Fix AEAD handling of authentication failures.
Gilad Ben-Yossef (2):
crypto: ccree: use the full crypt length value
crypto: ccree: use std api sg_zero_buffer
drivers/crypto/ccree/cc_aead.c | 3 ++-
drivers/crypto/ccree/cc_buffer_mgr.c | 21 ---------------------
drivers/crypto/ccree/cc_buffer_mgr.h | 2 --
3 files changed, 2 insertions(+), 24 deletions(-)
--
2.21.0
In case of AEAD decryption verifcation error we were using the
wrong value to zero out the plaintext buffer leaving the end of
the buffer with the false plaintext.
Signed-off-by: Gilad Ben-Yossef <[email protected]>
Fixes: ff27e85a85bb ("crypto: ccree - add AEAD support")
CC: [email protected] # v4.17+
---
drivers/crypto/ccree/cc_aead.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
index 19abb872329c..8a6c825d40e8 100644
--- a/drivers/crypto/ccree/cc_aead.c
+++ b/drivers/crypto/ccree/cc_aead.c
@@ -268,7 +268,7 @@ static void cc_aead_complete(struct device *dev, void *cc_req, int err)
/* In case of payload authentication failure, MUST NOT
* revealed the decrypted message --> zero its memory.
*/
- cc_zero_sgl(areq->dst, areq_ctx->cryptlen);
+ cc_zero_sgl(areq->dst, areq->cryptlen);
err = -EBADMSG;
}
/*ENCRYPT*/
--
2.21.0
On Mon, Jul 29, 2019 at 01:40:17PM +0300, Gilad Ben-Yossef wrote:
> Fix AEAD handling of authentication failures.
>
> Gilad Ben-Yossef (2):
> crypto: ccree: use the full crypt length value
> crypto: ccree: use std api sg_zero_buffer
>
> drivers/crypto/ccree/cc_aead.c | 3 ++-
> drivers/crypto/ccree/cc_buffer_mgr.c | 21 ---------------------
> drivers/crypto/ccree/cc_buffer_mgr.h | 2 --
> 3 files changed, 2 insertions(+), 24 deletions(-)
All applied. Thanks.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt