> Apologies for going back and forth on this, but it appears there may > be another way to deal with this. > > First of all, we only need this handling for the authenticated data, Are you sure b_0/j_0 aren't needed? We pass those to aead_request_set_crypt(), and I wasn't sure what that really did internally, perhaps like the internal data. Testing with that on the stack does seem to work, in fact. Surely we need zero for GMAC though, since we also put that into the sg list. Thus for GMAC we definitely need 20+16 bytes, and since I round up to a cacheline (at least on SMP) it doesn't really matter that we could get 36 instead of the 48 I have now. > and only for CCM and GCM, not CMAC (which does not use scatterlists > at all, it simply calls the AES cipher directly) I didn't modify CMAC, I think, only GMAC, which also uses scatterlists. > So that leaves a fixed 20 bytes for GCM and fixed 32 bytes for CCM, and 36 for GMAC :) johannes
