Nikos Mavrogiannopoulos <[email protected]> writes: > That makes sense. I was trying to figure that out without putting a > conditional into encrypt.
I don't think a conditional on entry to chacha_poly1305_encrypt is a big deal (for high performance, one ought to pass several blocks per call anyway). And you can most likely take out the current check "if (!ctx->data_size)", so it shouldn't really add a conditional. About alignment, after a quick look, I think chacha_poly1305_*crypt can call _poly1305_block directly, by-passing the buffering logic in poly1305_update / MD_UPDATE. Except that I'm not sure how to handle a final, partial, block. The poly1305 buffer is then needed only for chacha_poly1305_update, assuming we're going to stick to the convention that _update functions don't impose any block size on the caller. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
