FROMLIST: crypto: arm64/poly1305-neon - reorder PAC authentication with SP update
PAC pointer authentication signs the return address against the value of the stack pointer, to prevent stack overrun exploits from corrupting the control flow. However, this requires that the AUTIASP is issued with SP holding the same value as it held when the PAC value was generated. The Poly1305 NEON code got this wrong, resulting in crashes on PAC capable hardware. Fixes: f569ca164751 ("crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS ...") Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Bug: 152722841 Link: https://lore.kernel.org/linux-crypto/20201026230027.25813-1-ardb@kernel.org/ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Change-Id: Ib5282ac56ba5158c7d97195c2460701006bf82f6
This commit is contained in:
parent
2c4c3ab8ca
commit
6dfab366a9
@ -840,7 +840,6 @@ poly1305_blocks_neon:
|
||||
ldp d14,d15,[sp,#64]
|
||||
addp $ACC2,$ACC2,$ACC2
|
||||
ldr x30,[sp,#8]
|
||||
.inst 0xd50323bf // autiasp
|
||||
|
||||
////////////////////////////////////////////////////////////////
|
||||
// lazy reduction, but without narrowing
|
||||
@ -882,6 +881,7 @@ poly1305_blocks_neon:
|
||||
str x4,[$ctx,#8] // set is_base2_26
|
||||
|
||||
ldr x29,[sp],#80
|
||||
.inst 0xd50323bf // autiasp
|
||||
ret
|
||||
.size poly1305_blocks_neon,.-poly1305_blocks_neon
|
||||
|
||||
|
@ -779,7 +779,6 @@ poly1305_blocks_neon:
|
||||
ldp d14,d15,[sp,#64]
|
||||
addp v21.2d,v21.2d,v21.2d
|
||||
ldr x30,[sp,#8]
|
||||
.inst 0xd50323bf // autiasp
|
||||
|
||||
////////////////////////////////////////////////////////////////
|
||||
// lazy reduction, but without narrowing
|
||||
@ -821,6 +820,7 @@ poly1305_blocks_neon:
|
||||
str x4,[x0,#8] // set is_base2_26
|
||||
|
||||
ldr x29,[sp],#80
|
||||
.inst 0xd50323bf // autiasp
|
||||
ret
|
||||
.size poly1305_blocks_neon,.-poly1305_blocks_neon
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user