Set vZZ.16b register to zero before use in armv8 gcm implementation

Authored by Marvin W <git@larma.de> on Jan 22 2020, 6:36 PM.

Description

Set vZZ.16b register to zero before use in armv8 gcm implementation

* cipher/cipher-gcm-armv8-aarch64-ce.S
(_gcry_ghash_setup_armv8_ce_pmull): Set vZZ to zero.

Reported by "Marvin W." at https://dev.gnupg.org/D497:

The register vZZ.16b is expected to be always 0 throughout the macros
in cipher/cipher-gcm-armv8-aarch64-ce.S. The PMUL_128x128 and REDUCTION
macros are used in gcry_ghash_setup_armv8_ce_pmull function, however that
function does not set vZZ.16b to zero. If previous use left `vZZ.16b
non-zero before gcry_ghash_setup_armv8_ce_pmull is called, this will cause
invalid GCM auth tag results.

The patch resets vZZ.16b to 0 at the beginning of
gcry_ghash_setup_armv8_ce_pmull.

[jk: from differential web-ui to commit]

  • Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>

Details

Committed
jukiviliJan 22 2020, 6:36 PM
Parents
rCaa9c78afa1d8: tests: Add basic test cases for sm2
Branches
Unknown
Tags
Unknown