Hi Tadeusz, +static int crypto_encauth_dgst_verify(struct aead_request *req, + unsigned int flags) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + unsigned int authsize = crypto_aead_authsize(tfm); + struct aead_instance *inst = aead_alg_instance(tfm); + struct crypto_encauth_ctx *ctx = crypto_aead_ctx(tfm); + struct encauth_instance_ctx *ictx = aead_instance_ctx(inst); + struct crypto_ahash *auth = ctx->auth; + struct encauth_request_ctx *areq_ctx = aead_request_ctx(req); + struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff); + u8 *hash = areq_ctx->tail; + int i, err = 0, padd_err = 0; + u8 paddlen, *ihash; + u8 padd[255]; + + scatterwalk_map_and_copy(&paddlen, req->dst, req->assoclen + + req->cryptlen - 1, 1, 0); + + if (paddlen > 255 || paddlen > req->cryptlen) { + paddlen = 1; + padd_err = -EBADMSG; + } + + scatterwalk_map_and_copy(padd, req->dst, req->assoclen + + req->cryptlen - paddlen, paddlen, 0); + + for (i = 0; i < paddlen; i++) { + if (padd[i] != paddlen) + padd_err = -EBADMSG; + } This part seems to have the same issue my TLS patch has. See for reference what Andy Lutomirski had to say about it: http://www.mail-archive.com/linux-crypto%40vger.kernel.org/msg11719.html Cristian S. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html