lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 13 Oct 2021 17:22:37 +0200
From:   Ard Biesheuvel <ardb@...nel.org>
To:     linux-arm-kernel@...ts.infradead.org
Cc:     linux-hardening@...r.kernel.org, mark.rutland@....com,
        catalin.marinas@....com, will@...nel.org,
        Ard Biesheuvel <ardb@...nel.org>
Subject: [RFC PATCH 3/9] arm64: crypto: avoid overlapping linkage definitions for AES-CBC

The aes_essiv_cbc_[en|de]crypt routines perform a single AES block
encryption of the IV before tail calling into the ordinary AES-CBC
routines to perform the actual data en/decryption. In the asm code, the
symbol definitions currently overlap, which is unnecessary, and becomes
problematic once we enable generation of CFI unwind metadata. So
instead, move the end marker of the ESSIV versions right after the
respective tail calls.

Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
---
 arch/arm64/crypto/aes-modes.S | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/crypto/aes-modes.S b/arch/arm64/crypto/aes-modes.S
index b495de22bb38..50427301b4d8 100644
--- a/arch/arm64/crypto/aes-modes.S
+++ b/arch/arm64/crypto/aes-modes.S
@@ -134,6 +134,7 @@ AES_FUNC_START(aes_essiv_cbc_encrypt)
 	encrypt_block	v4, w8, x6, x7, w9
 	enc_switch_key	w3, x2, x6
 	b		.Lcbcencloop4x
+AES_FUNC_END(aes_essiv_cbc_encrypt)
 
 AES_FUNC_START(aes_cbc_encrypt)
 	ld1		{v4.16b}, [x5]			/* get iv */
@@ -168,7 +169,6 @@ AES_FUNC_START(aes_cbc_encrypt)
 	st1		{v4.16b}, [x5]			/* return iv */
 	ret
 AES_FUNC_END(aes_cbc_encrypt)
-AES_FUNC_END(aes_essiv_cbc_encrypt)
 
 AES_FUNC_START(aes_essiv_cbc_decrypt)
 	stp		x29, x30, [sp, #-16]!
@@ -180,6 +180,7 @@ AES_FUNC_START(aes_essiv_cbc_decrypt)
 	enc_prepare	w8, x6, x7
 	encrypt_block	cbciv, w8, x6, x7, w9
 	b		.Lessivcbcdecstart
+AES_FUNC_END(aes_essiv_cbc_decrypt)
 
 AES_FUNC_START(aes_cbc_decrypt)
 	stp		x29, x30, [sp, #-16]!
@@ -239,7 +240,6 @@ ST5(	st1		{v4.16b}, [x0], #16		)
 	ldp		x29, x30, [sp], #16
 	ret
 AES_FUNC_END(aes_cbc_decrypt)
-AES_FUNC_END(aes_essiv_cbc_decrypt)
 
 
 	/*
-- 
2.30.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