diff options
author | Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> | 2017-05-05 04:14:34 +0300 |
---|---|---|
committer | Maxim Uvarov <maxim.uvarov@linaro.org> | 2017-06-16 16:51:11 +0300 |
commit | 697c3be9b2155379dee458d66335442375a9354d (patch) | |
tree | cdfeadbb7c2a86f9ed09ce5bba41f650c6236672 /platform/linux-generic | |
parent | 2ffff0bc3e07678214a413b5eb89da13e7624055 (diff) |
linux: crypto: fix checking of GCM tags
Currently odp_crypto code will happily accept wrong tags, because the
check for EVP_DecryptFinal_ex return code is incorrect. This function
returns 0 if tag is incorrect, not < 0.
https://bugs.linaro.org/show_bug.cgi?id=3003
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Reviewed-and-tested-by: Bill Fischofer <bill.fischofer@linaro.org>
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Diffstat (limited to 'platform/linux-generic')
-rw-r--r-- | platform/linux-generic/odp_crypto.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 6963ee625..157a41520 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -384,7 +384,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, auth_len - (aad_tail - aad_head)); } - if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) < 0) + if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) <= 0) return ODP_CRYPTO_ALG_ERR_ICV_CHECK; return ODP_CRYPTO_ALG_ERR_NONE; |