Re: small changes in aesxcbcmac.c

To: tech-kern%NetBSD.org@localhost
Subject: Re: small changes in aesxcbcmac.c
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Mon, 26 Sep 2016 19:20:25 +0100

Alexander Nasonov wrote:
> The first change shrinks aes_xcbc_mac_init by 183 bytes on amd64
> (from 562 to 379 bytes).
> The second change avoids a comparison with an address that may
> point beyond the end of a buffer.
> The third change is stylistic.
> Alex

If there are no objections I'll commit the code.

PS I noticed some excessive memory copying (often of fixed-size blocks).
Some of them may be needed to prevent side channel attacks by measuring
execution time of cache misses. Data of the stack is more likely to be
in cache but it's not bulletproof. If we rely on this at all, buffers on
the stack should have __cacheline_aligned attribute but I don't see any
in the code.

>  aes_xcbc_mac_result(u_int8_t *addr, void *vctx)
>  {
> -	u_char digest[AES_BLOCKSIZE];
> +	u_int8_t digest[AES_BLOCKSIZE];
>  	aesxcbc_ctx *ctx;
>  	int i;

This buffer isn't actually needed. The destination addr can be passed
directly to rijndaelEncrypt() calls inside the function. I didn't
change it because it is the only array in the function and removing it
would disable ssp.

Alex

Follow-Ups:
- Re: small changes in aesxcbcmac.c
  - From: Alexander Nasonov

References:
- small changes in aesxcbcmac.c
  - From: Alexander Nasonov

Prev by Date: Re: FUA and TCQ
Next by Date: Re: small changes in aesxcbcmac.c
Previous by Thread: Re: small changes in aesxcbcmac.c
Next by Thread: Re: small changes in aesxcbcmac.c
Indexes:

Home | Main Index | Thread Index | Old Index