> > Also, I wonder if we shouldn't simply change the chacha code to use
> > unaligned loads for the state array, as it likely makes very little
> > difference in practice (the state is not accessed from inside the
> > round processing loop)
>
> I am seeing a 0.25% slowdown on 1k blocks in the SS
On Wed, 8 Jul 2020 at 08:46, Ard Biesheuvel wrote:
>
> On Wed, 8 Jul 2020 at 05:44, Herbert Xu wrote:
> >
> > On Tue, Jul 07, 2020 at 07:31:08PM -0700, Eric Biggers wrote:
> > >
> > > Hmm, __chacha20poly1305_encrypt() already uses:
> > >
> > > memzero_explicit(chacha_state, CHACHA_STATE_WOR
On Wed, 8 Jul 2020 at 05:44, Herbert Xu wrote:
>
> On Tue, Jul 07, 2020 at 07:31:08PM -0700, Eric Biggers wrote:
> >
> > Hmm, __chacha20poly1305_encrypt() already uses:
> >
> > memzero_explicit(chacha_state, CHACHA_STATE_WORDS * sizeof(u32));
> >
> > That's equivalent to CHACHA_BLOCK_SIZE no
On Tue, Jul 07, 2020 at 07:31:08PM -0700, Eric Biggers wrote:
>
> Hmm, __chacha20poly1305_encrypt() already uses:
>
> memzero_explicit(chacha_state, CHACHA_STATE_WORDS * sizeof(u32));
>
> That's equivalent to CHACHA_BLOCK_SIZE now, but it would be best to use the
> same
> constant everywh
