On Sat, Oct 07, 2017 at 04:49:10AM +0200, Stephan Müller wrote: > Am Samstag, 7. Oktober 2017, 04:46:35 CEST schrieb Herbert Xu: > > Hi Herbert, > > > Hmm this just papers over bugs in the underlying code. Which > > algorithm is causing the crash with a zero input? They're supposed > > to handle this case. > > The bug happens with authenc. It is surely possible to modify authenc. Yet I > thought that covering such issue at a central spot at least prevents similar > buts to be exploitable from userspace. No I'm talking about the underlysing skcipher. authenc is an aead, and it is legal to make a zero skcipher call. The underlying skcipher should make sure that it works. So which underlying skcipher is barfing over a zero input? Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt