On Tue, Sep 11, 2018 at 08:05:10PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > In commit 9f480faec58c ("crypto: chacha20 - Fix keystream alignment for > chacha20_block()"), I had missed that chacha20_block() can be called > directly on the buffer passed to get_random_bytes(), which can have any > alignment. So, while my commit didn't break anything, it didn't fully > solve the alignment problems. > > Revert my solution and just update chacha20_block() to use > put_unaligned_le32(), so the output buffer need not be aligned. > This is simpler, and on many CPUs it's the same speed. > > But, I kept the 'tmp' buffers in extract_crng_user() and > _get_random_bytes() 4-byte aligned, since that alignment is actually > needed for _crng_backtrack_protect() too. > > Reported-by: Stephan Müller <smueller@xxxxxxxxxx> > Cc: Theodore Ts'o <tytso@xxxxxxx> > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > --- > crypto/chacha20_generic.c | 7 ++++--- > drivers/char/random.c | 24 ++++++++++++------------ > include/crypto/chacha20.h | 3 +-- > lib/chacha20.c | 6 +++--- > 4 files changed, 20 insertions(+), 20 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt