lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 08 Feb 2017 08:46:48 +0100 From: Johannes Berg <johannes@...solutions.net> To: Ard Biesheuvel <ard.biesheuvel@...aro.org> Cc: "<linux-wireless@...r.kernel.org>" <linux-wireless@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>, "<netdev@...r.kernel.org>" <netdev@...r.kernel.org>, Jouni Malinen <jouni@....qualcomm.com> Subject: Re: [PATCH v3 1/2] mac80211: fils_aead: Use crypto api CMAC shash rather than bare cipher On Wed, 2017-02-08 at 07:45 +0000, Ard Biesheuvel wrote: > On 8 February 2017 at 07:00, Johannes Berg <johannes@...solutions.net > > wrote: > > This looks strange to me: > > > > > +static int aes_s2v(struct crypto_shash *tfm, > > > size_t num_elem, const u8 *addr[], size_t len[], > > > u8 *v) > > > { > > > - u8 d[AES_BLOCK_SIZE], tmp[AES_BLOCK_SIZE]; > > > + u8 d[AES_BLOCK_SIZE], tmp[AES_BLOCK_SIZE] = {}; > > > + SHASH_DESC_ON_STACK(desc, tfm); > > > > desc declared > > > > > > > > + crypto_shash_digest(desc, tmp, AES_BLOCK_SIZE, d); > > > > used here > > > > Each digest() call combines a init()/update()/final() sequence > > > > + crypto_shash_init(desc); > > > > but initialized now? > > > > ... for the 6th time, or so. The final vector may require two > update()s, so we cannot use digest() here. But we can use finup() for > the last one, which combines update() and final(). > > Hence, > > init()/finup() > > or > > init()/update()/finup() > > depending on the length of the last vector. Great, thanks for the explanation :) johannes
Powered by blists - more mailing lists