diff options
author | Eric Biggers <ebiggers@google.com> | 2020-03-04 14:44:03 -0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2020-03-12 23:00:13 +1100 |
commit | 6f3a06d959f4f38f2beb0a8f25b0e2d5c9792b18 (patch) | |
tree | 12718b69d0002a4afecea4d66387a304abc12fb7 /crypto/ofb.c | |
parent | d069b20403d7fe5585d38d2c04b2d429fc95f3e6 (diff) | |
download | linux-6f3a06d959f4f38f2beb0a8f25b0e2d5c9792b18.tar.gz linux-6f3a06d959f4f38f2beb0a8f25b0e2d5c9792b18.tar.bz2 linux-6f3a06d959f4f38f2beb0a8f25b0e2d5c9792b18.zip |
crypto: testmgr - use consistent IV copies for AEADs that need it
rfc4543 was missing from the list of algorithms that may treat the end
of the AAD buffer specially.
Also, with rfc4106, rfc4309, rfc4543, and rfc7539esp, the end of the AAD
buffer is actually supposed to contain a second copy of the IV, and
we've concluded that if the IV copies don't match the behavior is
implementation-defined. So, the fuzz tests can't easily test that case.
So, make the fuzz tests only use inputs where the two IV copies match.
Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
Fixes: 40153b10d91c ("crypto: testmgr - fuzz AEADs against their generic implementation")
Cc: Stephan Mueller <smueller@chronox.de>
Originally-from: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/ofb.c')
0 files changed, 0 insertions, 0 deletions