[lng-odp] [PATCH] linux-generic: crypto: fix AES-GCM compatibility with old version of OpenSSL
Old version of OpenSSL require SET_TAG to be called before decrypting the data. New versions are compatible either way Signed-off-by: Nicolas Morey-Chaisemartin --- Repost due to previous mail tagged as SPAM platform/linux-generic/odp_crypto.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 65e8503..92bc2f3 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -397,6 +397,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t *params, int plain_len = 0; EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag); /* Authenticate header data (if any) without encrypting them */ if (aad_head < cipherdata) { @@ -414,8 +415,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t *params, auth_len - (aad_tail - aad_head)); } - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag); - if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) < 0) return ODP_CRYPTO_ALG_ERR_ICV_CHECK; ___ lng-odp mailing list lng-odp@lists.linaro.org https://lists.linaro.org/mailman/listinfo/lng-odp
Re: [lng-odp] [PATCH] linux-generic: crypto: fix AES-GCM compatibility with old version of OpenSSL
resend to list (google marked it as spam). Maxim. On 01/12/2016 20:40, Nicolas Morey-Chaisemartin wrote: Old version of OpenSSL require SET_TAG to be called before decrypting the data. New versions are compatible either way Signed-off-by: Nicolas Morey-Chaisemartin --- platform/linux-generic/odp_crypto.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 65e8503..92bc2f3 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -397,6 +397,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t *params, int plain_len = 0; EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag); /* Authenticate header data (if any) without encrypting them */ if (aad_head < cipherdata) { @@ -414,8 +415,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t *params, auth_len - (aad_tail - aad_head)); } - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag); - if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) < 0) return ODP_CRYPTO_ALG_ERR_ICV_CHECK; ___ lng-odp mailing list lng-odp@lists.linaro.org https://lists.linaro.org/mailman/listinfo/lng-odp
[lng-odp] [PATCH] linux-generic: crypto: fix AES-GCM compatibility with old version of OpenSSL
Old version of OpenSSL require SET_TAG to be called before decrypting the data. New versions are compatible either way Signed-off-by: Nicolas Morey-Chaisemartin --- platform/linux-generic/odp_crypto.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 65e8503..92bc2f3 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -397,6 +397,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t *params, int plain_len = 0; EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag); /* Authenticate header data (if any) without encrypting them */ if (aad_head < cipherdata) { @@ -414,8 +415,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t *params, auth_len - (aad_tail - aad_head)); } - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag); - if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) < 0) return ODP_CRYPTO_ALG_ERR_ICV_CHECK; -- 2.6.3.372.gcb93895 ___ lng-odp mailing list lng-odp@lists.linaro.org https://lists.linaro.org/mailman/listinfo/lng-odp