[CRYPTO] authenc: Fix hash verification
The previous code incorrectly included the hash in the verification which
also meant that we'd crash and burn when it comes to actually verifying
the hash since we'd go past the end of the SG list.
This patch fixes that by subtracting authsize from cryptlen at the start.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
---
crypto/authenc.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/crypto/authenc.c b/crypto/authenc.c
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -174,6 +174,11 @@ static int crypto_authenc_verify(struct
unsigned int authsize;
int err;
+ authsize = crypto_aead_authsize(authenc);
+ if (cryptlen < authsize)
+ return -EINVAL;
+ cryptlen -= authsize;
+
ohash = (u8 *)ALIGN((unsigned long)ohash + crypto_hash_alignmask(auth),
crypto_hash_alignmask(auth) + 1);
ihash = ohash + crypto_hash_digestsize(auth);
@@ -198,7 +203,6 @@ auth_unlock:
if (err)
return err;
- authsize = crypto_aead_authsize(authenc);
scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0);
return memcmp(ihash, ohash, authsize) ? -EINVAL : 0;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
