2 files changed, 11 insertions, 3 deletions

diff --git a/sys/dev/softraid_crypto.c b/sys/dev/softraid_crypto.c
index 1994300fec1..5145caa6e2d 100644
--- a/sys/dev/softraid_crypto.c
+++ b/sys/dev/softraid_crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: softraid_crypto.c,v 1.136 2017/06/12 15:15:08 jsing Exp $ */
+/* $OpenBSD: softraid_crypto.c,v 1.137 2017/06/12 16:39:51 jsing Exp $ */
 /*
  * Copyright (c) 2007 Marco Peereboom <marco@peereboom.us>
  * Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org>
@@ -137,7 +137,13 @@ sr_crypto_create(struct sr_discipline *sd, struct bioc_createraid *bc,
 		sr_error(sd->sd_sc, "%s requires exactly one chunk",
 		    sd->sd_name);
 		goto done;
-        }
+	}
+
+	if (coerced_size > SR_CRYPTO_MAXSIZE) {
+		sr_error(sd->sd_sc, "%s exceeds maximum size (%lli > %llu)",
+		    sd->sd_name, coerced_size, SR_CRYPTO_MAXSIZE);
+		goto done;
+	}
 
 	/* Create crypto optional metadata. */
 	omi = malloc(sizeof(struct sr_meta_opt_item), M_DEVBUF,
diff --git a/sys/dev/softraidvar.h b/sys/dev/softraidvar.h
index 84451149aff..935d868e2eb 100644
--- a/sys/dev/softraidvar.h
+++ b/sys/dev/softraidvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: softraidvar.h,v 1.166 2016/12/24 22:49:38 yasuoka Exp $ */
+/* $OpenBSD: softraidvar.h,v 1.167 2017/06/12 16:39:51 jsing Exp $ */
 /*
  * Copyright (c) 2006 Marco Peereboom <marco@peereboom.us>
  * Copyright (c) 2008 Chris Kuethe <ckuethe@openbsd.org>
@@ -37,6 +37,8 @@
 #define SR_CRYPTO_KDFHINTBYTES	256	/* size of opaque KDF hint */
 #define SR_CRYPTO_CHECKBYTES	64	/* size of generic key chksum struct */
 #define SR_CRYPTO_KEY_BLKSHIFT	30	/* 0.5TB per key */
+#define SR_CRYPTO_KEY_BLKSIZE	(1ULL << SR_CRYPTO_KEY_BLKSHIFT)
+#define SR_CRYPTO_MAXSIZE	(SR_CRYPTO_KEY_BLKSIZE * SR_CRYPTO_MAXKEYS)
 
 /*
  * sr_crypto_genkdf is a generic hint for the KDF performed in userland and