Re: [PATCH 1/2] crypto: skcipher - noop for enc/dec with NULL data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Oct 07, 2017 at 04:49:10AM +0200, Stephan Müller wrote:
> Am Samstag, 7. Oktober 2017, 04:46:35 CEST schrieb Herbert Xu:
> 
> Hi Herbert,
> 
> > Hmm this just papers over bugs in the underlying code.  Which
> > algorithm is causing the crash with a zero input? They're supposed
> > to handle this case.
> 
> The bug happens with authenc. It is surely possible to modify authenc. Yet I 
> thought that covering such issue at a central spot at least prevents similar 
> buts to be exploitable from userspace.

No I'm talking about the underlysing skcipher.  authenc is an
aead, and it is legal to make a zero skcipher call.  The underlying
skcipher should make sure that it works.

So which underlying skcipher is barfing over a zero input?

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux