linux: crypto: fix checking of GCM tags

Currently odp_crypto code will happily accept wrong tags, because the check for EVP_DecryptFinal_ex return code is incorrect. This function returns 0 if tag is incorrect, not < 0. https://bugs.linaro.org/show_bug.cgi?id=3003 Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> Reviewed-and-tested-by: Bill Fischofer <bill.fischofer@linaro.org> Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
author: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> 2017-05-05 04:14:34 +0300
committer: Maxim Uvarov <maxim.uvarov@linaro.org> 2017-06-16 16:51:11 +0300
commit: 697c3be9b2155379dee458d66335442375a9354d (patch)
tree: cdfeadbb7c2a86f9ed09ce5bba41f650c6236672 /platform/linux-generic
parent: 2ffff0bc3e07678214a413b5eb89da13e7624055 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index 6963ee625..157a41520 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -384,7 +384,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 				  auth_len - (aad_tail - aad_head));
 	}
 
-	if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) < 0)
+	if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) <= 0)
 		return ODP_CRYPTO_ALG_ERR_ICV_CHECK;
 
 	return ODP_CRYPTO_ALG_ERR_NONE;
author	Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>	2017-05-05 04:14:34 +0300
committer	Maxim Uvarov <maxim.uvarov@linaro.org>	2017-06-16 16:51:11 +0300
commit	697c3be9b2155379dee458d66335442375a9354d (patch)
tree	cdfeadbb7c2a86f9ed09ce5bba41f650c6236672 /platform/linux-generic
parent	2ffff0bc3e07678214a413b5eb89da13e7624055 (diff)