On Mon, Jan 16, 2017 at 01:17:54PM +0200, Gilad Ben-Yossef wrote: > ah input processing uses the asynchronous hash crypto API which > supplies an error code as part of the operation completion but > the error code was being ignored. > > Treat a crypto API error indication as a verification failure. > > While a crypto API reported error would almost certainly result > in a memcpy of the digest failing anyway and thus the security > risk seems minor, performing a memory compare on what might be > uninitialized memory is wrong. > > Signed-off-by: Gilad Ben-Yossef <gi...@benyossef.com> > CC: Alexander Alemayhu <alexan...@alemayhu.com>
Both applied to ipsec-next, thanks a lot!
