On Tue, 27 Oct 2020 at 00:03, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> On Tue, Oct 27, 2020 at 12:00:27AM +0100, Ard Biesheuvel wrote:
> > PAC pointer authentication signs the return address against the value
> > of the stack pointer, to prevent stack overrun exploits from corrupting
> > the control flow. However, this requires that the AUTIASP is issued with
> > SP holding the same value as it held when the PAC value was generated.
> > The Poly1305 NEON code got this wrong, resulting in crashes on PAC
> > capable hardware.
> >
> > Fixes: f569ca164751 ("crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS ...")
> > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> > ---
> > arch/arm64/crypto/poly1305-armv8.pl | 2 +-
> > arch/arm64/crypto/poly1305-core.S_shipped | 2 +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
>
> This needs to be fixed at https://github.com/dot-asm/cryptogams too, I assume?
>
Yes, and in OpenSSL.
