mirror of
https://github.com/torvalds/linux.git
synced 2024-12-05 10:32:35 +00:00
crypto: bcm - check assoclen for rfc4543/rfc4106
Validated assoclen for RFC4543 which expects an assoclen of 16 or 20, the same as RFC4106. Based on seqiv, IPsec ESP and RFC4543/RFC4106 the assoclen is sizeof IP Header (spi, seq_no, extended seq_no) and IV len. This can be 16 or 20 bytes. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
b93ecf4296
commit
b3553effaf
@ -2629,6 +2629,19 @@ static int aead_need_fallback(struct aead_request *req)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* RFC4106 and RFC4543 cannot handle the case where AAD is other than
|
||||
* 16 or 20 bytes long. So use fallback in this case.
|
||||
*/
|
||||
if (ctx->cipher.mode == CIPHER_MODE_GCM &&
|
||||
ctx->cipher.alg == CIPHER_ALG_AES &&
|
||||
rctx->iv_ctr_len == GCM_RFC4106_IV_SIZE &&
|
||||
req->assoclen != 16 && req->assoclen != 20) {
|
||||
flow_log("RFC4106/RFC4543 needs fallback for assoclen"
|
||||
" other than 16 or 20 bytes\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
payload_len = req->cryptlen;
|
||||
if (spu->spu_type == SPU_TYPE_SPUM)
|
||||
payload_len += req->assoclen;
|
||||
|
Loading…
Reference in New Issue
Block a user