From 77b07d98cef822daad6a6e5e735a66db6cc18a3e Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 21 Sep 2018 01:50:11 +0200
Subject: global: reduce stack frame size

This brings it under 1280 on 64-bit and under 1024 on 32-bit systems.
---
 src/crypto/zinc/curve25519/curve25519-hacl64.h |  2 +-
 src/crypto/zinc/selftest/chacha20.h            | 25 ++++++++++++------
 src/crypto/zinc/selftest/chacha20poly1305.h    | 35 +++++++++++++-------------
 3 files changed, 36 insertions(+), 26 deletions(-)

(limited to 'src/crypto/zinc')

diff --git a/src/crypto/zinc/curve25519/curve25519-hacl64.h b/src/crypto/zinc/curve25519/curve25519-hacl64.h
index 3e34de7..547deac 100644
--- a/src/crypto/zinc/curve25519/curve25519-hacl64.h
+++ b/src/crypto/zinc/curve25519/curve25519-hacl64.h
@@ -584,7 +584,7 @@ static __always_inline void ladder_bigloop_cmult_big_loop(u8 *n1, u64 *nq,
 	}
 }
 
-static __always_inline void ladder_cmult(u64 *result, u8 *n1, u64 *q)
+static void ladder_cmult(u64 *result, u8 *n1, u64 *q)
 {
 	u64 point_buf[40] = { 0 };
 	u64 *nq = point_buf;
diff --git a/src/crypto/zinc/selftest/chacha20.h b/src/crypto/zinc/selftest/chacha20.h
index 8ee242d..b20fd31 100644
--- a/src/crypto/zinc/selftest/chacha20.h
+++ b/src/crypto/zinc/selftest/chacha20.h
@@ -2518,20 +2518,25 @@ static bool __init chacha20_selftest(void)
 {
 	enum { MAXIMUM_TEST_BUFFER_LEN = 1UL << 10 };
 	size_t i, j;
-	u8 offset_input[MAXIMUM_TEST_BUFFER_LEN + 1]
-			__aligned(__alignof__(unsigned long));
+	u8 *offset_input = NULL, *computed_output = NULL;
 	u8 offset_key[CHACHA20_KEY_SIZE + 1]
 			__aligned(__alignof__(unsigned long));
-	u8 computed_output[MAXIMUM_TEST_BUFFER_LEN + 1]
-			__aligned(__alignof__(unsigned long));
 	struct chacha20_ctx state;
 	bool success = true;
 	simd_context_t simd_context;
 
+	offset_input = kmalloc(MAXIMUM_TEST_BUFFER_LEN + 1, GFP_KERNEL);
+	computed_output = kmalloc(MAXIMUM_TEST_BUFFER_LEN + 1, GFP_KERNEL);
+	if (!computed_output || !offset_input) {
+		pr_info("chacha20 self-test malloc: FAIL\n");
+		success = false;
+		goto out;
+	}
+
 	simd_get(&simd_context);
 	for (i = 0; i < ARRAY_SIZE(chacha20_testvecs); ++i) {
 		/* Boring case */
-		memset(computed_output, 0, sizeof(computed_output));
+		memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN + 1);
 		memset(&state, 0, sizeof(state));
 		chacha20_init(&state, chacha20_testvecs[i].key,
 			      chacha20_testvecs[i].nonce);
@@ -2544,7 +2549,7 @@ static bool __init chacha20_selftest(void)
 		}
 
