On 14 October 2016 at 14:15, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote: > On Fri, 2016-10-14 at 14:13 +0100, Ard Biesheuvel wrote: >> >> > But if we allocate things anyway, is it worth expending per-CPU >> > buffers on these? >> >> Ehmm, maybe not. I could spin a v2 that allocates a bigger buffer, >> and copies aad[] into it as well > > Copies in/out, I guess. Also there's B_0/J_0 for CCM/GCM, and the > 'zero' thing that GMAC has. > Is the aad[] actually reused? I would assume it only affects the mac on encryption, and the verification on decryption but I don't think we actually need it back from the crypto routines. >> That does not help the other algos though > > What do you mean? > Exactly what you said above :-) My patch only touches CCM but as you said, """ 'Also there's B_0/J_0 for CCM/GCM, and the 'zero' thing that GMAC has. """
