aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* global: prefix all functions with wg_Jason A. Donenfeld2018-10-0228-605/+627
| | | | | | | | | | | | | I understand why this must be done, though I'm not so happy about having to do it. In some places, it puts us over 80 chars and we have to break lines up in further ugly ways. And in general, I think this makes things harder to read. Yet another thing we must do to please upstream. Maybe this can be replaced in the future by some kind of automatic module namespacing logic in the linker, or even combined with LTO and aggressive symbol stripping. Suggested-by: Andrew Lunn <andrew@lunn.ch>
* poly1305-mips64: use compiler-defined macros in assemblyJason A. Donenfeld2018-10-021-5/+10
| | | | | | | Andy and I agreed it's more correct to use the compiler-defined macros in assembly code, and not the project specific macros. Suggested-by: Andy Polyakov <appro@openssl.org>
* blake2s: rename arch function and use slicker le32 helperJason A. Donenfeld2018-10-023-11/+15
|
* blake2s: feed fpu functions PAGE_SIZE at a timeJason A. Donenfeld2018-10-021-14/+28
|
* poly1305: feed fpu functions PAGE_SIZE at a timeJason A. Donenfeld2018-10-024-29/+49
|
* chacha20: feed fpu functions PAGE_SIZE at a timeJason A. Donenfeld2018-10-024-23/+54
| | | | Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
* chacha20: test multiple page span in selftestJason A. Donenfeld2018-10-022-3/+27
|
* chacha20: break out of zero loops in selftestJason A. Donenfeld2018-10-021-0/+5
|
* crypto: prefer IS_ENABLED to ifdefsJason A. Donenfeld2018-10-028-135/+73
| | | | Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
* crypto: ignore ARMv3Jason A. Donenfeld2018-10-021-1/+1
|
* compat: kernels < 3.17 don't have read_cpuid_partNathan Chancellor2018-10-021-0/+4
| | | | | | | | Use read_cpuid_part_number, which was the same thing before upstream commit af040ffc9ba1 ("ARM: make it easier to check the CPU part number correctly"). Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
* qemu: support more arm big endian platformsJason A. Donenfeld2018-10-025-4/+43
|
* crypto: rename DEBUG to SELFTESTJason A. Donenfeld2018-09-2511-59/+59
| | | | | Also we make selftest errors of type err, so that they're obvious in dmesg.
* poly1305-arm: swap endianness in base 2^26 conversionJason A. Donenfeld2018-09-251-1/+5
| | | | | | | These are actually 32-bit limbs, so we have to swap them back after the 64-bit arithmetic. Also, change type of boolean for 64-bit. Suggested-by: Andy Polyakov <appro@openssl.org>
* curve25519-arm: disable on big-endianJason A. Donenfeld2018-09-252-3/+3
| | | | | The qhasm was only written for little-endian systems, and we don't want disaster to ensue.
* chacha20-arm,poly1305-arm: fix big-endian aarch64Jason A. Donenfeld2018-09-252-21/+21
| | | | Suggested-by: Andy Polyakov <appro@openssl.org>
* curve25519: show all failures in test caseJason A. Donenfeld2018-09-251-2/+0
|
* version: bump snapshot0.0.20180925Jason A. Donenfeld2018-09-252-2/+2
|
* curve25519-hacl64: reduce stack usage under KASANJason A. Donenfeld2018-09-251-2/+1
| | | | Suggested-by: Arnd Bergmann <arnd@arndb.de>
* chacha20: add bounds checking to selftestsJason A. Donenfeld2018-09-251-1/+45
|
* chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable handlingRené van Dorst2018-09-251-79/+94
| | | | Signed-off-by: René van Dorst <opensource@vdorst.com>
* qemu: bump muslJason A. Donenfeld2018-09-251-1/+1
|
* crypto: make constant naming scheme consistentJason A. Donenfeld2018-09-2519-175/+175
|
* hchacha20: keep in native endian in wordsJason A. Donenfeld2018-09-258-42/+46
|
* chacha20-arm: remove unused preamblesJason A. Donenfeld2018-09-242-30/+1
|
* chacha20-arm: updated scalar code from AndyJason A. Donenfeld2018-09-231-310/+273
|
* poly1305-mips64: remove useless preprocessor errorJason A. Donenfeld2018-09-231-4/+0
|
* crypto-arm: rework KERNEL_MODE_NEON handling againJason A. Donenfeld2018-09-238-27/+16
|
* crypto: flatten out makefileJason A. Donenfeld2018-09-231-47/+33
| | | | This brings us more in line with the integration tree's style.
