 1) ||
-	    crypto_drivers[driverid].cc_alg[alg] == 0) {
+	    alg <= 0 || alg > (CRYPTO_ALGORITHM_MAX + 1) ||
+	    (alg != (CRYPTO_ALGORITHM_MAX + 1) &&
+	    crypto_drivers[driverid].cc_alg[alg] == 0)) {
 		splx(s);
 		return EINVAL;
 	}