[v1,1/2] linux: crypto: fix checking of GCM tags

Message ID	1493949605-8819-3-git-send-email-odpbot@yandex.ru
State	Superseded
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; From: Github ODP bot <odpbot@yandex.ru> To: lng-odp@lists.linaro.org Date: Fri, 5 May 2017 05:00:05 +0300 Message-Id: <1493949605-8819-3-git-send-email-odpbot@yandex.ru> In-Reply-To: <1493949605-8819-1-git-send-email-odpbot@yandex.ru> References: <1493949605-8819-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 23 Subject: [lng-odp] [PATCH v1 1/2] linux: crypto: fix checking of GCM tags Precedence: list Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>
Series	[v1,1/2] linux: crypto: fix checking of GCM tags \| expand [v1,2/2] test: crypto: add AES-GCM tests with wrong tag value [v1,1/2] linux: crypto: fix checking of GCM tags

Message ID

1493949605-8819-3-git-send-email-odpbot@yandex.ru

State

Superseded

Headers

Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org
	designates 54.225.227.206 as permitted sender)
	client-ip=54.225.227.206; 
From: Github ODP bot <odpbot@yandex.ru>
To: lng-odp@lists.linaro.org
Date: Fri,  5 May 2017 05:00:05 +0300
Message-Id: <1493949605-8819-3-git-send-email-odpbot@yandex.ru>
In-Reply-To: <1493949605-8819-1-git-send-email-odpbot@yandex.ru>
References: <1493949605-8819-1-git-send-email-odpbot@yandex.ru>
Github-pr-num: 23
Subject: [lng-odp] [PATCH v1 1/2] linux: crypto: fix checking of GCM tags
Precedence: list
Errors-To: lng-odp-bounces@lists.linaro.org
Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>

Series

[v1,1/2] linux: crypto: fix checking of GCM tags | expand

Commit Message

Github ODP bot May 5, 2017, 2 a.m. UTC

From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Currently odp_crypto code will happily accept wrong tags, because the
check for EVP_DecryptFinal_ex return code is incorrect. This function
returns 0 if tag is incorrect, not < 0.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 23 (lumag:crypto-gcm)
 ** https://github.com/Linaro/odp/pull/23
 ** Patch: https://github.com/Linaro/odp/pull/23.patch
 ** Base sha: 79ba737a404d2833ad33d8f84ed6ce82c9a8c18e
 ** Merge commit sha: 112534710993d985f65827b45c81fc8fa9dec40f
 **/
 platform/linux-generic/odp_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index b432f84..d05dea1 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -384,7 +384,7 @@  odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 				  auth_len - (aad_tail - aad_head));
 	}
 
-	if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) < 0)
+	if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) <= 0)
 		return ODP_CRYPTO_ALG_ERR_ICV_CHECK;
 
 	return ODP_CRYPTO_ALG_ERR_NONE;