[gnutls-devel] GnuTLS | Add Linux kernel AF_ALG backend (!1404)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Thu Apr 15 11:43:18 CEST 2021
Stephan Mueller commented on a discussion on lib/accelerated/afalg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_552438883
> goto end;
> }
>
> - /* The kernel may set the AAD, avoid modification of auth */
> - iov[0].iov_base = authtmp;
> -
> /* Set CT buffer to be filled by kernel */
> - iov[1].iov_base = encr;
> - iov[1].iov_len = plain_size + tag_size;
> + iov[0].iov_base = encr;
> + iov[0].iov_len = (encr_size > outbuflen) ? outbuflen : encr_size;
>
> - if (kcapi_aead_stream_op(ctx->handle, iov, 2) < 0) {
> + if (kcapi_aead_stream_op(ctx->handle, iov, 1) < 0) {
Apologies if I am not using gitlab right :-)
But, I see that there is one IOVEC with the encryption buffer used for the _op operation. If I see that right, the encr buffer should be as large to hold the ciphertext || tag data. What I am trying to say is that the kernel, however returns the AAD first, followed by the ciphertext || tag. So, If I would understand it right, the encr buffer is filled with AAD concatenated with parts of the CT and potentially the tag depending on the size of the AAD.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_552438883
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210415/89aeb1af/attachment.html>
More information about the Gnutls-devel
mailing list