Further changes to effect fix for rounding error in qat_ciphers.c.

Change-Id: I5be17ec83237089b1aa5b876524184b225a4facc Signed-off-by: Steve Linsell <stevenx.linsell@intel.com>
intel · Apr 3, 2017 · 86bcf02 · 86bcf02
1 parent 4e4ad2c
commit 86bcf02
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/qat_ciphers.c b/qat_ciphers.c
@@ -1152,8 +1152,18 @@ int qat_chained_ciphers_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
              * padding which is later discarded when the result is copied out.
              * Note: AES_BLOCK_SIZE must be a power of 2 for this algorithm to
              * work correctly.
+             * If the digest len (dlen) is a multiple of AES_BLOCK_SIZE, then
+             * discardlen could theoretically be equal to 'dlen'.  However
+             * 1 byte is still needed for the required pad_len field which would
+             * not be available in this case.  Therefore we add an additional AES_BLOCK_SIZE to
+             * ensure that even for the case of (dlen % AES_BLOCK_SIZE == 0) there
+             * is room for the pad_len field byte - in this specific case the pad space
+             * field would comprise the remaining 15 bytes and the pad_len byte field
+             * would be equal to 15.
+             * The '& ~(AES_BLOCK_SIZE - 1)' element of the algorithm serves to round down
+             * 'discardlen' to the nearest AES_BLOCK_SIZE multiple.
              */
-            discardlen = ((len + dlen + AES_BLOCK_SIZE - 1) & ~(AES_BLOCK_SIZE - 1))
+            discardlen = ((len + dlen + AES_BLOCK_SIZE) & ~(AES_BLOCK_SIZE - 1))
                 - len;
             /* Pump-up the len by this amount */
             len += discardlen;