On Mon, 2018-02-19 at 15:27 +0100, Niels Möller wrote:
Nikos Mavrogiannopoulos nmav@redhat.com writes:
#define ALIGN16(x) \ ((void *)(((ptrdiff_t)(x)+(ptrdiff_t)0x0f)&~((ptrdiff_t)0x0f)))
I think I'd prefer allocating a uint64_t array (largest type used in nettle context structs), and leave to the compiler to figure out what alignment is needed and how to get it.
That way you get 8-byte alignment which is ok, but if you use it for aesni key state for example, it results to slower operations.
What about this macros (untested, just idea demo):
#if defined(HAVE_ALLOCA) # define TMP_DECL_ALLOC(name, type, max, size) type *name = alloca(sizeof (*name) * (size))) #else if __STDC_VERSION__ >= 199901L # define TMP_DECL_ALLOC(name, type, max, size) \ type _tmp##name[size+16]; \ type *name = ALIGN16(_tmp##name) #else /* fallback for pre-C99 and pre-alloca() times # define TMP_DECL_ALLOC(name, type, max, size) \ type _tmp##name[max+16]; \ type *name = ALIGN16(_tmp##name); \ assert(size <= max) #endif
Not so nice with number of cases increased from two to three. But as you suggest, maybe we don't need the third case.
But I wonder if we can get down to just one case. Which relevant compilers don't support variable length arrays? I'd guess this could be expeted mainly for embedded platforms with either older compilers, or c11 compilers taking advantage of variable-length arrays being optional.
I don't really know. gnutls requires C99 to work, though I couldn't find any usage of variable arrays on the code.
Said that, variable arrays and alloca() are ok when the input doesn't come externally but I'm not sure if we can enforce that in nettle. What about moving to malloc() unconditionally?
regards, Nikos