omap-aes-gcm: fix corrupt output buffers

Francis Le Bourse francis.lebourse at
Fri Jan 19 11:23:40 EST 2018


The output of the AES-GCM encryption or decryption  is corrupted if the 
buffer crosses a page boundary.
The culprit appears to be omap_crypto_cleanup(), 
scatterwalk_map_and_copy should only be called in the 
Currently the copy is also done in the OMAP_CRYPTO_BAD_DATA_LENGTH, 
resulting in random kernel data in the user output buffer.

With the patch below, the operations are fine.

diff --git a/drivers/crypto/omap-crypto.c b/drivers/crypto/omap-crypto.c
index 2c42e4b..cde56ea 100644
--- a/drivers/crypto/omap-crypto.c
+++ b/drivers/crypto/omap-crypto.c
@@ -173,7 +173,7 @@ void omap_crypto_cleanup(struct scatterlist *sg, 
struct scatterlist *orig,
         buf = sg_virt(sg);
         pages = get_order(len);

-       if (orig && (flags & OMAP_CRYPTO_COPY_MASK))
+       if (orig && (flags & OMAP_CRYPTO_DATA_COPIED))
                 scatterwalk_map_and_copy(buf, orig, offset, len, 1);

         if (flags & OMAP_CRYPTO_DATA_COPIED)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Linux-crypto mailing list