| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| 2 | From: Herbert Xu <herbert@gondor.apana.org.au> |
| 3 | Date: Wed, 8 Jan 2020 12:37:35 +0800 |
| 4 | Subject: [PATCH] crypto: curve25519 - Fix selftest build error |
| 5 | |
| 6 | commit a8bdf2c42ee4d1ee42af1f3601f85de94e70a421 upstream. |
| 7 | |
| 8 | If CRYPTO_CURVE25519 is y, CRYPTO_LIB_CURVE25519_GENERIC will be |
| 9 | y, but CRYPTO_LIB_CURVE25519 may be set to m, this causes build |
| 10 | errors: |
| 11 | |
| 12 | lib/crypto/curve25519-selftest.o: In function `curve25519': |
| 13 | curve25519-selftest.c:(.text.unlikely+0xc): undefined reference to `curve25519_arch' |
| 14 | lib/crypto/curve25519-selftest.o: In function `curve25519_selftest': |
| 15 | curve25519-selftest.c:(.init.text+0x17e): undefined reference to `curve25519_base_arch' |
| 16 | |
| 17 | This is because the curve25519 self-test code is being controlled |
| 18 | by the GENERIC option rather than the overall CURVE25519 option, |
| 19 | as is the case with blake2s. To recap, the GENERIC and ARCH options |
| 20 | for CURVE25519 are internal only and selected by users such as |
| 21 | the Crypto API, or the externally visible CURVE25519 option which |
| 22 | in turn is selected by wireguard. The self-test is specific to the |
| 23 | the external CURVE25519 option and should not be enabled by the |
| 24 | Crypto API. |
| 25 | |
| 26 | This patch fixes this by splitting the GENERIC module from the |
| 27 | CURVE25519 module with the latter now containing just the self-test. |
| 28 | |
| 29 | Reported-by: Hulk Robot <hulkci@huawei.com> |
| 30 | Fixes: aa127963f1ca ("crypto: lib/curve25519 - re-add selftests") |
| 31 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| 32 | Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com> |
| 33 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| 34 | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> |
| 35 | --- |
| 36 | lib/crypto/Makefile | 9 ++++++--- |
| 37 | lib/crypto/curve25519-generic.c | 24 ++++++++++++++++++++++++ |
| 38 | lib/crypto/curve25519.c | 7 ------- |
| 39 | 3 files changed, 30 insertions(+), 10 deletions(-) |
| 40 | create mode 100644 lib/crypto/curve25519-generic.c |
| 41 | |
| 42 | --- a/lib/crypto/Makefile |
| 43 | +++ b/lib/crypto/Makefile |
| 44 | @@ -13,9 +13,12 @@ libarc4-y := arc4.o |
| 45 | obj-$(CONFIG_CRYPTO_LIB_CHACHA20POLY1305) += libchacha20poly1305.o |
| 46 | libchacha20poly1305-y += chacha20poly1305.o |
| 47 | |
| 48 | -obj-$(CONFIG_CRYPTO_LIB_CURVE25519_GENERIC) += libcurve25519.o |
| 49 | -libcurve25519-y := curve25519-fiat32.o |
| 50 | -libcurve25519-$(CONFIG_ARCH_SUPPORTS_INT128) := curve25519-hacl64.o |
| 51 | +obj-$(CONFIG_CRYPTO_LIB_CURVE25519_GENERIC) += libcurve25519-generic.o |
| 52 | +libcurve25519-generic-y := curve25519-fiat32.o |
| 53 | +libcurve25519-generic-$(CONFIG_ARCH_SUPPORTS_INT128) := curve25519-hacl64.o |
| 54 | +libcurve25519-generic-y += curve25519-generic.o |
| 55 | + |
| 56 | +obj-$(CONFIG_CRYPTO_LIB_CURVE25519) += libcurve25519.o |
| 57 | libcurve25519-y += curve25519.o |
| 58 | |
| 59 | obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o |
| 60 | --- /dev/null |
| 61 | +++ b/lib/crypto/curve25519-generic.c |
| 62 | @@ -0,0 +1,24 @@ |
| 63 | +// SPDX-License-Identifier: GPL-2.0 OR MIT |
| 64 | +/* |
| 65 | + * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. |
| 66 | + * |
| 67 | + * This is an implementation of the Curve25519 ECDH algorithm, using either |
| 68 | + * a 32-bit implementation or a 64-bit implementation with 128-bit integers, |
| 69 | + * depending on what is supported by the target compiler. |
| 70 | + * |
| 71 | + * Information: https://cr.yp.to/ecdh.html |
| 72 | + */ |
| 73 | + |
| 74 | +#include <crypto/curve25519.h> |
| 75 | +#include <linux/module.h> |
| 76 | + |
| 77 | +const u8 curve25519_null_point[CURVE25519_KEY_SIZE] __aligned(32) = { 0 }; |
| 78 | +const u8 curve25519_base_point[CURVE25519_KEY_SIZE] __aligned(32) = { 9 }; |
| 79 | + |
| 80 | +EXPORT_SYMBOL(curve25519_null_point); |
| 81 | +EXPORT_SYMBOL(curve25519_base_point); |
| 82 | +EXPORT_SYMBOL(curve25519_generic); |
| 83 | + |
| 84 | +MODULE_LICENSE("GPL v2"); |
| 85 | +MODULE_DESCRIPTION("Curve25519 scalar multiplication"); |
| 86 | +MODULE_AUTHOR("Jason A. Donenfeld <Jason@zx2c4.com>"); |
| 87 | --- a/lib/crypto/curve25519.c |
| 88 | +++ b/lib/crypto/curve25519.c |
| 89 | @@ -15,13 +15,6 @@ |
| 90 | |
| 91 | bool curve25519_selftest(void); |
| 92 | |
| 93 | -const u8 curve25519_null_point[CURVE25519_KEY_SIZE] __aligned(32) = { 0 }; |
| 94 | -const u8 curve25519_base_point[CURVE25519_KEY_SIZE] __aligned(32) = { 9 }; |
| 95 | - |
| 96 | -EXPORT_SYMBOL(curve25519_null_point); |
| 97 | -EXPORT_SYMBOL(curve25519_base_point); |
| 98 | -EXPORT_SYMBOL(curve25519_generic); |
| 99 | - |
| 100 | static int __init mod_init(void) |
| 101 | { |
| 102 | if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && |