(+ Andy)
On Tue, 27 Oct 2020 at 00:04, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
>
> On Tue, 27 Oct 2020 at 00:03, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> >
> > On Tue, Oct 27, 2020 at 12:00:27AM +0100, Ard Biesheuvel wrote:
> > > PAC pointer authentication signs the return address against the value
> > > of the stack pointer, to prevent stack overrun exploits from corrupting
> > > the control flow. However, this requires that the AUTIASP is issued with
> > > SP holding the same value as it held when the PAC value was generated.
> > > The Poly1305 NEON code got this wrong, resulting in crashes on PAC
> > > capable hardware.
> > >
> > > Fixes: f569ca164751 ("crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS ...")
> > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> > > ---
> > > arch/arm64/crypto/poly1305-armv8.pl | 2 +-
> > > arch/arm64/crypto/poly1305-core.S_shipped | 2 +-
> > > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > This needs to be fixed at https://github.com/dot-asm/cryptogams too, I assume?
> >
>
> Yes, and in OpenSSL.
