d540725871
Without this patch, the chacha block counter is not incremented on neon rounds, resulting in incorrect calculations and corrupt packets. This also switches to using `--no-numbered --zero-commit` so that future diffs are smaller. Reported-by: Hans Geiblinger <cybrnook2002@yahoo.com> Reviewed-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> Cc: David Bauer <mail@david-bauer.net> Cc: Petr Štetiar <ynezz@true.cz> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
37 lines
1.4 KiB
Diff
37 lines
1.4 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
|
|
Date: Fri, 17 Jan 2020 11:42:22 +0100
|
|
Subject: [PATCH] crypto: x86/poly1305 - emit does base conversion itself
|
|
|
|
commit f9e7fe32a792726186301423ff63a465d63386e1 upstream.
|
|
|
|
The emit code does optional base conversion itself in assembly, so we
|
|
don't need to do that here. Also, neither one of these functions uses
|
|
simd instructions, so checking for that doesn't make sense either.
|
|
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
---
|
|
arch/x86/crypto/poly1305_glue.c | 8 ++------
|
|
1 file changed, 2 insertions(+), 6 deletions(-)
|
|
|
|
--- a/arch/x86/crypto/poly1305_glue.c
|
|
+++ b/arch/x86/crypto/poly1305_glue.c
|
|
@@ -123,13 +123,9 @@ static void poly1305_simd_blocks(void *c
|
|
static void poly1305_simd_emit(void *ctx, u8 mac[POLY1305_DIGEST_SIZE],
|
|
const u32 nonce[4])
|
|
{
|
|
- struct poly1305_arch_internal *state = ctx;
|
|
-
|
|
- if (!IS_ENABLED(CONFIG_AS_AVX) || !static_branch_likely(&poly1305_use_avx) ||
|
|
- !state->is_base2_26 || !crypto_simd_usable()) {
|
|
- convert_to_base2_64(ctx);
|
|
+ if (!IS_ENABLED(CONFIG_AS_AVX) || !static_branch_likely(&poly1305_use_avx))
|
|
poly1305_emit_x86_64(ctx, mac, nonce);
|
|
- } else
|
|
+ else
|
|
poly1305_emit_avx(ctx, mac, nonce);
|
|
}
|
|
|