diff options
Diffstat (limited to 'target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch')
| -rw-r--r-- | target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch b/target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch new file mode 100644 index 0000000000..1f6d22ee35 --- /dev/null +++ b/target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch @@ -0,0 +1,83 @@ +From 41d7b5227dcad70f5bd6471e9620fe3c8b3db300 Mon Sep 17 00:00:00 2001 +From: Eric Biggers <ebiggers@google.com> +Date: Sun, 17 Nov 2019 23:22:16 -0800 +Subject: [PATCH 036/124] crypto: lib/chacha20poly1305 - use chacha20_crypt() + +commit 413808b71e6204b0cc1eeaa77960f7c3cd381d33 upstream. + +Use chacha20_crypt() instead of chacha_crypt(), since it's not really +appropriate for users of the ChaCha library API to be passing the number +of rounds as an argument. + +Signed-off-by: Eric Biggers <ebiggers@google.com> +Acked-by: Ard Biesheuvel <ardb@kernel.org> +Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> +Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> +--- + lib/crypto/chacha20poly1305.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/lib/crypto/chacha20poly1305.c ++++ b/lib/crypto/chacha20poly1305.c +@@ -66,14 +66,14 @@ __chacha20poly1305_encrypt(u8 *dst, cons + __le64 lens[2]; + } b; + +- chacha_crypt(chacha_state, b.block0, pad0, sizeof(b.block0), 20); ++ chacha20_crypt(chacha_state, b.block0, pad0, sizeof(b.block0)); + poly1305_init(&poly1305_state, b.block0); + + poly1305_update(&poly1305_state, ad, ad_len); + if (ad_len & 0xf) + poly1305_update(&poly1305_state, pad0, 0x10 - (ad_len & 0xf)); + +- chacha_crypt(chacha_state, dst, src, src_len, 20); ++ chacha20_crypt(chacha_state, dst, src, src_len); + + poly1305_update(&poly1305_state, dst, src_len); + if (src_len & 0xf) +@@ -140,7 +140,7 @@ __chacha20poly1305_decrypt(u8 *dst, cons + if (unlikely(src_len < POLY1305_DIGEST_SIZE)) + return false; + +- chacha_crypt(chacha_state, b.block0, pad0, sizeof(b.block0), 20); ++ chacha20_crypt(chacha_state, b.block0, pad0, sizeof(b.block0)); + poly1305_init(&poly1305_state, b.block0); + + poly1305_update(&poly1305_state, ad, ad_len); +@@ -160,7 +160,7 @@ __chacha20poly1305_decrypt(u8 *dst, cons + + ret = crypto_memneq(b.mac, src + dst_len, POLY1305_DIGEST_SIZE); + if (likely(!ret)) +- chacha_crypt(chacha_state, dst, src, dst_len, 20); ++ chacha20_crypt(chacha_state, dst, src, dst_len); + + memzero_explicit(&b, sizeof(b)); + +@@ -241,7 +241,7 @@ bool chacha20poly1305_crypt_sg_inplace(s + b.iv[1] = cpu_to_le64(nonce); + + chacha_init(chacha_state, b.k, (u8 *)b.iv); +- chacha_crypt(chacha_state, b.block0, pad0, sizeof(b.block0), 20); ++ chacha20_crypt(chacha_state, b.block0, pad0, sizeof(b.block0)); + poly1305_init(&poly1305_state, b.block0); + + if (unlikely(ad_len)) { +@@ -278,14 +278,14 @@ bool chacha20poly1305_crypt_sg_inplace(s + + if (unlikely(length < sl)) + l &= ~(CHACHA_BLOCK_SIZE - 1); +- chacha_crypt(chacha_state, addr, addr, l, 20); ++ chacha20_crypt(chacha_state, addr, addr, l); + addr += l; + length -= l; + } + + if (unlikely(length > 0)) { +- chacha_crypt(chacha_state, b.chacha_stream, pad0, +- CHACHA_BLOCK_SIZE, 20); ++ chacha20_crypt(chacha_state, b.chacha_stream, pad0, ++ CHACHA_BLOCK_SIZE); + crypto_xor(addr, b.chacha_stream, length); + partial = length; + } |