Page MenuHome GnuPG
Create Task
Maniphest T5195

Incorrect HWCAP2 check for AArch32
Closed, ResolvedPublic
Actions

Description

Hello.
Checking available extension to arm architecture in function detect_arm_at_hwcap in file src/hwf-arm.c is done by testing flags of HWCAP2 auxv value against predefined values.
Flags itself are defined like this:

#ifndef HWCAP2_AES
# define HWCAP2_AES    1
#endif
#ifndef HWCAP2_PMULL
# define HWCAP2_PMULL  2
#endif
#ifndef HWCAP2_SHA1
# define HWCAP2_SHA1   3
#endif
#ifndef HWCAP2_SHA2
# define HWCAP2_SHA2   4
#endif

static const struct feature_map_s arm_features[] =
  {
#ifdef ENABLE_NEON_SUPPORT
    { HWCAP_NEON, 0, " neon", HWF_ARM_NEON },
#endif
#ifdef ENABLE_ARM_CRYPTO_SUPPORT
    { 0, HWCAP2_AES, " aes", HWF_ARM_AES },
    { 0, HWCAP2_SHA1," sha1", HWF_ARM_SHA1 },
    { 0, HWCAP2_SHA2, " sha2", HWF_ARM_SHA2 },
    { 0, HWCAP2_PMULL, " pmull", HWF_ARM_PMULL },
#endif
  };

If you look at HWCAP2 flags you will see that they in fact not flags, but corresponding bit numbers.
On machines that not support SHA1/SHA2 crypto extensions, but support AES, PMULL or/and CRC32 extension this causes libgcrypt to incorrectly think that SHA1/SHA2 crypto extensions are present, which in the end causes SIGILL when SHA instructions are being executed.

Correctly there must be flags, not bits numbers:

#ifndef HWCAP2_SHA1
# define HWCAP2_SHA1   4
#endif
#ifndef HWCAP2_SHA2
# define HWCAP2_SHA2   8
#endif

Revisions and Commits

rC libgcrypt
rC3283a2958bbe hwf-arm: fix incorrect HWCAP2 for SHA1 and SHA2 on AArch32
rC6b6bfd57d0a6 hwf-arm: fix incorrect HWCAP2 for SHA1 and SHA2 on AArch32

Related Objects

Event Timeline

Nik_ created this task.Dec 22 2020, 12:40 AM
jukivili claimed this task.Dec 22 2020, 8:42 AM
jukivili added a subscriber: jukivili.

Thanks for reporting this. You are correct, those HWCAP2_SHA1 and HWCAP2_SHA2 defines are wrong.

Nik_ added a project: libgcrypt.Dec 22 2020, 1:03 PM
jukivili added a commit: rC6b6bfd57d0a6: hwf-arm: fix incorrect HWCAP2 for SHA1 and SHA2 on AArch32.Dec 28 2020, 5:49 PM
werner triaged this task as Normal priority.Jan 5 2021, 9:12 AM
werner added a subscriber: werner.Jan 7 2021, 11:42 AM

Do we need to backport to 1.8?

werner moved this task from Backlog to For 1.9 on the libgcrypt board.Jan 7 2021, 11:42 AM
jukivili added a comment.Jan 7 2021, 11:00 PM

Yes, bug is also in 1.8 branch.

werner added a project: backport.Jan 18 2021, 7:06 PM
werner removed a project: libgcrypt.
werner added a project: libgcrypt.
werner moved this task from For 1.9 to For 1.8 on the libgcrypt board.Jan 18 2021, 7:08 PM
werner closed this task as Resolved.Jun 2 2021, 12:56 PM

Fixed for 1.8.8

werner mentioned this in T5466: Release Libgcrypt 1.8.8.Jun 2 2021, 4:41 PM
werner added a commit: rC3283a2958bbe: hwf-arm: fix incorrect HWCAP2 for SHA1 and SHA2 on AArch32.Jun 3 2021, 7:08 PM