Re: [PATCH 1/2] crypto: add support for TLS 1.0 record encryption

Hi Andy, On 01.08.2014 17:44, Andy Lutomirski wrote: > If I understand it correctly, the issue is that cryptlen depends on > the padding. I added some notes inline above. See here, too: > > https://www.imperialviolet.org/2013/02/04/luckythirteen.html Thanks for review. We'll address this issue

Re: [PATCH 1/2] crypto: add support for TLS 1.0 record encryption

On Fri, Aug 1, 2014 at 2:06 AM, Cristian Stoica wrote: > Hi Andy > > On 31.07.2014 23:01, Andy Lutomirski wrote: >> On 07/29/2014 02:32 AM, Cristian Stoica wrote: > ... >>> +static int crypto_tls_decrypt(struct aead_request *req) >>> +{ >>> +/* >>> + * Step 2 - Verify padding >>> + *

Re: [PATCH 1/2] crypto: add support for TLS 1.0 record encryption

Hi Andy On 31.07.2014 23:01, Andy Lutomirski wrote: > On 07/29/2014 02:32 AM, Cristian Stoica wrote: ... >> + * crypto_tls_genicv - Calculate hmac digest for a TLS record >> + * @hash: (output) buffer to save the digest into >> + * @src:(input) scatterlist with the payload data >> + * @srcle

Re: [PATCH 1/2] crypto: add support for TLS 1.0 record encryption

On 07/29/2014 02:32 AM, Cristian Stoica wrote: > This patch adds kernel support for encryption/decryption of TLS 1.0 > records using block ciphers. Implementation is similar to authenc in > the sense that the base algorithms (AES, SHA1) are combined in a > template to produce TLS encapsulation fram