commit fe16637ad740c451227918efede4d6625d2bebf6
Author: John Baldwin <jhb@FreeBSD.org>
Date:   Thu Jun 16 16:34:41 2022 -0700

    crypto: Fix assertions for digest-only sessions with separate output.
    
    Digest-only sessions do not generate modified payload as an output, so
    don't bother asserting anything about the payload with respect to the
    output buffer other than the payload output start being zero.
    
    In addition, a verify request on a digest-only session doesn't
    generate any output at all so should never have a separate output
    buffer.
    
    Co-authored-by:  Jeremy Faulkner <gldisater@gmail.com>

diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c
index fde1316595e5..db96dd06d42c 100644
--- a/sys/opencrypto/crypto.c
+++ b/sys/opencrypto/crypto.c
@@ -1372,6 +1372,11 @@ crp_sanity(struct cryptop *crp)
 	if (out == NULL) {
 		KASSERT(crp->crp_payload_output_start == 0,
 		    ("payload output start non-zero without output buffer"));
+	} else if (csp->csp_mode == CSP_MODE_DIGEST) {
+		KASSERT(!(crp->crp_op & CRYPTO_OP_VERIFY_DIGEST),
+		    ("digest verify with separate output buffer"));
+		KASSERT(crp->crp_payload_output_start == 0,
+		    ("digest verify with non-zero payload output start"));
 	} else {
 		KASSERT(crp->crp_payload_output_start == 0 ||
 		    crp->crp_payload_output_start < olen,