[gnutls-devel] GnuTLS | Add Linux kernel AF_ALG backend (!1404)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Apr 14 09:47:14 CEST 2021
Stephan Mueller commented on a discussion on lib/accelerated/afalg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_551241704
> - iov[1].iov_base = plain;
> - iov[1].iov_len = plain_size;
> + iov[0].iov_base = (void *)plain;
> + iov[0].iov_len = (plain_size > outbuflen) ? outbuflen : plain_size;
>
> - /* Older kernels require tag space for output. */
> - if ((auth_size + plain_size) <
> - kcapi_aead_outbuflen_dec(ctx->handle, plain_size, auth_size,
> - tag_size)) {
> - iov[2].iov_base = tagtmp;
> - iov[2].iov_len = tag_size;
> - iovlen = 3;
> - }
> -
> - if (kcapi_aead_stream_op(ctx->handle, iov, iovlen) < 0){
> + if (kcapi_aead_stream_op(ctx->handle, iov, 1) < 0){
Well, as we are in decryption, the tag truly is of no concern for the output. Yes, it can be ignored. But the AAD buffer should still remain to be part of the IOVEC. I.e. iov[0] should point to the AAD buffer and iov[1] to the pt buffer.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_551241704
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210414/eb09d1f9/attachment-0001.html>
More information about the Gnutls-devel
mailing list