leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

crypto: arm64/sha1-ce - get rid of literal pool

Browse Source 
Load the four SHA-1 round constants using immediates rather than literal
pool entries, to avoid having executable data that may be exploitable
under speculation attacks.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Ard Biesheuvel 2018-01-10 12:11:42 +00:00 committed by Herbert Xu
parent 17a0607019
commit 20b04c02bc
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
arch/arm64/crypto/sha1-ce-core.S
View File

@ -58,12 +58,11 @@
sha1su1 v\s0\().4s, v\s3\().4s sha1su1 v\s0\().4s, v\s3\().4s
.endm .endm
/* .macro loadrc, k, val, tmp
* The SHA1 round constants movz \tmp, :abs_g0_nc:\val
*/ movk \tmp, :abs_g1:\val
.align 4 dup \k, \tmp
.Lsha1_rcon: .endm
.word 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6
/* /*
* void sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src, * void sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src,
@ -71,11 +70,10 @@
*/ */
ENTRY(sha1_ce_transform) ENTRY(sha1_ce_transform)
/* load round constants */ /* load round constants */
adr x6, .Lsha1_rcon loadrc k0.4s, 0x5a827999, w6
ld1r {k0.4s}, [x6], #4 loadrc k1.4s, 0x6ed9eba1, w6
ld1r {k1.4s}, [x6], #4 loadrc k2.4s, 0x8f1bbcdc, w6
ld1r {k2.4s}, [x6], #4 loadrc k3.4s, 0xca62c1d6, w6
ld1r {k3.4s}, [x6]
/* load state */ /* load state */
ld1 {dgav.4s}, [x0] ld1 {dgav.4s}, [x0]