| Message ID | 2529951.NL2CVhi6xs@tachyon.chronox.de (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
On Mon, Jan 05, 2015 at 12:21:45PM +0100, Stephan Mueller wrote: > The AEAD decryption operation requires the authentication tag to be > present as part of the cipher text buffer. The added check verifies that > the caller provides a cipher text with at least the authentication tag. > > Signed-off-by: Stephan Mueller <smueller@chronox.de> Applied.
diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 9c8776d..9099834 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -1412,6 +1412,9 @@ static inline int crypto_aead_encrypt(struct aead_request *req) */ static inline int crypto_aead_decrypt(struct aead_request *req) { + if (req->cryptlen < crypto_aead_authsize(crypto_aead_reqtfm(req))) + return -EINVAL; + return crypto_aead_crt(crypto_aead_reqtfm(req))->decrypt(req); }
The AEAD decryption operation requires the authentication tag to be present as part of the cipher text buffer. The added check verifies that the caller provides a cipher text with at least the authentication tag. Signed-off-by: Stephan Mueller <smueller@chronox.de> --- include/linux/crypto.h | 3 +++ 1 file changed, 3 insertions(+)