On Wed, 2017-02-08 at 07:45 +, Ard Biesheuvel wrote:
> On 8 February 2017 at 07:00, Johannes Berg > wrote:
> > This looks strange to me:
> >
> > > +static int aes_s2v(struct crypto_shash *tfm,
> > > size_t num_elem, const u8 *addr[], size_t len[],
> > > u8 *v)
> > > {
> > >
On 8 February 2017 at 07:00, Johannes Berg wrote:
> This looks strange to me:
>
>> +static int aes_s2v(struct crypto_shash *tfm,
>> size_t num_elem, const u8 *addr[], size_t len[],
>> u8 *v)
>> {
>> - u8 d[AES_BLOCK_SIZE], tmp[AES_BLOCK_SIZE];
>> + u8 d[AES_BLOCK_SIZE], t
This looks strange to me:
> +static int aes_s2v(struct crypto_shash *tfm,
> size_t num_elem, const u8 *addr[], size_t len[],
> u8 *v)
> {
> - u8 d[AES_BLOCK_SIZE], tmp[AES_BLOCK_SIZE];
> + u8 d[AES_BLOCK_SIZE], tmp[AES_BLOCK_SIZE] = {};
> + SHASH_DESC_ON_STACK(desc, t
Switch the FILS AEAD code to use a cmac(aes) shash instantiated by the
crypto API rather than reusing the open coded implementation in
aes_cmac_vector(). This makes the code more understandable, and allows
platforms to implement cmac(aes) in a more secure (*) and efficient way
than is typically pos