On Tue, Jul 30, 2019 at 04:05:07PM +0000, Hook, Gary wrote:
> Additional testing features added to the crypto framework (including fuzzy
> probing and variations of the lengths of input parameters such as AAD and
> authsize) expose some gaps in robustness and function in the CCP driver.
> Address these gaps:
> Input text is allowed to be zero bytes in length. In this case no
> encryption/decryption occurs, and certain data structures are not
> allocated. Don't clean up what doesn't exist.
> Valid auth tag sizes are 4, 8, 12, 13, 14, 15 or 16 bytes.
> Note: since the CCP driver has been designed to be used directly, add
>       validation of the authsize parameter at this layer.
> AES GCM defines the input text for decryption as the concatenation of
> the AAD, the ciphertext, and the tag. Only the cipher text needs to
> be decrypted; the tag is simple used for comparison.
> Gary R Hook (3):
>   crypto: ccp - Fix oops by properly managing allocated structures
>   crypto: ccp - Add support for valid authsize values less than 16
>   crypto: ccp - Ignore tag length when decrypting GCM ciphertext
>  drivers/crypto/ccp/ccp-crypto-aes-galois.c | 14 +++++++++
>  drivers/crypto/ccp/ccp-ops.c               | 33 ++++++++++++++++------
>  include/linux/ccp.h                        |  2 ++
>  3 files changed, 40 insertions(+), 9 deletions(-)

All applied.  Thanks.
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply via email to