39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 5795acffd8706e1cb584284ee5bb3a30986d0e75 Mon Sep 17 00:00:00 2001
|
|
From: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
|
Date: Tue, 27 Oct 2020 18:02:40 +0100
|
|
Subject: [PATCH 091/147] crypto/poly1305/asm: fix armv8 pointer authentication
|
|
|
|
PAC pointer authentication signs the return address against the value
|
|
of the stack pointer, to prevent stack overrun exploits from corrupting
|
|
the control flow. However, this requires that the AUTIASP is issued with
|
|
SP holding the same value as it held when the PAC value was generated.
|
|
The Poly1305 armv8 code got this wrong, resulting in crashes on PAC
|
|
capable hardware.
|
|
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
|
|
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/13256)
|
|
|
|
(cherry picked from commit fcf6e9d056162d5af64c6f7209388a5c3be2ce57)
|
|
---
|
|
crypto/poly1305/asm/poly1305-armv8.pl | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl
|
|
index d07494b..2a42b64 100755
|
|
--- a/crypto/poly1305/asm/poly1305-armv8.pl
|
|
+++ b/crypto/poly1305/asm/poly1305-armv8.pl
|
|
@@ -864,8 +864,8 @@ poly1305_blocks_neon:
|
|
st1 {$ACC4}[0],[$ctx]
|
|
|
|
.Lno_data_neon:
|
|
- .inst 0xd50323bf // autiasp
|
|
ldr x29,[sp],#80
|
|
+ .inst 0xd50323bf // autiasp
|
|
ret
|
|
.size poly1305_blocks_neon,.-poly1305_blocks_neon
|
|
|
|
--
|
|
1.8.3.1
|
|
|