Assaf Gordon wrote on 2018-04-25:
> On more general note, while the Crypto API is available since version 2.6.38,
> There are still some issues popping here and there.
> for example:
> https://security-tracker.debian.org/tracker/CVE-2016-8646
> https://bugzilla.redhat.com/show_bug.cgi?id=1395896
>
> Another example, the libkcapi [1] library (referenced from the kernel crypto
> api documentation)
> contains a work-around for a bug in kernels pre-4.9 [2].
> I don't know if this is relevant for your implementation or not,
> but if it is, it's worth checking for this and other issues.
> [1] http://www.chronox.de/libkcapi.html
> [2]
> https://github.com/smuellerDD/libkcapi/commit/b8d5941addb15fe5a716eef24060fbd306c06ec9
To me, it looks like all these bugs occur in the same case: namely,
when zero-sized input is given. That is, precisely the bug that my unit
tests found.
2018-05-05 Bruno Haible <br...@clisp.org>
af_alg: Improve comments.
* lib/af_alg.c (afalg_stream): Improve comment about kernel bug.
diff --git a/lib/af_alg.c b/lib/af_alg.c
index dc3ac6a..3b35e01 100644
--- a/lib/af_alg.c
+++ b/lib/af_alg.c
@@ -96,8 +96,8 @@ afalg_stream (FILE *stream, const char *alg, void *resblock,
ssize_t hashlen)
ret = -EIO;
goto out_ofd;
}
- /* On Linux 4.4.0 at least, the value for an empty stream is wrong
- (all zeroes). */
+ /* On Linux < 4.9, the value for an empty stream is wrong (all zeroes).
+ See <https://patchwork.kernel.org/patch/9434741/>. */
if (!non_empty)
{
ret = -EAFNOSUPPORT;
