LinuxLists.cc - [PATCH 1/2]: salsa20_i586: Corrected order of source and destination buffers.

2007-12-08 15:31:32

Subject: [PATCH 1/2]: salsa20_i586: Corrected order of source and destination buffers.

The current salsa20_32.c called the salsa20_encrypt_bytes() function
with the source and destination buffers in the wrong order. This patch
corrects it.

Signed-off-by: Tan Swee Heng <[email protected]>

Some thoughts:
I detected this when testing against the large test vector. For small
test vectors, the blkcipher_walk code uses source and destination
buffers that are equal. Only near the page boundary, does
blkcipher_walk uses different buffers. (At least this is true on my
system from what I've observed.) Since many of the tcrypt test vectors
are small, therefore src == dst frequently when blkcipher_walk-ing. It
seems to imply that most of the *_segment() code in the block cipher
modes are seldom tested. Perhaps this is something that a new tcrypt
framework should address.

Attachments:

(No filename) (792.00 B)
patch1-salsa20_i586_src_dst.txt (1.06 kB)
Download all attachments

2007-12-10 07:53:58

by Herbert Xu

[permalink] [raw]

Subject: Re: [PATCH 1/2]: salsa20_i586: Corrected order of source and destination buffers.

On Sat, Dec 08, 2007 at 11:31:30PM +0800, Tan Swee Heng wrote:
> The current salsa20_32.c called the salsa20_encrypt_bytes() function
> with the source and destination buffers in the wrong order. This patch
> corrects it.
>
> Signed-off-by: Tan Swee Heng <[email protected]>

Both patches applied. Note that I've combined them with the
original patch to form a single commit.

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2007-12-10 08:09:41

by Herbert Xu

[permalink] [raw]

Subject: Re: [PATCH 1/2]: salsa20_i586: Corrected order of source and destination buffers.

On Sat, Dec 08, 2007 at 11:31:30PM +0800, Tan Swee Heng wrote:
>
> Some thoughts:
> I detected this when testing against the large test vector. For small
> test vectors, the blkcipher_walk code uses source and destination
> buffers that are equal. Only near the page boundary, does
> blkcipher_walk uses different buffers. (At least this is true on my
> system from what I've observed.) Since many of the tcrypt test vectors
> are small, therefore src == dst frequently when blkcipher_walk-ing. It
> seems to imply that most of the *_segment() code in the block cipher
> modes are seldom tested. Perhaps this is something that a new tcrypt
> framework should address.

We could change tcrypt to run every test twice, once as in-place
and once as not-in-place.

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt