mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:30:49 +02:00
Merge pull request #10143 from dgarske/qat_aes_gcm
Improve QAT AES GCM tag checking
This commit is contained in:
@@ -2214,9 +2214,7 @@ static void IntelQaSymCipherCallback(void *pCallbackTag, CpaStatus status,
|
||||
int ret = ASYNC_OP_E;
|
||||
|
||||
(void)opData;
|
||||
(void)verifyResult;
|
||||
(void)pDstBuffer;
|
||||
(void)operationType;
|
||||
|
||||
#ifdef QAT_DEBUG
|
||||
printf("IntelQaSymCipherCallback: dev %p, type %d, status %d, "
|
||||
@@ -2270,6 +2268,18 @@ static void IntelQaSymCipherCallback(void *pCallbackTag, CpaStatus status,
|
||||
|
||||
/* mark event result */
|
||||
ret = 0; /* success */
|
||||
|
||||
/* check verify result for authenticated ciphers (AES-GCM).
|
||||
* Note: ALGORITHM_CHAINING is only used by AES-GCM in this
|
||||
* code path. For encrypt verifyResult will be CPA_TRUE. */
|
||||
if (operationType == CPA_CY_SYM_OP_ALGORITHM_CHAINING &&
|
||||
verifyResult == CPA_FALSE) {
|
||||
/* wipe output - do not return unauthenticated plaintext */
|
||||
if (dev->qat.out) {
|
||||
ForceZero(dev->qat.out, dev->qat.outLen);
|
||||
}
|
||||
ret = AES_GCM_AUTH_E;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2399,6 +2409,9 @@ static int IntelQaSymCipher(WC_ASYNC_DEV* dev, byte* out, const byte* in,
|
||||
setup.hashSetupData.authModeSetupData.aadLenInBytes = authInSz;
|
||||
|
||||
setup.digestIsAppended = CPA_TRUE;
|
||||
if (cipherDirection == CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT) {
|
||||
setup.verifyDigest = CPA_TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
/* open session */
|
||||
|
||||
Reference in New Issue
Block a user