Re: [PATCH] crypto: authenc - cryptlen must be at least AAD len

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 07, 2017 at 07:48:53AM +0200, Stephan Müller wrote:
>
> There is already such check:
> 
> static inline int crypto_aead_decrypt(struct aead_request *req)
> {
>         struct crypto_aead *aead = crypto_aead_reqtfm(req);
> 
>         if (req->cryptlen < crypto_aead_authsize(aead))
>                 return -EINVAL;
> ...

That doesn't check assoclen, does it?

> > Perhaps we can simply
> > truncate assoclen in aead_request_set_ad.
> 
> I am not sure that would work because at the time we set the AAD len, we may 
> not yet have cryptlen. I.e. aead_request_set_ad may be called before 
> aead_request_set_crypt.

We can add the truncation in both places.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux