system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 02:37:15 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ossl: Fix handling of separate AAD buffers in ossl_aes_gcm()

Browse source 
Consumers may optionally provide a reference to a separate buffer
containing AAD, but ossl_aes_gcm() didn't handle this and would thus
compute an incorrect digest.

Fixes:		9a3444d91c ("ossl: Add a VAES-based AES-GCM implementation for amd64")
Reviewed by:	jhb
MFC after:	3 days
Sponsored by:	Klara, Inc.
Sponsored by:	Stormshield
Differential Revision:	https://reviews.freebsd.org/D42736
This commit is contained in:
Mark Johnston 2023-11-28 14:35:49 -05:00
parent d2033021a7
commit 87826c87c6
1 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
sys/crypto/openssl/ossl_aes.c
View file

@ -198,14 +198,20 @@ ossl_aes_gcm(struct ossl_session_cipher *s, struct cryptop *crp,
crypto_read_iv(crp, iv);
ctx->ops->setiv(ctx, iv, csp->csp_ivlen);
crypto_cursor_init(&cc_in, &crp->crp_buf);
crypto_cursor_advance(&cc_in, crp->crp_aad_start);
for (size_t alen = crp->crp_aad_length; alen > 0; alen -= seglen) {
inseg = crypto_cursor_segment(&cc_in, &inlen);
seglen = MIN(alen, inlen);
if (ctx->ops->aad(ctx, inseg, seglen) != 0)
if (crp->crp_aad != NULL) {
if (ctx->ops->aad(ctx, crp->crp_aad, crp->crp_aad_length) != 0)
return (EINVAL);
crypto_cursor_advance(&cc_in, seglen);
} else {
crypto_cursor_init(&cc_in, &crp->crp_buf);
crypto_cursor_advance(&cc_in, crp->crp_aad_start);
for (size_t alen = crp->crp_aad_length; alen > 0;
alen -= seglen) {
inseg = crypto_cursor_segment(&cc_in, &inlen);
seglen = MIN(alen, inlen);
if (ctx->ops->aad(ctx, inseg, seglen) != 0)
return (EINVAL);
crypto_cursor_advance(&cc_in, seglen);
}
}
crypto_cursor_init(&cc_in, &crp->crp_buf);