On Tue, Oct 31, 2017 at 03:42:35PM +0100, Romain Izard wrote: > The IV buffer used during CCM operations is used twice, during both the > hashing step and the ciphering step. > > When using a hardware accelerator that updates the contents of the IV > buffer at the end of ciphering operations, the value will be modified. > In the decryption case, the subsequent setup of the hashing algorithm > will interpret the updated IV instead of the original value, which can > lead to out-of-bounds writes. > > Reuse the idata buffer, only used in the hashing step, to preserve the > IV's value during the ciphering step in the decryption case. > > Signed-off-by: Romain Izard <romain.izard.pro@xxxxxxxxx> Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
