diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-12-01 13:53:26 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-02-14 16:34:18 -0500 |
| commit | 2edaf502026e68c2e78463892885f7af95815a74 (patch) | |
| tree | e063d33674b78758d285aea3f9fcb3fff6aabeaa /crypto/cmac.c | |
| parent | f0a235bd332c3568b2b1b7d32c08a5dfc02c3b64 (diff) | |
| download | linux-crypto-2edaf502026e68c2e78463892885f7af95815a74.tar.gz linux-crypto-2edaf502026e68c2e78463892885f7af95815a74.zip | |
crypto: testmgr - don't try to decrypt uninitialized buffers
commit 169e10bff75b6fcfbc094124e853402ff1a0e249 upstream.
Currently if the comparison fuzz tests encounter an encryption error
when generating an skcipher or AEAD test vector, they will still test
the decryption side (passing it the uninitialized ciphertext buffer)
and expect it to fail with the same error.
This is sort of broken because it's not well-defined usage of the API to
pass an uninitialized buffer, and furthermore in the AEAD case it's
acceptable for the decryption error to be EBADMSG (meaning "inauthentic
input") even if the encryption error was something else like EINVAL.
Fix this for skcipher by explicitly initializing the ciphertext buffer
on error, and for AEAD by skipping the decryption test on error.
Reported-by: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
Fixes: 4ee79aa7c098 ("crypto: testmgr - fuzz skciphers against their generic implementation")
Fixes: 4b772af62cb3 ("crypto: testmgr - fuzz AEADs against their generic implementation")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'crypto/cmac.c')
0 files changed, 0 insertions, 0 deletions