From 4cff6a012521d143dbfd8fe6970c6d4b6d3566e6 Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Tue, 4 Dec 2007 20:04:21 +1100
Subject: [PATCH] --- yaml --- r: 75941 b: refs/heads/master c:
 481f34ae752ac74c4cbd88a9954dd4ed10e84f81 h: refs/heads/master i:   75939:
 ba249f067a1153d7be0c1eabbe3bd58f6cdc7c6d v: v3

---
 [refs]                 |  2 +-
 trunk/crypto/authenc.c | 14 ++++++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/[refs] b/[refs]
index 9ef3ca0b0518..f8e491c494cb 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: e236d4a89a2ffbc8aa18064161f4f159c4d89b4a
+refs/heads/master: 481f34ae752ac74c4cbd88a9954dd4ed10e84f81
diff --git a/trunk/crypto/authenc.c b/trunk/crypto/authenc.c
index a61dea1c2fe6..82e03ffa6245 100644
--- a/trunk/crypto/authenc.c
+++ b/trunk/crypto/authenc.c
@@ -158,7 +158,8 @@ static int crypto_authenc_encrypt(struct aead_request *req)
 	return crypto_authenc_hash(req);
 }
 
-static int crypto_authenc_verify(struct aead_request *req)
+static int crypto_authenc_verify(struct aead_request *req,
+				 unsigned int cryptlen)
 {
 	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
 	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
@@ -170,7 +171,6 @@ static int crypto_authenc_verify(struct aead_request *req)
 	u8 *ohash = aead_request_ctx(req);
 	u8 *ihash;
 	struct scatterlist *src = req->src;
-	unsigned int cryptlen = req->cryptlen;
 	unsigned int authsize;
 	int err;
 
@@ -214,16 +214,22 @@ static int crypto_authenc_decrypt(struct aead_request *req)
 	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
 	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
 	struct ablkcipher_request *abreq = aead_request_ctx(req);
+	unsigned int cryptlen = req->cryptlen;
+	unsigned int authsize = crypto_aead_authsize(authenc);
 	int err;
 
-	err = crypto_authenc_verify(req);
+	if (cryptlen < authsize)
+		return -EINVAL;
+	cryptlen -= authsize;
+
+	err = crypto_authenc_verify(req, cryptlen);
 	if (err)
 		return err;
 
 	ablkcipher_request_set_tfm(abreq, ctx->enc);
 	ablkcipher_request_set_callback(abreq, aead_request_flags(req),
 					crypto_authenc_decrypt_done, req);
-	ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen,
+	ablkcipher_request_set_crypt(abreq, req->src, req->dst, cryptlen,
 				     req->iv);
 
 	return crypto_ablkcipher_decrypt(abreq);