Re: svn commit: r317277 - head/sys/crypto/chacha20

2017-04-21 Thread Colin Percival 
On 04/21/17 19:33, Rui Paulo wrote:
> On Apr 21, 2017, at 18:06, Dag-Erling Smørgrav  wrote:
>> Author: des
>> Date: Sat Apr 22 01:06:23 2017
>> New Revision: 317277
>> URL: https://svnweb.freebsd.org/changeset/base/317277
>>
>> Log:
>>  Fix counter increment in Salsa and ChaCha.
>>
>>  In my eagerness to eliminate a branch which is taken once per 2^38
>>  bytes of keystream, I forgot that the state words are in host order.
>>  Thus, the counter increment code worked fine on little-endian
>>  machines, but not on big-endian ones.  Switch to a simpler (branchful)
>>  solution.
> 
> I’m surprised there’s no mention of who reviewed your change, especially when 
> you’re changing crypto code.

Reviewed by:cperciva

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Re: svn commit: r317277 - head/sys/crypto/chacha20

2017-04-21 Thread Rui Paulo 
On Apr 21, 2017, at 18:06, Dag-Erling Smørgrav  wrote:
> 
> Author: des
> Date: Sat Apr 22 01:06:23 2017
> New Revision: 317277
> URL: https://svnweb.freebsd.org/changeset/base/317277
> 
> Log:
>  Fix counter increment in Salsa and ChaCha.
> 
>  In my eagerness to eliminate a branch which is taken once per 2^38
>  bytes of keystream, I forgot that the state words are in host order.
>  Thus, the counter increment code worked fine on little-endian
>  machines, but not on big-endian ones.  Switch to a simpler (branchful)
>  solution.

I’m surprised there’s no mention of who reviewed your change, especially when 
you’re changing crypto code.
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r317277 - head/sys/crypto/chacha20

2017-04-21 Thread Dag-Erling Smørgrav 
Author: des
Date: Sat Apr 22 01:06:23 2017
New Revision: 317277
URL: https://svnweb.freebsd.org/changeset/base/317277

Log:
  Fix counter increment in Salsa and ChaCha.
  
  In my eagerness to eliminate a branch which is taken once per 2^38
  bytes of keystream, I forgot that the state words are in host order.
  Thus, the counter increment code worked fine on little-endian
  machines, but not on big-endian ones.  Switch to a simpler (branchful)
  solution.

Modified:
  head/sys/crypto/chacha20/chacha20.c

Modified: head/sys/crypto/chacha20/chacha20.c
==
--- head/sys/crypto/chacha20/chacha20.c Fri Apr 21 23:01:32 2017
(r317276)
+++ head/sys/crypto/chacha20/chacha20.c Sat Apr 22 01:06:23 2017
(r317277)
@@ -130,7 +130,6 @@ size_t
 chacha20_encrypt(chacha20_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
 {
const uint8_t *pt = vpt;
-   uint64_t ctr;
uint32_t mix[16];
uint8_t ks[64];
unsigned int b, i;
@@ -157,8 +156,8 @@ chacha20_encrypt(chacha20_ctx *ctx, cons
for (i = 0; i < 64 && i < len; ++i)
*ct++ = *pt++ ^ ks[i];
}
-   ctr = le64dec(ctx->state + 12);
-   le64enc(ctx->state + 12, ++ctr);
+   if (++ctx->state[12] == 0)
+   ++ctx->state[13];
}
return (len);
 }
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"