Re: [PATCH v6 1/4] crypto: AF_ALG: add AEAD support

From: Herbert Xu
Date: Mon Dec 29 2014 - 12:33:55 EST


On Mon, Dec 29, 2014 at 04:05:40PM +0100, Stephan Mueller wrote:
>
> This would mean that the check must stay in recvmsg as only here we know that
> the caller wants data to be processed.

On the send side you would do the check when MSG_MORE is unset.
On the receive side you should stop waiting only when ctx->more
is false and the send-side check succeeded.

Perhaps rename ctx->more to ctx->done and then you can use it
to indicate to the receive side that we're ready and have valid
data for it. The receive side can then simply wait for ctx->done
to become true.

> > PS we should add a length check for missing/partial auth tags
> > to crypto_aead_decrypt. We can then remove such checks from
> > individual implementations.
>
> I agree in full here. Shall I create such a patch together with the AEAD
> AF_ALG interface, or can we merge the AEAD without that patch now and create a
> separate patch later?

We should at least add a check in crypto_aead_decrypt first so as
to guarantee nothing slips through.

Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/