tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

lib/crypto: blake2s: Adjust parameter order of blake2s()

Reorder the parameters of blake2s() from (out, in, key, outlen, inlen,
keylen) to (key, keylen, in, inlen, out, outlen).

This aligns BLAKE2s with the common conventions of pairing buffers and
their lengths, and having outputs follow inputs. This is widely used
elsewhere in lib/crypto/ and crypto/, and even elsewhere in the BLAKE2s
code itself such as blake2s_init_key() and blake2s_final(). So
blake2s() was a bit of an exception.

Notably, this results in the same order as hmac_*_usingrawkey().

Note that since the type signature changed, it's not possible for a
blake2s() call site to be silently missed.

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20251018043106.375964-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Eric Biggers 50b8e369 04cadb4f

+17 -17
+2 -2
drivers/char/random.c
··· 701 701 702 702 /* next_key = HASHPRF(seed, RDSEED || 0) */ 703 703 block.counter = 0; 704 - blake2s(next_key, (u8 *)&block, seed, sizeof(next_key), sizeof(block), sizeof(seed)); 704 + blake2s(seed, sizeof(seed), (const u8 *)&block, sizeof(block), next_key, sizeof(next_key)); 705 705 blake2s_init_key(&input_pool.hash, BLAKE2S_HASH_SIZE, next_key, sizeof(next_key)); 706 706 707 707 spin_unlock_irqrestore(&input_pool.lock, flags); ··· 711 711 i = min_t(size_t, len, BLAKE2S_HASH_SIZE); 712 712 /* output = HASHPRF(seed, RDSEED || ++counter) */ 713 713 ++block.counter; 714 - blake2s(buf, (u8 *)&block, seed, i, sizeof(block), sizeof(seed)); 714 + blake2s(seed, sizeof(seed), (const u8 *)&block, sizeof(block), buf, i); 715 715 len -= i; 716 716 buf += i; 717 717 }
+2 -2
drivers/net/wireguard/cookie.c
··· 77 77 { 78 78 len = len - sizeof(struct message_macs) + 79 79 offsetof(struct message_macs, mac1); 80 - blake2s(mac1, message, key, COOKIE_LEN, len, NOISE_SYMMETRIC_KEY_LEN); 80 + blake2s(key, NOISE_SYMMETRIC_KEY_LEN, message, len, mac1, COOKIE_LEN); 81 81 } 82 82 83 83 static void compute_mac2(u8 mac2[COOKIE_LEN], const void *message, size_t len, ··· 85 85 { 86 86 len = len - sizeof(struct message_macs) + 87 87 offsetof(struct message_macs, mac2); 88 - blake2s(mac2, message, cookie, COOKIE_LEN, len, COOKIE_LEN); 88 + blake2s(cookie, COOKIE_LEN, message, len, mac2, COOKIE_LEN); 89 89 } 90 90 91 91 static void make_cookie(u8 cookie[COOKIE_LEN], struct sk_buff *skb,
+2 -2
drivers/net/wireguard/noise.c
··· 35 35 { 36 36 struct blake2s_state blake; 37 37 38 - blake2s(handshake_init_chaining_key, handshake_name, NULL, 39 - NOISE_HASH_LEN, sizeof(handshake_name), 0); 38 + blake2s(NULL, 0, handshake_name, sizeof(handshake_name), 39 + handshake_init_chaining_key, NOISE_HASH_LEN); 40 40 blake2s_init(&blake, NOISE_HASH_LEN); 41 41 blake2s_update(&blake, handshake_init_chaining_key, NOISE_HASH_LEN); 42 42 blake2s_update(&blake, identifier_name, sizeof(identifier_name));
+3 -3
include/crypto/blake2s.h
··· 86 86 void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen); 87 87 void blake2s_final(struct blake2s_state *state, u8 *out); 88 88 89 - static inline void blake2s(u8 *out, const u8 *in, const u8 *key, 90 - const size_t outlen, const size_t inlen, 91 - const size_t keylen) 89 + static inline void blake2s(const u8 *key, const size_t keylen, 90 + const u8 *in, const size_t inlen, 91 + u8 *out, const size_t outlen) 92 92 { 93 93 struct blake2s_state state; 94 94
+8 -8
lib/crypto/tests/blake2s_kunit.c
··· 14 14 static void blake2s_default(const u8 *data, size_t len, 15 15 u8 out[BLAKE2S_HASH_SIZE]) 16 16 { 17 - blake2s(out, data, NULL, BLAKE2S_HASH_SIZE, len, 0); 17 + blake2s(NULL, 0, data, len, out, BLAKE2S_HASH_SIZE); 18 18 } 19 19 20 20 static void blake2s_init_default(struct blake2s_state *state) ··· 52 52 for (int key_len = 0; key_len <= BLAKE2S_KEY_SIZE; key_len++) { 53 53 rand_bytes_seeded_from_len(key, key_len); 54 54 for (int out_len = 1; out_len <= BLAKE2S_HASH_SIZE; out_len++) { 55 - blake2s(hash, data, key, out_len, data_len, key_len); 55 + blake2s(key, key_len, data, data_len, hash, out_len); 56 56 blake2s_update(&main_state, hash, out_len); 57 57 } 58 58 } ··· 80 80 rand_bytes(key, key_len); 81 81 memcpy(guarded_key, key, key_len); 82 82 83 - blake2s(hash1, test_buf, key, 84 - BLAKE2S_HASH_SIZE, data_len, key_len); 85 - blake2s(hash2, test_buf, guarded_key, 86 - BLAKE2S_HASH_SIZE, data_len, key_len); 83 + blake2s(key, key_len, test_buf, data_len, 84 + hash1, BLAKE2S_HASH_SIZE); 85 + blake2s(guarded_key, key_len, test_buf, data_len, 86 + hash2, BLAKE2S_HASH_SIZE); 87 87 KUNIT_ASSERT_MEMEQ(test, hash1, hash2, BLAKE2S_HASH_SIZE); 88 88 89 89 blake2s_init_key(&state, BLAKE2S_HASH_SIZE, ··· 107 107 u8 hash[BLAKE2S_HASH_SIZE]; 108 108 u8 *guarded_hash = &test_buf[TEST_BUF_LEN - out_len]; 109 109 110 - blake2s(hash, test_buf, NULL, out_len, data_len, 0); 111 - blake2s(guarded_hash, test_buf, NULL, out_len, data_len, 0); 110 + blake2s(NULL, 0, test_buf, data_len, hash, out_len); 111 + blake2s(NULL, 0, test_buf, data_len, guarded_hash, out_len); 112 112 KUNIT_ASSERT_MEMEQ(test, hash, guarded_hash, out_len); 113 113 } 114 114 }