• Eric Biggers's avatar
    crypto: chacha20 - Fix chacha20_block() keystream alignment (again) · a5e9f557
    Eric Biggers authored
    In commit 9f480fae ("crypto: chacha20 - Fix keystream alignment for
    chacha20_block()"), I had missed that chacha20_block() can be called
    directly on the buffer passed to get_random_bytes(), which can have any
    alignment.  So, while my commit didn't break anything, it didn't fully
    solve the alignment problems.
    Revert my solution and just update chacha20_block() to use
    put_unaligned_le32(), so the output buffer need not be aligned.
    This is simpler, and on many CPUs it's the same speed.
    But, I kept the 'tmp' buffers in extract_crng_user() and
    _get_random_bytes() 4-byte aligned, since that alignment is actually
    needed for _crng_backtrack_protect() too.
    Reported-by: Stephan Mueller's avatarStephan Müller <smueller@chronox.de>
    Cc: Theodore Ts'o <tytso@mit.edu>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
chacha20_generic.c 3.58 KB