* curve25519-fiat32: work around m68k compiler stack frame bugJason A. Donenfeld2018-09-231-6/+4
| | | | | | | The m68k compiler generates a 1032 byte stack frame. Moving these variables inside the loop fixes that. It also means we're not explicitly memzeroing it any more either, but hopefully that memory is reused anyway by the multiplications.
* allowedips: work around kasan stack frame bug in selftestJason A. Donenfeld2018-09-231-2/+9
|
* chacha20-arm: use new scalar implementationJason A. Donenfeld2018-09-232-569/+1208
| | | | | It turns out this is faster than NEON on some chips, so it's nice to have.
* crypto-arm: rework KERNEL_MODE_NEON handlingJason A. Donenfeld2018-09-232-9/+16
| | | | It might be defined even if the compiler doesn't support it.
* global: reduce stack frame sizeJason A. Donenfeld2018-09-234-27/+36
| | | | This brings it under 1280 on 64-bit and under 1024 on 32-bit systems.
* chacha20: add chunked selftest and test sliding alignments and hchacha20Jason A. Donenfeld2018-09-232-1160/+2467
| | | | | This ensures we're properly updating state[12] and that we're handling all unaligned acceses (in the jump tables for MIPS).
* chacha20-mips32r2: reduce jumptable entry size and stack usageRené van Dorst2018-09-221-39/+48
| | | | Signed-off-by: René van Dorst <opensource@vdorst.com>
* chacha20-mips32r2: use simpler calling conventionJason A. Donenfeld2018-09-212-179/+143
| | | | | | | Since we now set up the block in the generic code, we can rely on that to use fewer variables and reduce stack pressure within the MIPS code. This in turn means we have more registers and more uniformity, so we're able to rewrite quite a bit.
* chacha20-arm: go with Ard's version to optimize for Cortex-A7Jason A. Donenfeld2018-09-216-732/+599
|
* chacha20-mips32r2: remove reorder directivesRené van Dorst2018-09-212-107/+69
| | | | | | | | This requires some minimal rearranging to make work, but for the most part as does the right thing, provided we pass it an optimization flag. Suggested-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com>
* chacha20-mips32r2: fix typo to allow reorder againRené van Dorst2018-09-211-1/+1
| | | | | Reported-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com>
* poly1305-mips32r2: remove all reorder directivesRené van Dorst2018-09-212-32/+23
| | | | | | | | This requires some minimal rearranging to make work, but for the most part as does the right thing, provided we pass it an optimization flag. Suggested-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com>
* global: put SPDX identifier on its own lineJason A. Donenfeld2018-09-2098-196/+196
| | | | | The kernel has very specific rules correlating file type with comment type, and also SPDX identifiers can't be merged with other comments.
* ratelimiter: disable selftest with KASANJason A. Donenfeld2018-09-201-0/+4
| | | | | | | This this relies on instructions taking a "normal" amount of time, we really can't run this with KASAN, especially inside QEMU, so just disable it for KASAN, since it's hard to make it complete on slow systems.
* crypto: do not waste space on selftest itemsJason A. Donenfeld2018-09-203-9458/+10993
| | | | | | This unfortunately means we have to define symbols, since we want them in __initconst, but it's better than the other two options (no initconst or wasting space for fixed size buffers).
* netlink: reverse my christmas treesJason A. Donenfeld2018-09-201-10/+11
|
* crypto: explicitly dual licenseJason A. Donenfeld2018-09-2041-41/+41
| | | | Suggested-by: Thomas Gleixner <tglx@linutronix.de>
* poly1305: account for simd being toggled off midwayJason A. Donenfeld2018-09-203-26/+131
| | | | | | This is a very rare occurance, but we should account for it, so that the calculations aren't wrong. Here we convert from base 2^26 back to base 2^64.
* allowedips: change from BUG_ON to WARN_ONJason A. Donenfeld2018-09-202-3/+3
| | | | | | | | This is never going to hit anyway, and if it does, it's a development problem that will be caught with the selftests anyway. So don't make Andrew Lunn upset, and just change it to a WARN_ON. Suggested-by: Andrew Lunn <andrew@lunn.ch>
* chacha20: prefer crypto_xor_cpy to avoid memmoveJason A. Donenfeld2018-09-202-5/+31
| | | | Suggested-by: Eric Biggers <ebiggers@kernel.org>
* poly1305: no need to trick gcc 8.1Jason A. Donenfeld2018-09-191-2/+2
| | | | | | | This reverts 37f114a73ba37219b00a66f0a51219a696599745, since gcc 8.2 no longer exhibits that bug. Suggested-by: Eric Biggers <ebiggers@kernel.org>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.