Am Donnerstag, 7. September 2017, 05:54:05 CEST schrieb Herbert Xu:
Hi Herbert,
> >
> > What is your opinion: should this check be rather added to
> > crypto_aead_encrypt (similar to a sanity check found in
> > crypto_aead_decrypt)?
>
> Doesn't this apply to decryption as well?
There is already such check:
static inline int crypto_aead_decrypt(struct aead_request *req)
{
struct crypto_aead *aead = crypto_aead_reqtfm(req);
if (req->cryptlen < crypto_aead_authsize(aead))
return -EINVAL;
...
> Perhaps we can simply
> truncate assoclen in aead_request_set_ad.
I am not sure that would work because at the time we set the AAD len, we may
not yet have cryptlen. I.e. aead_request_set_ad may be called before
aead_request_set_crypt.
Ciao
Stephan