tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: x86/aegis128 - access 32-bit arguments as 32-bit

Fix the AEGIS assembly code to access 'unsigned int' arguments as 32-bit
values instead of 64-bit, since the upper bits of the corresponding
64-bit registers are not guaranteed to be zero.

Note: there haven't been any reports of this bug actually causing
incorrect behavior. Neither gcc nor clang guarantee zero-extension to
64 bits, but zero-extension is likely to happen in practice because most
instructions that operate on 32-bit registers zero-extend to 64 bits.

Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations")
Cc: stable@vger.kernel.org
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Eric Biggers and committed by
Herbert Xu 3b2f2d22 16739efa

+15 -14
+15 -14
arch/x86/crypto/aegis128-aesni-asm.S
··· 21 21 #define T1 %xmm7 22 22 23 23 #define STATEP %rdi 24 - #define LEN %rsi 24 + #define LEN %esi 25 25 #define SRC %rdx 26 26 #define DST %rcx 27 27 ··· 76 76 xor %r9d, %r9d 77 77 pxor MSG, MSG 78 78 79 - mov LEN, %r8 79 + mov LEN, %r8d 80 80 and $0x1, %r8 81 81 jz .Lld_partial_1 82 82 83 - mov LEN, %r8 83 + mov LEN, %r8d 84 84 and $0x1E, %r8 85 85 add SRC, %r8 86 86 mov (%r8), %r9b 87 87 88 88 .Lld_partial_1: 89 - mov LEN, %r8 89 + mov LEN, %r8d 90 90 and $0x2, %r8 91 91 jz .Lld_partial_2 92 92 93 - mov LEN, %r8 93 + mov LEN, %r8d 94 94 and $0x1C, %r8 95 95 add SRC, %r8 96 96 shl $0x10, %r9 97 97 mov (%r8), %r9w 98 98 99 99 .Lld_partial_2: 100 - mov LEN, %r8 100 + mov LEN, %r8d 101 101 and $0x4, %r8 102 102 jz .Lld_partial_4 103 103 104 - mov LEN, %r8 104 + mov LEN, %r8d 105 105 and $0x18, %r8 106 106 add SRC, %r8 107 107 shl $32, %r9 ··· 111 111 .Lld_partial_4: 112 112 movq %r9, MSG 113 113 114 - mov LEN, %r8 114 + mov LEN, %r8d 115 115 and $0x8, %r8 116 116 jz .Lld_partial_8 117 117 118 - mov LEN, %r8 118 + mov LEN, %r8d 119 119 and $0x10, %r8 120 120 add SRC, %r8 121 121 pslldq $8, MSG ··· 139 139 * %r10 140 140 */ 141 141 SYM_FUNC_START_LOCAL(__store_partial) 142 - mov LEN, %r8 142 + mov LEN, %r8d 143 143 mov DST, %r9 144 144 145 145 movq T0, %r10 ··· 677 677 call __store_partial 678 678 679 679 /* mask with byte count: */ 680 - movq LEN, T0 680 + movd LEN, T0 681 681 punpcklbw T0, T0 682 682 punpcklbw T0, T0 683 683 punpcklbw T0, T0 ··· 702 702 703 703 /* 704 704 * void crypto_aegis128_aesni_final(void *state, void *tag_xor, 705 - * u64 assoclen, u64 cryptlen); 705 + * unsigned int assoclen, 706 + * unsigned int cryptlen); 706 707 */ 707 708 SYM_FUNC_START(crypto_aegis128_aesni_final) 708 709 FRAME_BEGIN ··· 716 715 movdqu 0x40(STATEP), STATE4 717 716 718 717 /* prepare length block: */ 719 - movq %rdx, MSG 720 - movq %rcx, T0 718 + movd %edx, MSG 719 + movd %ecx, T0 721 720 pslldq $8, T0 722 721 pxor T0, MSG 723 722 psllq $3, MSG /* multiply by 8 (to get bit count) */