Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3288389pxu; Mon, 19 Oct 2020 08:31:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxiaR43yA4U5A4888HDajtSeKHNeZOOVoy6+64VSFqUPmUIThmitGp6qvyfGCHdE9+szj0g X-Received: by 2002:a05:6402:142a:: with SMTP id c10mr324471edx.261.1603121505423; Mon, 19 Oct 2020 08:31:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603121505; cv=none; d=google.com; s=arc-20160816; b=O1LjyZTQvqEBtRvJxjGmTVsPxqEAzxoXbdLfUrcA9pjWZPhxhALnRA9cHLdGRYLgxC vH1bborDLQUGhg1yms3ssWixooQ4C/S9aDavDra0+4NEP988SA13yrO3reVS9auCEZfr Iw/v03gZG2tq2MpJar8fkMZwTqG9WmbXwmb3ETvKxiHmZ1EnUJUYhRa6yiLO1XH8gr4j tS5PVTIPTW8xRoZ5Fa0PeqOaD1lEgb3SZvS84M8aaXu9FNIKuVH+IsiwhoWhjsqcTq1N 1LLfF+otUt3RMh+kdJxjjLfal0x/MIBO/aVl8DJ8DD02YyG7bo/pPUEiALSjT2opqi7X FBRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=7+X9u3rO6Y8sg8vHPYHcEW8Y6MyKG/RFyLn61r58hQ8=; b=t++JBwzXtKiiaVpEcHUEh48cCRAAC14+TbWwky/xPDUaixGuwfjsuPpR5YhK+cvznU IW1IQHqLZrSPUL5NQ98LBL2LtHjBJMNqc9auQoBJcXFnDM/Y32F3DiFVbd0IwXuB8Oxa xbj+fYG0PtAF7vH1ZZ/d9lgCuCHLPcQ40yVN7A11csEfu99YvoNNl/eiVguOatvcibSx I/OPiqX97Vdw+UxSeG0uXsx3m5Ua/JuakPAlt3fcrujiVcyOQn5uhEYRe9ford/d+Rzo ZALIUHqL6zDdriTw5eT89MqYZZ4x1Os9oMruZWZlD8WTRr9altnSfG0Kyja8orL310OU je/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dn7si233040ejc.264.2020.10.19.08.31.22; Mon, 19 Oct 2020 08:31:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730121AbgJSPaT (ORCPT + 99 others); Mon, 19 Oct 2020 11:30:19 -0400 Received: from mail-io1-f66.google.com ([209.85.166.66]:33508 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729075AbgJSPaT (ORCPT ); Mon, 19 Oct 2020 11:30:19 -0400 Received: by mail-io1-f66.google.com with SMTP id p15so127287ioh.0; Mon, 19 Oct 2020 08:30:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=7+X9u3rO6Y8sg8vHPYHcEW8Y6MyKG/RFyLn61r58hQ8=; b=NznpAyJ7+jiJt1QA/Zc/GYpUpF3VwY9CeccvfmHyH7Z2DpXEFZITq4Rf2cDOwq4pRx KstI8FzI11WV8sdi4kxKIdmy7pDNvAAb+FjzobdYmB1GKomCpiicthhK08Zjo/ubpIfo WqDR5cwKMSX8cq6kJwHxknFQIgkjBXMsou6Tluh255Nm6cPiZUuI46c6xr5ErV0s4nsf wHxre/k9o1y9wnEmtneDu6OeWjB8HPA5xJoUpenycTdC95/3BuPetLS+cpWUmcMQedmZ 1mlcEAMeqEPLqVJ3tGfRn7swYs4Ok7kNcDsA4aBREMbSDjoRFnFItnU3uqJRzUiA8afP 2WKg== X-Gm-Message-State: AOAM531nVvPNRXwSgl49fJd8E9qu7T8eARpEyCqSuIn8ql+xAYQsdji1 gw27YtDfBAjAHFaG7dZgK6e1GNgHBXWUog== X-Received: by 2002:a02:3093:: with SMTP id q141mr416117jaq.88.1603121418177; Mon, 19 Oct 2020 08:30:18 -0700 (PDT) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id m86sm20898ilb.44.2020.10.19.08.30.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Oct 2020 08:30:17 -0700 (PDT) From: Arvind Sankar To: Herbert Xu , "David S. Miller" , linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Subject: [PATCH 0/5] crypto: lib/sha256 - cleanup/optimization Date: Mon, 19 Oct 2020 11:30:11 -0400 Message-Id: <20201019153016.2698303-1-nivedita@alum.mit.edu> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Patch 1 -- Use memzero_explicit() instead of structure assignment/plain memset() to clear sensitive state. Patch 2 -- I am not sure about this one: currently the temporary variables used in the generic sha256 implementation are cleared, but the clearing is optimized away due to lack of compiler barriers. I don't think it's really necessary to clear them, but I'm not a cryptanalyst, so I would like comment on whether it's indeed safe not to, or we should instead add the required barriers to force clearing. The last three patches are optimizations for generic sha256. Arvind Sankar (5): crypto: Use memzero_explicit() for clearing state crypto: lib/sha256 - Don't clear temporary variables crypto: lib/sha256 - Clear W[] in sha256_update() instead of sha256_transform() crypto: lib/sha256 - Unroll SHA256 loop 8 times intead of 64 crypto: lib/sha256 - Unroll LOAD and BLEND loops include/crypto/sha1_base.h | 3 +- include/crypto/sha256_base.h | 3 +- include/crypto/sha512_base.h | 3 +- include/crypto/sm3_base.h | 3 +- lib/crypto/sha256.c | 202 ++++++++++------------------------- 5 files changed, 62 insertions(+), 152 deletions(-) -- 2.26.2