From patchwork Sat Jan 28 20:40:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 92754 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp810498qgi; Sat, 28 Jan 2017 12:40:23 -0800 (PST) X-Received: by 10.99.170.70 with SMTP id x6mr16280312pgo.14.1485636023574; Sat, 28 Jan 2017 12:40:23 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v1si8081348pfg.106.2017.01.28.12.40.23; Sat, 28 Jan 2017 12:40:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751961AbdA1UkS (ORCPT + 1 other); Sat, 28 Jan 2017 15:40:18 -0500 Received: from mail-wm0-f52.google.com ([74.125.82.52]:37818 "EHLO mail-wm0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751960AbdA1UkS (ORCPT ); Sat, 28 Jan 2017 15:40:18 -0500 Received: by mail-wm0-f52.google.com with SMTP id c206so192353550wme.0 for ; Sat, 28 Jan 2017 12:40:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=wHpdra61rCO3ropMdqIsjlUGp2X09xnN2reQ0F9qK8Y=; b=IPJnfBGpZOmf849wwkOfj1Cp1r1eeSpR9pTfAfzyo/AG6DS8EWkD7Dd0f4keGSRS2Y JVdOQfJHf2QUQ4q7fZmhHoSMeJgwk/G+YdCrcoJ22C3lCVW5WGCIlxYrBFyu0axlMCaM L5ge2gzQ8plC5blChSiTNkXtN/8e1P8bQywM0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=wHpdra61rCO3ropMdqIsjlUGp2X09xnN2reQ0F9qK8Y=; b=UHSd7AyuzZjJApmECZXv8UblfzhSNYbVdE1OcmIbBan81wknvQyPo3aoHxh9STTXYa r3o373FwrU/CKjbvj9Ak9J1HbAV+8E2J8wV0oClzoYHI7GtOFu1m9M0ZBoORtET7UjNe 4UUf508Iv/j7i/rjoS6AcSwb7cVzFTv8xIepIz60G5KvpVDWbMnIuZeRSMSVxk9LW/ao DgZ6oGgelpY0sNV7oyOu/T9GLshd3JriTGWLzJTK4k/ebFqTQGqSCZ9EScE8Ubn69De0 nQRI6XkRwZkmjwIwZBA0oNIkaOC3xKCitP1u1ej7XGOeoOiBxx1cABCVwaPdXpTeOofL dzXQ== X-Gm-Message-State: AIkVDXIJaA4SP5YSC0AL/2UDKyUxhKmXJ9xXwypzXEE6Z1keJmrMrzvfywtiFJV6S7UNcrzg X-Received: by 10.28.100.132 with SMTP id y126mr7999021wmb.116.1485636016875; Sat, 28 Jan 2017 12:40:16 -0800 (PST) Received: from localhost.localdomain ([160.163.215.165]) by smtp.gmail.com with ESMTPSA id v102sm14504619wrb.11.2017.01.28.12.40.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 28 Jan 2017 12:40:15 -0800 (PST) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, Ard Biesheuvel Subject: [PATCH -stable] crypto: ccm - deal with CTR ciphers that honour iv_out Date: Sat, 28 Jan 2017 20:40:05 +0000 Message-Id: <1485636005-5192-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The skcipher API mandates that chaining modes involving IVs calculate an outgoing IV value that is suitable for encrypting additional blocks of data. This means the CCM driver cannot assume that req->iv points to the original IV value when it calls crypto_ccm_auth. So pass a copy to the skcipher instead. Signed-off-by: Ard Biesheuvel --- crypto/ccm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/crypto/ccm.c b/crypto/ccm.c index b388ac6edfb9..8976ef9bc2e7 100644 --- a/crypto/ccm.c +++ b/crypto/ccm.c @@ -362,7 +362,7 @@ static int crypto_ccm_decrypt(struct aead_request *req) unsigned int cryptlen = req->cryptlen; u8 *authtag = pctx->auth_tag; u8 *odata = pctx->odata; - u8 *iv = req->iv; + u8 iv[16]; int err; cryptlen -= authsize; @@ -378,6 +378,7 @@ static int crypto_ccm_decrypt(struct aead_request *req) if (req->src != req->dst) dst = pctx->dst; + memcpy(iv, req->iv, sizeof(iv)); skcipher_request_set_tfm(skreq, ctx->ctr); skcipher_request_set_callback(skreq, pctx->flags, crypto_ccm_decrypt_done, req);