openwrt/target/linux/generic/backport-5.4/080-wireguard-0048-crypto-x86-poly1305-emit-does-base-conversion-itself.patch
Jason A. Donenfeld d540725871 kernel-5.4: backport fd16931a2f51 for chacha neon
Without this patch, the chacha block counter is not incremented on neon
rounds, resulting in incorrect calculations and corrupt packets.

This also switches to using `--no-numbered --zero-commit` so that future
diffs are smaller.

Reported-by: Hans Geiblinger <cybrnook2002@yahoo.com>
Reviewed-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Cc: David Bauer <mail@david-bauer.net>
Cc: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-02 09:30:22 +01:00

37 lines
1.4 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 17 Jan 2020 11:42:22 +0100
Subject: [PATCH] crypto: x86/poly1305 - emit does base conversion itself
commit f9e7fe32a792726186301423ff63a465d63386e1 upstream.
The emit code does optional base conversion itself in assembly, so we
don't need to do that here. Also, neither one of these functions uses
simd instructions, so checking for that doesn't make sense either.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/x86/crypto/poly1305_glue.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/arch/x86/crypto/poly1305_glue.c
+++ b/arch/x86/crypto/poly1305_glue.c
@@ -123,13 +123,9 @@ static void poly1305_simd_blocks(void *c
static void poly1305_simd_emit(void *ctx, u8 mac[POLY1305_DIGEST_SIZE],
const u32 nonce[4])
{
- struct poly1305_arch_internal *state = ctx;
-
- if (!IS_ENABLED(CONFIG_AS_AVX) || !static_branch_likely(&poly1305_use_avx) ||
- !state->is_base2_26 || !crypto_simd_usable()) {
- convert_to_base2_64(ctx);
+ if (!IS_ENABLED(CONFIG_AS_AVX) || !static_branch_likely(&poly1305_use_avx))
poly1305_emit_x86_64(ctx, mac, nonce);
- } else
+ else
poly1305_emit_avx(ctx, mac, nonce);
}