On Tue, Nov 08, 2016 at 08:52:39AM +0100, Martin Willi wrote: > > > Not sure what the exact alignment rules for key/iv are, but maybe we > want to replace the same function in chacha20_generic.c as well? > > Martin chacha20-generic provides a blkcipher API and sets an alignmask of sizeof(u32) - 1. This applies to the key buffer for ->setkey() and to the mapped addresses for the input/output buffers and IV during the blkcipher walk. So it does not appear to have the problems that poly1305 has. I do however see one small problem which is that 'u8 stream[CHACHA20_BLOCK_SIZE];' is, strictly speaking, not guaranteed to be aligned to u32. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html