• Eric Biggers's avatar
    crypto: chacha20 - Fix chacha20_block() keystream alignment (again) · a5e9f557
    Eric Biggers authored
    In commit 9f480fae ("crypto: chacha20 - Fix keystream alignment for
    chacha20_block()"), I had missed that chacha20_block() can be called
    directly on the buffer passed to get_random_bytes(), which can have any
    alignment.  So, while my commit didn't break anything, it didn't fully
    solve the alignment problems.
    
    Revert my solution and just update chacha20_block() to use
    put_unaligned_le32(), so the output buffer need not be aligned.
    This is simpler, and on many CPUs it's the same speed.
    
    But, I kept the 'tmp' buffers in extract_crng_user() and
    _get_random_bytes() 4-byte aligned, since that alignment is actually
    needed for _crng_backtrack_protect() too.
    Reported-by: default avatarStephan Müller <smueller@chronox.de>
    Cc: Theodore Ts'o <tytso@mit.edu>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    a5e9f557
random.c 67.7 KB