[openssl-dev] [openssl.org #4305] ChaCha20 assembly bugs
Andy Polyakov via RT
rt at openssl.org
Sat Feb 13 12:46:47 UTC 2016
Hi,
> I've started playing with the ChaCha20 assembly that was recently checked
> in and found a few problems. Most of these do not affect OpenSSL as you
> only ever call ChaCha20_ctr32 on a whole number of blocks. But this isn't
> documented as a constraint in internal/chacha.h and the assembly has code
> for partial blocks, so it seems it was supposed to work. (If not, I'd
> recommend removing the codepaths and documenting the constraint.)
Idea behind implementing partial blocks and not using them is to reserve
for code reuse in contexts other than OpenSSL.
> 1. In chacha-x86_64.pl, .Ltail:
>
> 2. In chacha-x86_64.pl, .Loop_tail_ssse3:
>
> 3. In chacha-x86.pl, loop:
Fix is upcoming. Thanks!
> 4. The assembly versions crash if you pass in an empty input/output. The
> generic C code handles this fine. (I'll defer to you whether this is a bug
> or a caller obligation to be documented.)
This will be addressed separately by fixing all modules. I mean not all
modules have this problem, but all modules will be double-checked and
fixed as required.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4305
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list