From 86bcf029b40d888193f249e7e91a70bc85e7d7dc Mon Sep 17 00:00:00 2001 From: Paul Turner Date: Fri, 31 Mar 2017 12:30:37 +0100 Subject: [PATCH] Further changes to effect fix for rounding error in qat_ciphers.c. Change-Id: I5be17ec83237089b1aa5b876524184b225a4facc Signed-off-by: Steve Linsell --- qat_ciphers.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/qat_ciphers.c b/qat_ciphers.c index c352c696..2abfa893 100644 --- a/qat_ciphers.c +++ b/qat_ciphers.c @@ -1152,8 +1152,18 @@ int qat_chained_ciphers_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * padding which is later discarded when the result is copied out. * Note: AES_BLOCK_SIZE must be a power of 2 for this algorithm to * work correctly. + * If the digest len (dlen) is a multiple of AES_BLOCK_SIZE, then + * discardlen could theoretically be equal to 'dlen'. However + * 1 byte is still needed for the required pad_len field which would + * not be available in this case. Therefore we add an additional AES_BLOCK_SIZE to + * ensure that even for the case of (dlen % AES_BLOCK_SIZE == 0) there + * is room for the pad_len field byte - in this specific case the pad space + * field would comprise the remaining 15 bytes and the pad_len byte field + * would be equal to 15. + * The '& ~(AES_BLOCK_SIZE - 1)' element of the algorithm serves to round down + * 'discardlen' to the nearest AES_BLOCK_SIZE multiple. */ - discardlen = ((len + dlen + AES_BLOCK_SIZE - 1) & ~(AES_BLOCK_SIZE - 1)) + discardlen = ((len + dlen + AES_BLOCK_SIZE) & ~(AES_BLOCK_SIZE - 1)) - len; /* Pump-up the len by this amount */ len += discardlen;