Am Donnerstag, 7. September 2017, 08:01:08 CEST schrieb Herbert Xu:
Hi Herbert,
> On Thu, Sep 07, 2017 at 07:48:53AM +0200, Stephan Müller wrote:
> > There is already such check:
> >
> > static inline int crypto_aead_decrypt(struct aead_request *req)
> > {
> >
> > struct crypto_aead *aead = crypto_aead_reqtfm(req);
> >
> > if (req->cryptlen < crypto_aead_authsize(aead))
> >
> > return -EINVAL;
> >
> > ...
>
> That doesn't check assoclen, does it?
Right, I mixed up the tag and the AAD, sorry for that.
>
> > > Perhaps we can simply
> > > truncate assoclen in aead_request_set_ad.
> >
> > I am not sure that would work because at the time we set the AAD len, we
> > may not yet have cryptlen. I.e. aead_request_set_ad may be called before
> > aead_request_set_crypt.
>
> We can add the truncation in both places.
I sill send a new patch -- shall I first send it excluding stable so that we
can review it before bothering the stable folks?
>
> Cheers,
Ciao
Stephan
