[CRYPTO] authenc: Fix hash verification

The previous code incorrectly included the hash in the verification which also meant that we'd crash and burn when it comes to actually verifying the hash since we'd go past the end of the SG list. This patch fixes that by subtracting authsize from cryptlen at the start. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

[CRYPTO] authenc: Fix hash verification
The previous code incorrectly included the hash in the verification which also meant that we'd crash and burn when it comes to actually verifying the hash since we'd go past the end of the SG list. This patch fixes that by subtracting authsize from cryptlen at the start. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu
1 parent e236d4a89a
Showing 1 changed file with 10 additions and 4 deletions Side-by-side Diff
crypto/authenc.c
@@ -158,7 +158,8 @@
 	return crypto_authenc_hash(req);
 }
  
-static int crypto_authenc_verify(struct aead_request *req)
+static int crypto_authenc_verify(struct aead_request *req,
+				 unsigned int cryptlen)
 {
 	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
 	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
@@ -170,7 +171,6 @@
 	u8 *ohash = aead_request_ctx(req);
 	u8 *ihash;
 	struct scatterlist *src = req->src;
-	unsigned int cryptlen = req->cryptlen;
 	unsigned int authsize;
 	int err;
  
  
  
@@ -214,16 +214,22 @@
 	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
 	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
 	struct ablkcipher_request *abreq = aead_request_ctx(req);
+	unsigned int cryptlen = req->cryptlen;
+	unsigned int authsize = crypto_aead_authsize(authenc);
 	int err;
  
-	err = crypto_authenc_verify(req);
+	if (cryptlen < authsize)
+		return -EINVAL;
+	cryptlen -= authsize;
+
+	err = crypto_authenc_verify(req, cryptlen);
 	if (err)
 		return err;
  
 	ablkcipher_request_set_tfm(abreq, ctx->enc);
 	ablkcipher_request_set_callback(abreq, aead_request_flags(req),
 					crypto_authenc_decrypt_done, req);
-	ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen,
+	ablkcipher_request_set_crypt(abreq, req->src, req->dst, cryptlen,
 				     req->iv);
  
 	return crypto_ablkcipher_decrypt(abreq);
...	...	@@ -158,7 +158,8 @@
158	158	return crypto_authenc_hash(req);
159	159	}
160	160
161		-static int crypto_authenc_verify(struct aead_request *req)
	161	+static int crypto_authenc_verify(struct aead_request *req,
	162	+ unsigned int cryptlen)
162	163	{
163	164	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
164	165	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
...	...	@@ -170,7 +171,6 @@
170	171	u8 *ohash = aead_request_ctx(req);
171	172	u8 *ihash;
172	173	struct scatterlist *src = req->src;
173		- unsigned int cryptlen = req->cryptlen;
174	174	unsigned int authsize;
175	175	int err;
176	176
177	177
178	178
...	...	@@ -214,16 +214,22 @@
214	214	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
215	215	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
216	216	struct ablkcipher_request *abreq = aead_request_ctx(req);
	217	+ unsigned int cryptlen = req->cryptlen;
	218	+ unsigned int authsize = crypto_aead_authsize(authenc);
217	219	int err;
218	220
219		- err = crypto_authenc_verify(req);
	221	+ if (cryptlen < authsize)
	222	+ return -EINVAL;
	223	+ cryptlen -= authsize;
	224	+
	225	+ err = crypto_authenc_verify(req, cryptlen);
220	226	if (err)
221	227	return err;
222	228
223	229	ablkcipher_request_set_tfm(abreq, ctx->enc);
224	230	ablkcipher_request_set_callback(abreq, aead_request_flags(req),
225	231	crypto_authenc_decrypt_done, req);
226		- ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen,
	232	+ ablkcipher_request_set_crypt(abreq, req->src, req->dst, cryptlen,
227	233	req->iv);
228	234
229	235	return crypto_ablkcipher_decrypt(abreq);