diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-09-25 18:48:54 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-09-25 20:05:17 +0200 |
commit | f606b291e30fc6a9eab31902666047ea8e70d0fd (patch) | |
tree | 8e89abab707baaec0ae7cce68185672fe31b57d4 /src/crypto | |
parent | curve25519-arm: disable on big-endian (diff) | |
download | wireguard-monolithic-historical-f606b291e30fc6a9eab31902666047ea8e70d0fd.tar.xz wireguard-monolithic-historical-f606b291e30fc6a9eab31902666047ea8e70d0fd.zip |
poly1305-arm: swap endianness in base 2^26 conversion
These are actually 32-bit limbs, so we have to swap them back after the
64-bit arithmetic. Also, change type of boolean for 64-bit.
Suggested-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'src/crypto')
-rw-r--r-- | src/crypto/zinc/poly1305/poly1305-arm-glue.h | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/crypto/zinc/poly1305/poly1305-arm-glue.h b/src/crypto/zinc/poly1305/poly1305-arm-glue.h index ddeb58a..9d34d21 100644 --- a/src/crypto/zinc/poly1305/poly1305-arm-glue.h +++ b/src/crypto/zinc/poly1305/poly1305-arm-glue.h @@ -35,7 +35,7 @@ struct poly1305_arch_internal { u64 h0, h1, h2; }; }; - u32 is_base2_26; + u64 is_base2_26; u64 r[2]; }; #elif defined(CONFIG_ARM) @@ -68,6 +68,10 @@ static void convert_to_base2_64(void *ctx) state->h0 = ((u64)state->h[2] << 52) | ((u64)state->h[1] << 26) | state->h[0]; state->h1 = ((u64)state->h[4] << 40) | ((u64)state->h[3] << 14) | (state->h[2] >> 12); state->h2 = state->h[4] >> 24; +#if defined(CONFIG_ARM) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ + state->h0 = rol64(state->h0, 32); + state->h1 = rol64(state->h1, 32); +#endif #define ULT(a, b) ((a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1)) cy = (state->h2 >> 2) + (state->h2 & ~3ULL); state->h2 &= 3; |