[CRYPTO] authenc: Fix hash verification The previous code incorrectly included the hash in the verification which also meant that we'd crash and burn when it comes to actually verifying the hash since we'd go past the end of the SG list. This patch fixes that by subtracting authsize from cryptlen at the start. Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> --- crypto/authenc.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/authenc.c b/crypto/authenc.c --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -174,6 +174,11 @@ static int crypto_authenc_verify(struct unsigned int authsize; int err; + authsize = crypto_aead_authsize(authenc); + if (cryptlen < authsize) + return -EINVAL; + cryptlen -= authsize; + ohash = (u8 *)ALIGN((unsigned long)ohash + crypto_hash_alignmask(auth), crypto_hash_alignmask(auth) + 1); ihash = ohash + crypto_hash_digestsize(auth); @@ -198,7 +203,6 @@ auth_unlock: if (err) return err; - authsize = crypto_aead_authsize(authenc); scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0); return memcmp(ihash, ohash, authsize) ? -EINVAL : 0; } - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