 		/* Unaligned case */
-		memset(computed_output, 0, sizeof(computed_output));
+		memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN + 1);
 		memset(&state, 0, sizeof(state));
 		memcpy(offset_input + 1, chacha20_testvecs[i].input,
 		       chacha20_testvecs[i].ilen);
@@ -2563,7 +2568,7 @@ static bool __init chacha20_selftest(void)
 		/* Chunked case */
 		if (chacha20_testvecs[i].ilen <= CHACHA20_BLOCK_SIZE)
 			goto next_test;
-		memset(computed_output, 0, sizeof(computed_output));
+		memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN + 1);
 		memset(&state, 0, sizeof(state));
 		chacha20_init(&state, chacha20_testvecs[i].key,
 			      chacha20_testvecs[i].nonce);
@@ -2586,7 +2591,7 @@ next_test:
 		    !chacha20_testvecs[i].ilen)
 			continue;
 		for (j = 1; j < CHACHA20_BLOCK_SIZE; ++j) {
-			memset(computed_output, 0, sizeof(computed_output));
+			memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN + 1);
 			memset(&state, 0, sizeof(state));
 			memcpy(offset_input + j, chacha20_testvecs[i].input,
 			       chacha20_testvecs[i].ilen);
@@ -2616,6 +2621,10 @@ next_test:
 	simd_put(&simd_context);
 	if (success)
 		pr_info("chacha20 self-tests: pass\n");
+
+out:
+	kfree(offset_input);
+	kfree(computed_output);
 	return success;
 }
 #endif
diff --git a/src/crypto/zinc/selftest/chacha20poly1305.h b/src/crypto/zinc/selftest/chacha20poly1305.h
index 5133231..2a75dfa 100644
--- a/src/crypto/zinc/selftest/chacha20poly1305.h
+++ b/src/crypto/zinc/selftest/chacha20poly1305.h
@@ -8881,22 +8881,21 @@ static bool __init chacha20poly1305_selftest(void)
 {
 	enum { MAXIMUM_TEST_BUFFER_LEN = 1UL << 12 };
 	size_t i;
-	u8 computed_output[MAXIMUM_TEST_BUFFER_LEN], *heap_src, *heap_dst;
+	u8 *computed_output = NULL, *heap_src = NULL;
 	bool success = true, ret;
 	simd_context_t simd_context;
 	struct scatterlist sg_src, sg_dst;
 
 	heap_src = kmalloc(MAXIMUM_TEST_BUFFER_LEN, GFP_KERNEL);
-	heap_dst = kmalloc(MAXIMUM_TEST_BUFFER_LEN, GFP_KERNEL);
-	if (!heap_src || !heap_dst) {
-		kfree(heap_src);
-		kfree(heap_dst);
+	computed_output = kmalloc(MAXIMUM_TEST_BUFFER_LEN, GFP_KERNEL);
+	if (!heap_src || !computed_output) {
 		pr_info("chacha20poly1305 self-test malloc: FAIL\n");
-		return false;
+		success = false;
+		goto out;
 	}
 
