lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20260114223236.GA1449008@google.com>
Date: Wed, 14 Jan 2026 22:32:36 +0000
From: Eric Biggers <ebiggers@...nel.org>
To: Jang Ingyu <ingyujang25@...ea.ac.kr>
Cc: Herbert Xu <herbert@...dor.apana.org.au>,
	"David S . Miller" <davem@...emloft.net>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
	"H . Peter Anvin" <hpa@...or.com>, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [Question] Redundant ternary operators in nhpoly1305/sha256
 digest functions?

On Thu, Jan 15, 2026 at 12:38:39AM +0900, Jang Ingyu wrote:
> From: Ingyu Jang <ingyujang25@...ea.ac.kr>
> 
> Hi,
> 
> I noticed that in arch/x86/crypto/, several digest functions use
> the ternary operator (?:) to chain function calls:
> 
> In nhpoly1305-avx2-glue.c and nhpoly1305-sse2-glue.c:
> 
>   return crypto_nhpoly1305_init(desc) ?:
>          nhpoly1305_xxx_update(desc, src, srclen) ?:
>          crypto_nhpoly1305_final(desc, out);
> 
> In sha256_ssse3_glue.c (sha256_ssse3_digest, sha256_avx_digest,
> sha256_avx2_digest, sha256_ni_digest):
> 
>   return sha256_base_init(desc) ?:
>          sha256_xxx_finup(desc, data, len, out);
> 
> However, all the functions being checked always return 0:
>   - crypto_nhpoly1305_init() always returns 0
>   - nhpoly1305_xxx_update() always returns 0
>   - crypto_nhpoly1305_final() always returns 0
>   - sha256_base_init() always returns 0
> 
> This makes the short-circuit evaluation of ?: unnecessary.

This code was written to be compatible with the crypto_shash API, which
is defined to have an error code for every hashing operation.  So it was
defensive coding to assume that an error might occur, even though
apparently in these particular cases no error was possible.

> Is this intentional defensive coding for potential future changes,
> or could this be cleaned up?

It was already cleaned up as part of the migration into lib/crypto/,
where hashing operations now always succeed and return void.  SHA-256
was cleaned up in 6.17.  The NH cleanups are queued for 6.20.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