crypto: nx - fix nx-aes-gcm verification
authorjmlatten@linux.vnet.ibm.com <jmlatten@linux.vnet.ibm.com>
Wed, 14 Aug 2013 22:17:57 +0000 (17:17 -0500)
committerHerbert Xu <herbert@gondor.apana.org.au>
Wed, 21 Aug 2013 11:08:38 +0000 (21:08 +1000)
This patch fixes a bug in the nx-aes-gcm implementation.
Corrected the code so that the authtag is always verified after
decrypting and not just when there is associated data included.
Also, corrected the code to retrieve the input authtag from src
instead of dst.

Reviewed-by: Fionnuala Gunter <fin@linux.vnet.ibm.com>
Reviewed-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drivers/crypto/nx/nx-aes-gcm.c

index df90d03afc104f0e95311e6afe37982395af4403..74feee10f943aa0acd87b6b9fb15c194e6f4787f 100644 (file)
@@ -246,11 +246,11 @@ static int gcm_aes_nx_crypt(struct aead_request *req, int enc)
                                 req->dst, nbytes,
                                 crypto_aead_authsize(crypto_aead_reqtfm(req)),
                                 SCATTERWALK_TO_SG);
-       } else if (req->assoclen) {
+       } else {
                u8 *itag = nx_ctx->priv.gcm.iauth_tag;
                u8 *otag = csbcpb->cpb.aes_gcm.out_pat_or_mac;
 
-               scatterwalk_map_and_copy(itag, req->dst, nbytes,
+               scatterwalk_map_and_copy(itag, req->src, nbytes,
                                 crypto_aead_authsize(crypto_aead_reqtfm(req)),
                                 SCATTERWALK_FROM_SG);
                rc = memcmp(itag, otag,