[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201020203957.3512851-1-nivedita@alum.mit.edu>
Date: Tue, 20 Oct 2020 16:39:51 -0400
From: Arvind Sankar <nivedita@...m.mit.edu>
To: Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
David Laight <David.Laight@...LAB.COM>
Cc: linux-kernel@...r.kernel.org
Subject: [PATCH v2 0/6] crypto: lib/sha256 - cleanup/optimization
Patch 1 -- Use memzero_explicit() instead of structure assignment/plain
memset() to clear sensitive state.
Patch 2 -- I am not sure about this one: currently the temporary
variables used in the generic sha256 implementation are cleared, but the
clearing is optimized away due to lack of compiler barriers. I don't
think it's really necessary to clear them, but I'm not a cryptanalyst,
so I would like comment on whether it's indeed safe not to, or we should
instead add the required barriers to force clearing.
The last four patches are optimizations for generic sha256.
v2:
- Add patch to combine K and W arrays, suggested by David
- Reformat SHA256_ROUND() macro a little
Arvind Sankar (6):
crypto: Use memzero_explicit() for clearing state
crypto: lib/sha256 - Don't clear temporary variables
crypto: lib/sha256 - Clear W[] in sha256_update() instead of
sha256_transform()
crypto: lib/sha256 - Unroll SHA256 loop 8 times intead of 64
crypto: lib/sha256 - Unroll LOAD and BLEND loops
crypto: lib/sha - Combine round constants and message schedule
include/crypto/sha1_base.h | 3 +-
include/crypto/sha256_base.h | 3 +-
include/crypto/sha512_base.h | 3 +-
include/crypto/sm3_base.h | 3 +-
lib/crypto/sha256.c | 211 +++++++++++------------------------
5 files changed, 71 insertions(+), 152 deletions(-)
--
2.26.2
Powered by blists - more mailing lists