On Tue, Sep 11, 2018 at 08:05:10PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
>
> In commit 9f480faec58c ("crypto: chacha20 - Fix keystream alignment for
> chacha20_block()"), I had missed that chacha20_block() can be called
> directly on the buffer passed to get_random_bytes(), which can have any
> alignment. So, while my commit didn't break anything, it didn't fully
> solve the alignment problems.
>
> Revert my solution and just update chacha20_block() to use
> put_unaligned_le32(), so the output buffer need not be aligned.
> This is simpler, and on many CPUs it's the same speed.
>
> But, I kept the 'tmp' buffers in extract_crng_user() and
> _get_random_bytes() 4-byte aligned, since that alignment is actually
> needed for _crng_backtrack_protect() too.
>
> Reported-by: Stephan Müller <smueller@xxxxxxxxxx>
> Cc: Theodore Ts'o <tytso@xxxxxxx>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---
> crypto/chacha20_generic.c | 7 ++++---
> drivers/char/random.c | 24 ++++++++++++------------
> include/crypto/chacha20.h | 3 +--
> lib/chacha20.c | 6 +++---
> 4 files changed, 20 insertions(+), 20 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
