| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Jan 2015 21:19:01 +1100 From: Herbert Xu <herbert@...dor.apana.org.au> To: Stephan Mueller <smueller@...onox.de> Cc: 'LKML' <linux-kernel@...r.kernel.org>, linux-crypto@...r.kernel.org Subject: Re: [PATCH] crypto: AEAD: add check for presence of auth tag On Tue, Dec 30, 2014 at 10:16:03PM +0100, Stephan Mueller wrote: > The AEAD decryption operation requires the authentication tag to be > present as part of the cipher text buffer. The added check verifies that > the caller provides a cipher text buffer with at least the > authentication tag. > > As the cipher text is provided as a scatterlist, loop through the > scatterlist until we know we have sufficient cipher text bytes to invoke > the AEAD decryption operation. There is no need to vet the scatterlist. For kernel users it's up to them to ensure that the length is valid with respect to the sg list. For the user-space interface obviously you should ensure that a valid length is supplied. Cheers, -- Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists