Commit fe70f5df authored by Herbert Xu's avatar Herbert Xu

[CRYPTO] aead: Return EBADMSG for ICV mismatch

This patch changes gcm/authenc to return EBADMSG instead of EINVAL for
ICV mismatches.  This convention has already been adopted by IPsec.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 6160b289
...@@ -200,7 +200,7 @@ static int crypto_authenc_verify(struct aead_request *req, ...@@ -200,7 +200,7 @@ static int crypto_authenc_verify(struct aead_request *req,
authsize = crypto_aead_authsize(authenc); authsize = crypto_aead_authsize(authenc);
scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0); scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0);
return memcmp(ihash, ohash, authsize) ? -EINVAL : 0; return memcmp(ihash, ohash, authsize) ? -EBADMSG: 0;
} }
static void crypto_authenc_decrypt_done(struct crypto_async_request *req, static void crypto_authenc_decrypt_done(struct crypto_async_request *req,
......
...@@ -327,7 +327,7 @@ static int crypto_gcm_decrypt(struct aead_request *req) ...@@ -327,7 +327,7 @@ static int crypto_gcm_decrypt(struct aead_request *req)
scatterwalk_map_and_copy(iauth_tag, req->src, cryptlen, authsize, 0); scatterwalk_map_and_copy(iauth_tag, req->src, cryptlen, authsize, 0);
if (memcmp(iauth_tag, auth_tag, authsize)) if (memcmp(iauth_tag, auth_tag, authsize))
return -EINVAL; return -EBADMSG;
return crypto_ablkcipher_decrypt(&abreq); return crypto_ablkcipher_decrypt(&abreq);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment