diff options
| author | Taras Kondratiuk <taras.kondratiuk@linaro.org> | 2014-12-16 16:19:28 +0200 |
|---|---|---|
| committer | Maxim Uvarov <maxim.uvarov@linaro.org> | 2014-12-18 16:45:03 +0300 |
| commit | 5d01546306787a92e695b4828206a6b8b9c422bc (patch) | |
| tree | aba9866fd5a0b43621ab079bc07e5c2f53174192 /platform/linux-generic | |
| parent | a75f7a0b76bda95bd7492904702aba7729df5af0 (diff) | |
linux-generic: crypto: always make a copy of IV
DES library modifies IV buffer in-place. Current code handles this
correctly only in case of encryption operation with session IV.
To prevent user buffer modifications always make a copy of a
provided IV.
Signed-off-by: Taras Kondratiuk <taras.kondratiuk@linaro.org>
Reviewed-by: Robbie King <robking@cisco.com>
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Diffstat (limited to 'platform/linux-generic')
| -rw-r--r-- | platform/linux-generic/odp_crypto.c | 50 |
1 files changed, 28 insertions, 22 deletions
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 7490d527d..27d68197c 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -147,30 +147,25 @@ enum crypto_alg_err des_encrypt(odp_crypto_op_params_t *params, { uint8_t *data = odp_packet_data(params->out_pkt); uint32_t len = params->cipher_range.length; - DES_cblock *iv = NULL; - DES_cblock iv_temp; + DES_cblock iv; + void *iv_ptr; + + if (params->override_iv_ptr) + iv_ptr = params->override_iv_ptr; + else if (session->cipher.iv.data) + iv_ptr = session->cipher.iv.data; + else + return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; /* * Create a copy of the IV. The DES library modifies IV * and if we are processing packets on parallel threads * we could get corruption. */ - if (session->cipher.iv.data) { - memcpy(iv_temp, session->cipher.iv.data, sizeof(iv_temp)); - iv = &iv_temp; - } + memcpy(iv, iv_ptr, sizeof(iv)); /* Adjust pointer for beginning of area to cipher */ data += params->cipher_range.offset; - - /* Override IV if requested */ - if (params->override_iv_ptr) - iv = (DES_cblock *)params->override_iv_ptr; - - /* No session or operation IV */ - if (!iv) - return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; - /* Encrypt it */ DES_ede3_cbc_encrypt(data, data, @@ -178,7 +173,7 @@ enum crypto_alg_err des_encrypt(odp_crypto_op_params_t *params, &session->cipher.data.des.ks1, &session->cipher.data.des.ks2, &session->cipher.data.des.ks3, - iv, + &iv, 1); return ODP_CRYPTO_ALG_ERR_NONE; @@ -190,15 +185,26 @@ enum crypto_alg_err des_decrypt(odp_crypto_op_params_t *params, { uint8_t *data = odp_packet_data(params->out_pkt); uint32_t len = params->cipher_range.length; - DES_cblock *iv = (DES_cblock *)session->cipher.iv.data; + DES_cblock iv; + void *iv_ptr; + + if (params->override_iv_ptr) + iv_ptr = params->override_iv_ptr; + else if (session->cipher.iv.data) + iv_ptr = session->cipher.iv.data; + else + return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; + + /* + * Create a copy of the IV. The DES library modifies IV + * and if we are processing packets on parallel threads + * we could get corruption. + */ + memcpy(iv, iv_ptr, sizeof(iv)); /* Adjust pointer for beginning of area to cipher */ data += params->cipher_range.offset; - /* Override IV if requested */ - if (params->override_iv_ptr) - iv = (DES_cblock *)params->override_iv_ptr; - /* Decrypt it */ DES_ede3_cbc_encrypt(data, data, @@ -206,7 +212,7 @@ enum crypto_alg_err des_decrypt(odp_crypto_op_params_t *params, &session->cipher.data.des.ks1, &session->cipher.data.des.ks2, &session->cipher.data.des.ks3, - iv, + &iv, 0); return ODP_CRYPTO_ALG_ERR_NONE; |