On Tue, Oct 27, 2020 at 12:00:27AM +0100, Ard Biesheuvel wrote:
> PAC pointer authentication signs the return address against the value
> of the stack pointer, to prevent stack overrun exploits from corrupting
> the control flow. However, this requires that the AUTIASP is issued with
> SP holding the same value as it held when the PAC value was generated.
> The Poly1305 NEON code got this wrong, resulting in crashes on PAC
> capable hardware.
>
> Fixes: f569ca164751 ("crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS ...")
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> ---
> arch/arm64/crypto/poly1305-armv8.pl | 2 +-
> arch/arm64/crypto/poly1305-core.S_shipped | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
This needs to be fixed at https://github.com/dot-asm/cryptogams too, I assume?
- Eric
