From b4eba0ca341fb6ad0199ab3f2244aa7e0c4cb34d Mon Sep 17 00:00:00 2001 From: "jmlatten@linux.vnet.ibm.com" Date: Wed, 14 Aug 2013 17:17:57 -0500 Subject: [PATCH] crypto: nx - fix nx-aes-gcm verification This patch fixes a bug in the nx-aes-gcm implementation. Corrected the code so that the authtag is always verified after decrypting and not just when there is associated data included. Also, corrected the code to retrieve the input authtag from src instead of dst. Reviewed-by: Fionnuala Gunter Reviewed-by: Marcelo Cerri Signed-off-by: Joy Latten Signed-off-by: Herbert Xu --- drivers/crypto/nx/nx-aes-gcm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/nx/nx-aes-gcm.c b/drivers/crypto/nx/nx-aes-gcm.c index df90d03afc10..74feee10f943 100644 --- a/drivers/crypto/nx/nx-aes-gcm.c +++ b/drivers/crypto/nx/nx-aes-gcm.c @@ -246,11 +246,11 @@ static int gcm_aes_nx_crypt(struct aead_request *req, int enc) req->dst, nbytes, crypto_aead_authsize(crypto_aead_reqtfm(req)), SCATTERWALK_TO_SG); - } else if (req->assoclen) { + } else { u8 *itag = nx_ctx->priv.gcm.iauth_tag; u8 *otag = csbcpb->cpb.aes_gcm.out_pat_or_mac; - scatterwalk_map_and_copy(itag, req->dst, nbytes, + scatterwalk_map_and_copy(itag, req->src, nbytes, crypto_aead_authsize(crypto_aead_reqtfm(req)), SCATTERWALK_FROM_SG); rc = memcmp(itag, otag, -- 2.20.1