On Wed, Feb 14, 2024 at 03:41:51PM -0800, Eric Biggers wrote: > On Wed, Dec 06, 2023 at 01:49:32PM +0800, Herbert Xu wrote: > > +static int chacha_stream_xor(const struct chacha_ctx *ctx, const u8 *src, > > + u8 *dst, unsigned nbytes, u8 *siv, u32 flags) > > In cryptography, siv normally stands for Synthetic Initialization Vector. I > *think* that here you're having it stand for "state and IV", or something like > that. Is there a better name for it? Maybe it should just be state? Thanks, I'll change this to ivst. > So the "siv" contains xchacha_iv || real_iv || state? That's 112 bytes, which > is more than the 80 that's allocated for it. Correct, it's 112 bytes. The caller is meant to allocate enough space for the IV and state: 32(ivsize) + 80(statesize). > Isn't the state the only thing that actually needs to be carried forward? Some algorithms (statesize == 0) will carry all their state in the IV, e.g., cbc. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt