git.baikalelectronics.ru Git - kernel.git/commit

author	Eric Biggers <ebiggers@google.com>
	Sun, 31 Mar 2019 20:04:20 +0000 (13:04 -0700)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Mon, 8 Apr 2019 06:42:55 +0000 (14:42 +0800)
commit	17e7f4192e4e23ecfe3e3743583685bba28655b9
tree	9568d0b3776f19b7619fb369cd4551bfb2f60fa8	tree \| snapshot
parent	17b4dce6e5c8408ed9e06f29d986dc336b2ea1db	commit \| diff

crypto: cts - don't support empty messages

My patches to make testmgr fuzz algorithms against their generic
implementation detected that the arm64 implementations of
"cts(cbc(aes))" handle empty messages differently from the cts template.
Namely, the arm64 implementations forbids (with -EINVAL) all messages
shorter than the block size, including the empty message; but the cts
template permits empty messages as a special case.

No user should be CTS-encrypting/decrypting empty messages, but we need
to keep the behavior consistent.  Unfortunately, as noted in the source
of OpenSSL's CTS implementation [1], there's no common specification for
CTS.  This makes it somewhat debatable what the behavior should be.

However, all CTS specifications seem to agree that messages shorter than
the block size are not allowed, and OpenSSL follows this in both CTS
conventions it implements.  It would also simplify the user-visible
semantics to have empty messages no longer be a special case.

Therefore, make the cts template return -EINVAL on *all* messages
shorter than the block size, including the empty message.

[1] https://github.com/openssl/openssl/blob/master/crypto/modes/cts128.c

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>