tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: small changes in aesxcbcmac.c



Alexander Nasonov wrote:
> The first change shrinks aes_xcbc_mac_init by 183 bytes on amd64
> (from 562 to 379 bytes).
> The second change avoids a comparison with an address that may
> point beyond the end of a buffer.
> The third change is stylistic.
> Alex

If there are no objections I'll commit the code.

PS I noticed some excessive memory copying (often of fixed-size blocks).
Some of them may be needed to prevent side channel attacks by measuring
execution time of cache misses. Data of the stack is more likely to be
in cache but it's not bulletproof. If we rely on this at all, buffers on
the stack should have __cacheline_aligned attribute but I don't see any
in the code.

>  aes_xcbc_mac_result(u_int8_t *addr, void *vctx)
>  {
> -	u_char digest[AES_BLOCKSIZE];
> +	u_int8_t digest[AES_BLOCKSIZE];
>  	aesxcbc_ctx *ctx;
>  	int i;

This buffer isn't actually needed. The destination addr can be passed
directly to rijndaelEncrypt() calls inside the function. I didn't
change it because it is the only array in the function and removing it
would disable ssp.

Alex



Home | Main Index | Thread Index | Old Index