On Wed, Apr 18, 2018 at 07:35:33AM +0200, Steffen Klassert wrote: > > Yes sure, I just wanted to know if it is worth to think about > preventing template recursions. If there is a valid usecase, > then we don't even need to think in this direction. > > While I think each pcrypt instance should have it's own > padata instance on the long run, it would be good to have > a not so intrusive fix that can be backported to the stable > trees. Steffen, has there been any progress on this work? We need to fix this soon or we'll have to disable pcrypt because it is a security issue. It's not just about nested templates either. You can trigger the same issue where a pcrypt instance over an AEAD algorithm that uses a fallback which also happens to be pcrypt. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt