Re: [PATCH] crypto: arm64/poly1305-neon - reorder PAC authentication with SP update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 27 Oct 2020 at 00:03, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> On Tue, Oct 27, 2020 at 12:00:27AM +0100, Ard Biesheuvel wrote:
> > PAC pointer authentication signs the return address against the value
> > of the stack pointer, to prevent stack overrun exploits from corrupting
> > the control flow. However, this requires that the AUTIASP is issued with
> > SP holding the same value as it held when the PAC value was generated.
> > The Poly1305 NEON code got this wrong, resulting in crashes on PAC
> > capable hardware.
> >
> > Fixes: f569ca164751 ("crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS ...")
> > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> > ---
> >  arch/arm64/crypto/poly1305-armv8.pl       | 2 +-
> >  arch/arm64/crypto/poly1305-core.S_shipped | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
>
> This needs to be fixed at https://github.com/dot-asm/cryptogams too, I assume?
>

Yes, and in OpenSSL.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux