| Message ID | 20201025143119.1054168-1-nivedita@alum.mit.edu (mailing list archive) |
|---|---|
| Headers | show |
| Series | crypto: lib/sha256 - cleanup/optimization | expand |
On Sun, Oct 25, 2020 at 10:31:13AM -0400, Arvind Sankar wrote: > Patch 1/2 -- Use memzero_explicit() instead of structure assignment/plain > memset() to clear sensitive state. > > Patch 3 -- Currently the temporary variables used in the generic sha256 > implementation are cleared, but the clearing is optimized away due to > lack of compiler barriers. Drop the clearing. > > The last three patches are optimizations for generic sha256. > > v4: > - Split the first patch into two, the first one just does > lib/crypto/sha256.c, so that the second one can be applied or dropped > depending on the outcome of the discussion between Herbert/Eric. > > v3: > - Add some more files to patch 1 > - Reword commit message for patch 2 > - Reformat SHA256_K array > - Drop v2 patch combining K and W arrays > > v2: > - Add patch to combine K and W arrays, suggested by David > - Reformat SHA256_ROUND() macro a little > > Arvind Sankar (6): > crypto: lib/sha256 - Use memzero_explicit() for clearing state > crypto: Use memzero_explicit() for clearing state > crypto: lib/sha256 - Don't clear temporary variables > crypto: lib/sha256 - Clear W[] in sha256_update() instead of > sha256_transform() > crypto: lib/sha256 - Unroll SHA256 loop 8 times intead of 64 > crypto: lib/sha256 - Unroll LOAD and BLEND loops > > arch/arm64/crypto/ghash-ce-glue.c | 2 +- > arch/arm64/crypto/poly1305-glue.c | 2 +- > arch/arm64/crypto/sha3-ce-glue.c | 2 +- > arch/x86/crypto/poly1305_glue.c | 2 +- > include/crypto/sha1_base.h | 3 +- > include/crypto/sha256_base.h | 3 +- > include/crypto/sha512_base.h | 3 +- > include/crypto/sm3_base.h | 3 +- > lib/crypto/sha256.c | 212 +++++++++--------------------- > 9 files changed, 76 insertions(+), 156 deletions(-) All applied. Thanks.
Patch 1/2 -- Use memzero_explicit() instead of structure assignment/plain memset() to clear sensitive state. Patch 3 -- Currently the temporary variables used in the generic sha256 implementation are cleared, but the clearing is optimized away due to lack of compiler barriers. Drop the clearing. The last three patches are optimizations for generic sha256. v4: - Split the first patch into two, the first one just does lib/crypto/sha256.c, so that the second one can be applied or dropped depending on the outcome of the discussion between Herbert/Eric. v3: - Add some more files to patch 1 - Reword commit message for patch 2 - Reformat SHA256_K array - Drop v2 patch combining K and W arrays v2: - Add patch to combine K and W arrays, suggested by David - Reformat SHA256_ROUND() macro a little Arvind Sankar (6): crypto: lib/sha256 - Use memzero_explicit() for clearing state crypto: Use memzero_explicit() for clearing state crypto: lib/sha256 - Don't clear temporary variables crypto: lib/sha256 - Clear W[] in sha256_update() instead of sha256_transform() crypto: lib/sha256 - Unroll SHA256 loop 8 times intead of 64 crypto: lib/sha256 - Unroll LOAD and BLEND loops arch/arm64/crypto/ghash-ce-glue.c | 2 +- arch/arm64/crypto/poly1305-glue.c | 2 +- arch/arm64/crypto/sha3-ce-glue.c | 2 +- arch/x86/crypto/poly1305_glue.c | 2 +- include/crypto/sha1_base.h | 3 +- include/crypto/sha256_base.h | 3 +- include/crypto/sha512_base.h | 3 +- include/crypto/sm3_base.h | 3 +- lib/crypto/sha256.c | 212 +++++++++--------------------- 9 files changed, 76 insertions(+), 156 deletions(-)