Commit b3553eff authored by Iuliana Prodan's avatar Iuliana Prodan Committed by Herbert Xu

crypto: bcm - check assoclen for rfc4543/rfc4106

Validated assoclen for RFC4543 which expects an assoclen
of 16 or 20, the same as RFC4106.
Based on seqiv, IPsec ESP and RFC4543/RFC4106 the assoclen is sizeof
IP Header (spi, seq_no, extended seq_no) and IV len. This can be 16 or
20 bytes.
Signed-off-by: default avatarIuliana Prodan <iuliana.prodan@nxp.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent b93ecf42
......@@ -2629,6 +2629,19 @@ static int aead_need_fallback(struct aead_request *req)
return 1;
}
/*
* RFC4106 and RFC4543 cannot handle the case where AAD is other than
* 16 or 20 bytes long. So use fallback in this case.
*/
if (ctx->cipher.mode == CIPHER_MODE_GCM &&
ctx->cipher.alg == CIPHER_ALG_AES &&
rctx->iv_ctr_len == GCM_RFC4106_IV_SIZE &&
req->assoclen != 16 && req->assoclen != 20) {
flow_log("RFC4106/RFC4543 needs fallback for assoclen"
" other than 16 or 20 bytes\n");
return 1;
}
payload_len = req->cryptlen;
if (spu->spu_type == SPU_TYPE_SPUM)
payload_len += req->assoclen;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment