mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-28 01:28:59 +00:00
d540725871
Without this patch, the chacha block counter is not incremented on neon rounds, resulting in incorrect calculations and corrupt packets. This also switches to using `--no-numbered --zero-commit` so that future diffs are smaller. Reported-by: Hans Geiblinger <cybrnook2002@yahoo.com> Reviewed-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> Cc: David Bauer <mail@david-bauer.net> Cc: Petr Štetiar <ynezz@true.cz> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
76 lines
2.6 KiB
Diff
76 lines
2.6 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Ard Biesheuvel <ardb@kernel.org>
|
|
Date: Fri, 8 Nov 2019 13:22:35 +0100
|
|
Subject: [PATCH] crypto: lib/curve25519 - work around Clang stack spilling
|
|
issue
|
|
|
|
commit 660bb8e1f833ea63185fe80fde847e3e42f18e3b upstream.
|
|
|
|
Arnd reports that the 32-bit generic library code for Curve25119 ends
|
|
up using an excessive amount of stack space when built with Clang:
|
|
|
|
lib/crypto/curve25519-fiat32.c:756:6: error: stack frame size
|
|
of 1384 bytes in function 'curve25519_generic'
|
|
[-Werror,-Wframe-larger-than=]
|
|
|
|
Let's give some hints to the compiler regarding which routines should
|
|
not be inlined, to prevent it from running out of registers and spilling
|
|
to the stack. The resulting code performs identically under both GCC
|
|
and Clang, and makes the warning go away.
|
|
|
|
Suggested-by: Arnd Bergmann <arnd@arndb.de>
|
|
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
|
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
---
|
|
lib/crypto/curve25519-fiat32.c | 10 +++++-----
|
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
--- a/lib/crypto/curve25519-fiat32.c
|
|
+++ b/lib/crypto/curve25519-fiat32.c
|
|
@@ -223,7 +223,7 @@ static __always_inline void fe_1(fe *h)
|
|
h->v[0] = 1;
|
|
}
|
|
|
|
-static void fe_add_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
|
|
+static noinline void fe_add_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
|
|
{
|
|
{ const u32 x20 = in1[9];
|
|
{ const u32 x21 = in1[8];
|
|
@@ -266,7 +266,7 @@ static __always_inline void fe_add(fe_lo
|
|
fe_add_impl(h->v, f->v, g->v);
|
|
}
|
|
|
|
-static void fe_sub_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
|
|
+static noinline void fe_sub_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
|
|
{
|
|
{ const u32 x20 = in1[9];
|
|
{ const u32 x21 = in1[8];
|
|
@@ -309,7 +309,7 @@ static __always_inline void fe_sub(fe_lo
|
|
fe_sub_impl(h->v, f->v, g->v);
|
|
}
|
|
|
|
-static void fe_mul_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
|
|
+static noinline void fe_mul_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
|
|
{
|
|
{ const u32 x20 = in1[9];
|
|
{ const u32 x21 = in1[8];
|
|
@@ -441,7 +441,7 @@ fe_mul_tll(fe *h, const fe_loose *f, con
|
|
fe_mul_impl(h->v, f->v, g->v);
|
|
}
|
|
|
|
-static void fe_sqr_impl(u32 out[10], const u32 in1[10])
|
|
+static noinline void fe_sqr_impl(u32 out[10], const u32 in1[10])
|
|
{
|
|
{ const u32 x17 = in1[9];
|
|
{ const u32 x18 = in1[8];
|
|
@@ -619,7 +619,7 @@ static __always_inline void fe_invert(fe
|
|
*
|
|
* Preconditions: b in {0,1}
|
|
*/
|
|
-static __always_inline void fe_cswap(fe *f, fe *g, unsigned int b)
|
|
+static noinline void fe_cswap(fe *f, fe *g, unsigned int b)
|
|
{
|
|
unsigned i;
|
|
b = 0 - b;
|