> On 14 Oct 2016, at 14:46, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote: > > >> >> Is the aad[] actually reused? I would assume it only affects the mac >> on encryption, and the verification on decryption but I don't think >> we actually need it back from the crypto routines. > > I don't think it's reused. > >> Exactly what you said above :-) My patch only touches CCM but as you >> said, >> >> """ >> 'Also there's B_0/J_0 for CCM/GCM, and the 'zero' thing that GMAC >> has. >> """ > > Ah, but we can/should do the same for the others, no? > Yes, but then we end up kmalloc/kfreeing chunks of 16 bytes, which is actually another problem. I still think we are not violating the api by putting aead_req on the stack (but herbert should confirm). The aad[] issue does violate the api, so it deserves a separate fix imo
