Alexander Nasonov wrote: > The first change shrinks aes_xcbc_mac_init by 183 bytes on amd64 > (from 562 to 379 bytes). > The second change avoids a comparison with an address that may > point beyond the end of a buffer. > The third change is stylistic. > Alex
If there are no objections I'll commit the code. PS I noticed some excessive memory copying (often of fixed-size blocks). Some of them may be needed to prevent side channel attacks by measuring execution time of cache misses. Data of the stack is more likely to be in cache but it's not bulletproof. If we rely on this at all, buffers on the stack should have __cacheline_aligned attribute but I don't see any in the code. > aes_xcbc_mac_result(u_int8_t *addr, void *vctx) > { > - u_char digest[AES_BLOCKSIZE]; > + u_int8_t digest[AES_BLOCKSIZE]; > aesxcbc_ctx *ctx; > int i; This buffer isn't actually needed. The destination addr can be passed directly to rijndaelEncrypt() calls inside the function. I didn't change it because it is the only array in the function and removing it would disable ssp. Alex