 	for (i = 0; i < ARRAY_SIZE(chacha20poly1305_enc_vectors); ++i) {
-		memset(computed_output, 0, sizeof(computed_output));
+		memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
 		chacha20poly1305_selftest_encrypt(computed_output,
 					chacha20poly1305_enc_vectors[i].input,
 					chacha20poly1305_enc_vectors[i].ilen,
@@ -8918,12 +8917,12 @@ static bool __init chacha20poly1305_selftest(void)
 	for (i = 0; i < ARRAY_SIZE(chacha20poly1305_enc_vectors); ++i) {
 		if (chacha20poly1305_enc_vectors[i].nlen != 8)
 			continue;
-		memset(heap_dst, 0, MAXIMUM_TEST_BUFFER_LEN);
+		memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
 		memcpy(heap_src, chacha20poly1305_enc_vectors[i].input,
 		       chacha20poly1305_enc_vectors[i].ilen);
 		sg_init_one(&sg_src, heap_src,
 			    chacha20poly1305_enc_vectors[i].ilen);
-		sg_init_one(&sg_dst, heap_dst,
+		sg_init_one(&sg_dst, computed_output,
 			    chacha20poly1305_enc_vectors[i].ilen +
 				POLY1305_MAC_SIZE);
 		ret = chacha20poly1305_encrypt_sg(&sg_dst, &sg_src,
@@ -8933,7 +8932,7 @@ static bool __init chacha20poly1305_selftest(void)
 			get_unaligned_le64(chacha20poly1305_enc_vectors[i].nonce),
 			chacha20poly1305_enc_vectors[i].key,
 			&simd_context);
-		if (!ret || memcmp(heap_dst,
+		if (!ret || memcmp(computed_output,
 				   chacha20poly1305_enc_vectors[i].output,
 				   chacha20poly1305_enc_vectors[i].ilen +
 							POLY1305_MAC_SIZE)) {
@@ -8944,7 +8943,7 @@ static bool __init chacha20poly1305_selftest(void)
 	}
 	simd_put(&simd_context);
 	for (i = 0; i < ARRAY_SIZE(chacha20poly1305_dec_vectors); ++i) {
-		memset(computed_output, 0, sizeof(computed_output));
+		memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
 		ret = chacha20poly1305_decrypt(computed_output,
 			chacha20poly1305_dec_vectors[i].input,
 			chacha20poly1305_dec_vectors[i].ilen,
@@ -8965,12 +8964,12 @@ static bool __init chacha20poly1305_selftest(void)
 	}
 	simd_get(&simd_context);
 	for (i = 0; i < ARRAY_SIZE(chacha20poly1305_dec_vectors); ++i) {
-		memset(heap_dst, 0, MAXIMUM_TEST_BUFFER_LEN);
+		memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
 		memcpy(heap_src, chacha20poly1305_dec_vectors[i].input,
 		       chacha20poly1305_dec_vectors[i].ilen);
 		sg_init_one(&sg_src, heap_src,
 			    chacha20poly1305_dec_vectors[i].ilen);
-		sg_init_one(&sg_dst, heap_dst,
+		sg_init_one(&sg_dst, computed_output,
 			    chacha20poly1305_dec_vectors[i].ilen -
 							POLY1305_MAC_SIZE);
 		ret = chacha20poly1305_decrypt_sg(&sg_dst, &sg_src,
@@ -8981,7 +8980,7 @@ static bool __init chacha20poly1305_selftest(void)
 			chacha20poly1305_dec_vectors[i].key, &simd_context);
 		if (!decryption_success(ret,
 			chacha20poly1305_dec_vectors[i].failure,
-			memcmp(heap_dst, chacha20poly1305_dec_vectors[i].output,
+			memcmp(computed_output, chacha20poly1305_dec_vectors[i].output,
 			       chacha20poly1305_dec_vectors[i].ilen -
 							POLY1305_MAC_SIZE))) {
 			pr_info("chacha20poly1305 sg decryption self-test %zu: FAIL\n",
@@ -8991,7 +8990,7 @@ static bool __init chacha20poly1305_selftest(void)
 	}
 	simd_put(&simd_context);
 	for (i = 0; i < ARRAY_SIZE(xchacha20poly1305_enc_vectors); ++i) {
-		memset(computed_output, 0, sizeof(computed_output));
+		memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
 		xchacha20poly1305_encrypt(computed_output,
 					xchacha20poly1305_enc_vectors[i].input,
 					xchacha20poly1305_enc_vectors[i].ilen,
@@ -9009,7 +9008,7 @@ static bool __init chacha20poly1305_selftest(void)
 		}
 	}
 	for (i = 0; i < ARRAY_SIZE(xchacha20poly1305_dec_vectors); ++i) {
-		memset(computed_output, 0, sizeof(computed_output));
+		memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
 		ret = xchacha20poly1305_decrypt(computed_output,
 					xchacha20poly1305_dec_vectors[i].input,
 					xchacha20poly1305_dec_vectors[i].ilen,
@@ -9030,8 +9029,10 @@ static bool __init chacha20poly1305_selftest(void)
 	}
 	if (success)
 		pr_info("chacha20poly1305 self-tests: pass\n");
+
+out:
 	kfree(heap_src);
-	kfree(heap_dst);
+	kfree(computed_output);
 	return success;
 }
 #endif
-- 
cgit v1.2.3-59-g8ed1b