| Message ID | 20201213202037.88310-3-bage@linutronix.de |
|---|---|
| State | Accepted |
| Headers | show |
| Series | pkcs11: Fix decryption for files larger than 16KiB | expand |
On 13.12.20 21:20, bage@linutronix.de wrote: > From: Bastian Germann <bage@linutronix.de> > > wc_AesCbcDecrypt does not update the initialization vector for subsequent > calls to it. So the decryption for each buffer but the first one results > in the first AES block being garbage. > > Call wc_AesSetIV with the last encrypted block after each wc_AesCbcDecrypt. > > Signed-off-by: Bastian Germann <bage@linutronix.de> > --- > corelib/swupdate_decrypt_pkcs11.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/corelib/swupdate_decrypt_pkcs11.c b/corelib/swupdate_decrypt_pkcs11.c > index a34003b..b527bee 100644 > --- a/corelib/swupdate_decrypt_pkcs11.c > +++ b/corelib/swupdate_decrypt_pkcs11.c > @@ -142,6 +142,8 @@ int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf, > // Remember the last decrypted block which might contain padding > memcpy(dgst->last_decr, &pad_buf[one_off_sz], AES_BLK_SIZE); > > + wc_AesSetIV(&dgst->ctxdec, &cryptbuf[one_off_sz]); > + > return 0; > } > > Acked-by: Stefano Babic <sbabic@denx.de> Best regards, Stefano Babic
diff --git a/corelib/swupdate_decrypt_pkcs11.c b/corelib/swupdate_decrypt_pkcs11.c index a34003b..b527bee 100644 --- a/corelib/swupdate_decrypt_pkcs11.c +++ b/corelib/swupdate_decrypt_pkcs11.c @@ -142,6 +142,8 @@ int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf, // Remember the last decrypted block which might contain padding memcpy(dgst->last_decr, &pad_buf[one_off_sz], AES_BLK_SIZE); + wc_AesSetIV(&dgst->ctxdec, &cryptbuf[one_off_sz]); + return 0; }