mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-20 22:23:27 +00:00
d540725871
Without this patch, the chacha block counter is not incremented on neon rounds, resulting in incorrect calculations and corrupt packets. This also switches to using `--no-numbered --zero-commit` so that future diffs are smaller. Reported-by: Hans Geiblinger <cybrnook2002@yahoo.com> Reviewed-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> Cc: David Bauer <mail@david-bauer.net> Cc: Petr Štetiar <ynezz@true.cz> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
85 lines
3.9 KiB
Diff
85 lines
3.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
|
|
Date: Sun, 1 Mar 2020 22:52:35 +0800
|
|
Subject: [PATCH] crypto: x86/curve25519 - support assemblers with no adx
|
|
support
|
|
|
|
commit 1579f1bc3b753d17a44de3457d5c6f4a5b14c752 upstream.
|
|
|
|
Some older version of GAS do not support the ADX instructions, similarly
|
|
to how they also don't support AVX and such. This commit adds the same
|
|
build-time detection mechanisms we use for AVX and others for ADX, and
|
|
then makes sure that the curve25519 library dispatcher calls the right
|
|
functions.
|
|
|
|
Reported-by: Willy Tarreau <w@1wt.eu>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
---
|
|
arch/x86/Makefile | 5 +++--
|
|
arch/x86/crypto/Makefile | 7 ++++++-
|
|
include/crypto/curve25519.h | 6 ++++--
|
|
3 files changed, 13 insertions(+), 5 deletions(-)
|
|
|
|
--- a/arch/x86/Makefile
|
|
+++ b/arch/x86/Makefile
|
|
@@ -197,9 +197,10 @@ avx2_instr :=$(call as-instr,vpbroadcast
|
|
avx512_instr :=$(call as-instr,vpmovm2b %k1$(comma)%zmm5,-DCONFIG_AS_AVX512=1)
|
|
sha1_ni_instr :=$(call as-instr,sha1msg1 %xmm0$(comma)%xmm1,-DCONFIG_AS_SHA1_NI=1)
|
|
sha256_ni_instr :=$(call as-instr,sha256msg1 %xmm0$(comma)%xmm1,-DCONFIG_AS_SHA256_NI=1)
|
|
+adx_instr := $(call as-instr,adox %r10$(comma)%r10,-DCONFIG_AS_ADX=1)
|
|
|
|
-KBUILD_AFLAGS += $(cfi) $(cfi-sigframe) $(cfi-sections) $(asinstr) $(avx_instr) $(avx2_instr) $(avx512_instr) $(sha1_ni_instr) $(sha256_ni_instr)
|
|
-KBUILD_CFLAGS += $(cfi) $(cfi-sigframe) $(cfi-sections) $(asinstr) $(avx_instr) $(avx2_instr) $(avx512_instr) $(sha1_ni_instr) $(sha256_ni_instr)
|
|
+KBUILD_AFLAGS += $(cfi) $(cfi-sigframe) $(cfi-sections) $(asinstr) $(avx_instr) $(avx2_instr) $(avx512_instr) $(sha1_ni_instr) $(sha256_ni_instr) $(adx_instr)
|
|
+KBUILD_CFLAGS += $(cfi) $(cfi-sigframe) $(cfi-sections) $(asinstr) $(avx_instr) $(avx2_instr) $(avx512_instr) $(sha1_ni_instr) $(sha256_ni_instr) $(adx_instr)
|
|
|
|
KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE)
|
|
|
|
--- a/arch/x86/crypto/Makefile
|
|
+++ b/arch/x86/crypto/Makefile
|
|
@@ -11,6 +11,7 @@ avx2_supported := $(call as-instr,vpgath
|
|
avx512_supported :=$(call as-instr,vpmovm2b %k1$(comma)%zmm5,yes,no)
|
|
sha1_ni_supported :=$(call as-instr,sha1msg1 %xmm0$(comma)%xmm1,yes,no)
|
|
sha256_ni_supported :=$(call as-instr,sha256msg1 %xmm0$(comma)%xmm1,yes,no)
|
|
+adx_supported := $(call as-instr,adox %r10$(comma)%r10,yes,no)
|
|
|
|
obj-$(CONFIG_CRYPTO_GLUE_HELPER_X86) += glue_helper.o
|
|
|
|
@@ -39,7 +40,11 @@ obj-$(CONFIG_CRYPTO_AEGIS128_AESNI_SSE2)
|
|
|
|
obj-$(CONFIG_CRYPTO_NHPOLY1305_SSE2) += nhpoly1305-sse2.o
|
|
obj-$(CONFIG_CRYPTO_NHPOLY1305_AVX2) += nhpoly1305-avx2.o
|
|
-obj-$(CONFIG_CRYPTO_CURVE25519_X86) += curve25519-x86_64.o
|
|
+
|
|
+# These modules require the assembler to support ADX.
|
|
+ifeq ($(adx_supported),yes)
|
|
+ obj-$(CONFIG_CRYPTO_CURVE25519_X86) += curve25519-x86_64.o
|
|
+endif
|
|
|
|
# These modules require assembler to support AVX.
|
|
ifeq ($(avx_supported),yes)
|
|
--- a/include/crypto/curve25519.h
|
|
+++ b/include/crypto/curve25519.h
|
|
@@ -33,7 +33,8 @@ bool __must_check curve25519(u8 mypublic
|
|
const u8 secret[CURVE25519_KEY_SIZE],
|
|
const u8 basepoint[CURVE25519_KEY_SIZE])
|
|
{
|
|
- if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519))
|
|
+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519) &&
|
|
+ (!IS_ENABLED(CONFIG_CRYPTO_CURVE25519_X86) || IS_ENABLED(CONFIG_AS_ADX)))
|
|
curve25519_arch(mypublic, secret, basepoint);
|
|
else
|
|
curve25519_generic(mypublic, secret, basepoint);
|
|
@@ -49,7 +50,8 @@ __must_check curve25519_generate_public(
|
|
CURVE25519_KEY_SIZE)))
|
|
return false;
|
|
|
|
- if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519))
|
|
+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519) &&
|
|
+ (!IS_ENABLED(CONFIG_CRYPTO_CURVE25519_X86) || IS_ENABLED(CONFIG_AS_ADX)))
|
|
curve25519_base_arch(pub, secret);
|
|
else
|
|
curve25519_generic(pub, secret, curve25519_base_point);
|