On Wed, Oct 02, 2019 at 04:16:58PM +0200, Ard Biesheuvel wrote: > This integrates the accelerated MIPS 32r2 implementation of ChaCha > into both the API and library interfaces of the kernel crypto stack. > > The significance of this is that, in addition to becoming available > as an accelerated library implementation, it can also be used by > existing crypto API code such as Adiantum (for block encryption on > ultra low performance cores) or IPsec using chacha20poly1305. These > are use cases that have already opted into using the abstract crypto > API. In order to support Adiantum, the core assembler routine has > been adapted to take the round count as a function argument rather > than hardcoding it to 20. Could you resubmit this with first my original commit and then with your changes on top? I'd like to see and be able to review exactly what's changed. If I recall correctly, René and I were really starved for registers and tried pretty hard to avoid spilling to the stack, so I'm interested to learn how you crammed a bit more sauce in there. I also wonder if maybe it'd be better to just leave this as is with 20 rounds, which it was previously optimized for, and just not do accelerated Adiantum for MIPS. Android has long since given up on the ISA entirely.