Hi Tadeusz,
+static int crypto_encauth_dgst_verify(struct aead_request *req,
+ unsigned int flags)
+{
+ struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+ unsigned int authsize = crypto_aead_authsize(tfm);
+ struct aead_instance *inst = aead_alg_instance(tfm);
+ struct crypto_encauth_ctx *ctx = crypto_aead_ctx(tfm);
+ struct encauth_instance_ctx *ictx = aead_instance_ctx(inst);
+ struct crypto_ahash *auth = ctx->auth;
+ struct encauth_request_ctx *areq_ctx = aead_request_ctx(req);
+ struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
+ u8 *hash = areq_ctx->tail;
+ int i, err = 0, padd_err = 0;
+ u8 paddlen, *ihash;
+ u8 padd[255];
+
+ scatterwalk_map_and_copy(&paddlen, req->dst, req->assoclen +
+ req->cryptlen - 1, 1, 0);
+
+ if (paddlen > 255 || paddlen > req->cryptlen) {
+ paddlen = 1;
+ padd_err = -EBADMSG;
+ }
+
+ scatterwalk_map_and_copy(padd, req->dst, req->assoclen +
+ req->cryptlen - paddlen, paddlen, 0);
+
+ for (i = 0; i < paddlen; i++) {
+ if (padd[i] != paddlen)
+ padd_err = -EBADMSG;
+ }
This part seems to have the same issue my TLS patch has.
See for reference what Andy Lutomirski had to say about it:
http://www.mail-archive.com/linux-crypto%40vger.kernel.org/msg11719.html
Cristian S.
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
