From patchwork Mon Jan 5 11:21:45 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephan Mueller X-Patchwork-Id: 5566651 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Original-To: patchwork-linux-crypto@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 4DBAFBF6C3 for ; Mon, 5 Jan 2015 11:21:55 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 8635F2014A for ; Mon, 5 Jan 2015 11:21:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A606220145 for ; Mon, 5 Jan 2015 11:21:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753235AbbAELVv (ORCPT ); Mon, 5 Jan 2015 06:21:51 -0500 Received: from mail.eperm.de ([89.247.134.16]:59386 "EHLO mail.eperm.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753036AbbAELVv (ORCPT ); Mon, 5 Jan 2015 06:21:51 -0500 X-AuthUser: sm@eperm.de Received: from tachyon.chronox.de by mail.eperm.de with [XMail 1.27 ESMTP Server] id for from ; Mon, 5 Jan 2015 12:21:48 +0100 From: Stephan Mueller To: 'Herbert Xu' Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH v2] crypto: AEAD: add check for presence of auth tag Date: Mon, 05 Jan 2015 12:21:45 +0100 Message-ID: <2529951.NL2CVhi6xs@tachyon.chronox.de> User-Agent: KMail/4.14.3 (Linux/3.17.7-300.fc21.x86_64; KDE/4.14.3; x86_64; ; ) MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The AEAD decryption operation requires the authentication tag to be present as part of the cipher text buffer. The added check verifies that the caller provides a cipher text with at least the authentication tag. Signed-off-by: Stephan Mueller --- include/linux/crypto.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 9c8776d..9099834 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -1412,6 +1412,9 @@ static inline int crypto_aead_encrypt(struct aead_request *req) */ static inline int crypto_aead_decrypt(struct aead_request *req) { + if (req->cryptlen < crypto_aead_authsize(crypto_aead_reqtfm(req))) + return -EINVAL; + return crypto_aead_crt(crypto_aead_reqtfm(req))->decrypt(req); }