Re: random: ensure use of aligned buffers with ChaCha20

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Donnerstag, 9. August 2018, 21:40:12 CEST schrieb Eric Biggers:

Hi Eric,

>  	while (bytes >= CHACHA20_BLOCK_SIZE) {
>  		chacha20_block(state, stream);
> -		crypto_xor(dst, (const u8 *)stream, CHACHA20_BLOCK_SIZE);
> +		crypto_xor(dst, stream, CHACHA20_BLOCK_SIZE);

If we are at it, I am wondering whether we should use crypto_xor. At this 
point we exactly know that the data is CHACHA20_BLOCK_SIZE bytes in length 
which is divisible by u32. Hence, shouldn't we disregard crypto_xor in favor 
of a loop iterating in 32 bits words? crypto_xor contains some checks for 
trailing bytes which we could spare.

>  		bytes -= CHACHA20_BLOCK_SIZE;
>  		dst += CHACHA20_BLOCK_SIZE;
>  	}
>  	if (bytes) {
>  		chacha20_block(state, stream);
> -		crypto_xor(dst, (const u8 *)stream, bytes);
> +		crypto_xor(dst, stream, bytes);

Same here.

> @@ -1006,14 +1006,14 @@ static void _crng_backtrack_protect(struct
> crng_state *crng, used = 0;
>  	}
>  	spin_lock_irqsave(&crng->lock, flags);
> -	s = &tmp[used / sizeof(__u32)];
> +	s = (__u32 *) &tmp[used];

As Yann said, wouldn't you have the alignment problem here again?

Somehow, somebody must check the provided input buffer at one time.


Ciao
Stephan





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux