yamt commented on code in PR #13173:
URL: https://github.com/apache/nuttx/pull/13173#discussion_r2230259211
##########
include/crypto/cryptodev.h:
##########
@@ -215,6 +220,7 @@ struct cryptop
caddr_t crp_mac;
caddr_t crp_dst;
caddr_t crp_iv;
+ caddr_t crp_aad;
Review Comment:
who sets this new field?
##########
include/crypto/cryptodev.h:
##########
@@ -329,12 +335,19 @@ struct crypt_op
* be used, and the subsequent iv will be
saved
* in the driver.
*/
+#define COP_FLAG_UPDATE_AAD (1 << 1)
+/* Indicates that this operation processes aad
+ * (Additional Authenticated Data), which is only used
+ * in the authentication algorithm.
+ */
Review Comment:
who sets this? i couldn't find any code using this flag.
##########
crypto/cryptosoft.c:
##########
@@ -388,38 +391,41 @@ int swcr_authenc(FAR struct cryptop *crp)
/* Supply MAC with AAD */
- aadlen = crda->crd_len;
- /* Section 5 of RFC 4106 specifies that AAD construction consists of
- * {SPI, ESN, SN} whereas the real packet contains only {SPI, SN}.
- * Unfortunately it doesn't follow a good example set in the Section
- * 3.3.2.1 of RFC 4303 where upper part of the ESN, located in the
- * external (to the packet) memory buffer, is processed by the hash
- * function in the end thus allowing to retain simple programming
- * interfaces and avoid kludges like the one below.
- */
-
- if (crda->crd_flags & CRD_F_ESN)
+ if (aad)
Review Comment:
it seems this change introduced the following warning, which seems plausible
to me.
can you check?
```
cryptosoft.c:484:36: error: 'aadlen' may be used uninitialized
[-Werror=maybe-uninitialized]
484 | *blkp = htobe32(aadlen * 8);
| ^
cryptosoft.c:298:7: note: 'aadlen' was declared here
298 | int aadlen;
| ^~~~~~
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
