On Wed, May 27, 2015 at 12:10:03PM +0200, Stephan Mueller wrote: > > >- > >- if (ctx->enc) { > >- /* round up output buffer to multiple of block size */ > >- outlen = ((used + bs - 1) / bs * bs); > > Why wouldn't the round up for the output not be needed any more? If the caller > provides input data that is not multiple of block sizes and the output buffer > is also not multiple of block sizes, wouldn't an encrypt overstep boundaries? No the AEAD algorithm should fail them instead. We do the same thing in algif_skcipher where it's up to the underlying algorithm to fail requests that do not contain full blocks. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html