[gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Mar 17 11:11:12 CET 2021
Stephan Mueller commented on a discussion on lib/accelerated/afalg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_531265170
> + }
> +
> + return 0;
> +}
> +
> +static int afalg_aead_decrypt(void *_ctx,
> + const void *nonce, size_t nonce_size,
> + const void *auth, size_t auth_size,
> + size_t tag_size,
> + const void *encr, size_t encr_size,
> + void *plain, size_t plain_size)
> +{
> + struct kcapi_aead_ctx *ctx = _ctx;
> + struct iovec iov[3];
> + uint32_t iovlen = 2;
> + uint8_t authtmp[auth_size];
Or a combo of stack and heap?
For example, we could use something like the following that I used in a kernel patch:
```
u8 tmpbuf[LRNG_DRNG_BLOCKSIZE] __aligned(LRNG_KCAPI_ALIGN);
u8 *tmp_large = NULL, *tmp = tmpbuf;
u32 tmplen = sizeof(tmpbuf);
/*
* Satisfy large read requests -- as the common case are smaller
* request sizes, such as 16 or 32 bytes, avoid a kmalloc overhead for
* those by using the stack variable of tmpbuf.
*/
if (!CONFIG_BASE_SMALL && (nbytes > sizeof(tmpbuf))) {
tmplen = min_t(u32, nbytes, LRNG_DRNG_MAX_REQSIZE);
tmp_large = kmalloc(tmplen + LRNG_KCAPI_ALIGN, GFP_KERNEL);
if (!tmp_large)
tmplen = sizeof(tmpbuf);
else
tmp = PTR_ALIGN(tmp_large, LRNG_KCAPI_ALIGN);
}
...
/* Wipe data just returned from memory */
if (tmp_large)
kfree_sensitive(tmp_large);
else
memzero_explicit(tmpbuf, sizeof(tmpbuf));
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_531265170
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210317/57eb9259/attachment-0001.html>
More information about the Gnutls-devel
mailing list