campbell+netbsd-tech-kern@ wrote: > > +void > > +hc128_init(hc128_state_t *state, const uint8_t *key, const uint8_t *iv) > > +{ > > + unsigned int i; > > + uint32_t w[1280], *p = state->p, *q = state->q; > > 5 KB on the stack is a lot! Granted, this is a leaf routine which in > our case will be called only in a softint handler, but still.
Note the caller of this hc128_init() is: > > +static void > > +cprng_fast_randrekey(cprng_fast_ctx_t *ctx) > > +{ > > + uint8_t key[16], iv[16]; > > + hc128_state_t tempstate; > > + int s; > > + > > + int have_initial = rnd_initial_entropy; > > + > > + cprng_strong(kern_cprng, key, sizeof(key), FASYNC); > > + cprng_strong(kern_cprng, iv, sizeof(iv), FASYNC); > > + /* Rekey the hc128 state - expensive, don't do this at splhigh. */ > > + hc128_init(&ctx->hc128, key, iv); The "hc128_state_t" is declared as: > > +typedef struct > > +{ > > + uint32_t p[512]; > > + uint32_t q[512]; > > + uint16_t i; > > +} hc128_state_t; so it already consumes >4KB stack. I'm afraid "9KB stack on rekeying" is fatal on most ports. I wonder if we should also consider "speed vs memory" especially for embedded users. --- Izumi Tsutsui