crypto: arm64/sha1-ce - get rid of literal pool

Load the four SHA-1 round constants using immediates rather than literal pool entries, to avoid having executable data that may be exploitable under speculation attacks. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Ard Biesheuvel <ard.biesheuvel@linaro.org> 2018-01-10 07:11:42 -0500
committer: Herbert Xu <herbert@gondor.apana.org.au> 2018-01-18 07:00:33 -0500
commit: 20b04c02bcb2d1e6a642bbe9e759157bb198499e (patch)
tree: 0898dcc1f5d75c217186c0abf7360d9ea570869e
parent: 17a0607019d56e136173600372a371c28a6c0076 (diff)
1 files changed, 9 insertions, 11 deletions
diff --git a/arch/arm64/crypto/sha1-ce-core.S b/arch/arm64/crypto/sha1-ce-core.S
index 8550408735a0..46049850727d 100644
--- a/arch/arm64/crypto/sha1-ce-core.S
+++ b/arch/arm64/crypto/sha1-ce-core.S
@@ -58,12 +58,11 @@
        sha1su1         v\s0\().4s, v\s3\().4s
        .endm
-        /*
+        .macro          loadrc, k, val, tmp
-         * The SHA1 round constants
+        movz            \tmp, :abs_g0_nc:\val
-         */
+        movk            \tmp, :abs_g1:\val
-        .align          4
+        dup             \k, \tmp
-.Lsha1_rcon:
+        .endm
-        .word           0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6
        /*
         * void sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src,
@@ -71,11 +70,10 @@
         */
 ENTRY(sha1_ce_transform)
        /* load round constants */
-        adr             x6, .Lsha1_rcon
+        loadrc          k0.4s, 0x5a827999, w6
-        ld1r            {k0.4s}, [x6], #4
+        loadrc          k1.4s, 0x6ed9eba1, w6
-        ld1r            {k1.4s}, [x6], #4
+        loadrc          k2.4s, 0x8f1bbcdc, w6
-        ld1r            {k2.4s}, [x6], #4
+        loadrc          k3.4s, 0xca62c1d6, w6
-        ld1r            {k3.4s}, [x6]
        /* load state */
        ld1             {dgav.4s}, [x0]
author	Ard Biesheuvel <ard.biesheuvel@linaro.org>	2018-01-10 07:11:42 -0500
committer	Herbert Xu <herbert@gondor.apana.org.au>	2018-01-18 07:00:33 -0500
commit	20b04c02bcb2d1e6a642bbe9e759157bb198499e (patch)
tree	0898dcc1f5d75c217186c0abf7360d9ea570869e
parent	17a0607019d56e136173600372a371c28a6c0076 (diff)

diff --git a/arch/arm64/crypto/sha1-ce-core.S b/arch/arm64/crypto/sha1-ce-core.S index 8550408735a0..46049850727d 100644 --- a/arch/arm64/crypto/sha1-ce-core.S +++ b/arch/arm64/crypto/sha1-ce-core.S
@@ -58,12 +58,11 @@
58	sha1su1 v\s0\().4s, v\s3\().4s	58	sha1su1 v\s0\().4s, v\s3\().4s
59	.endm	59	.endm
60		60
61	/*	61	.macro loadrc, k, val, tmp
62	* The SHA1 round constants	62	movz \tmp, :abs_g0_nc:\val
63	*/	63	movk \tmp, :abs_g1:\val
64	.align 4	64	dup \k, \tmp
65	.Lsha1_rcon:	65	.endm
66	.word 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6
67		66
68	/*	67	/*
69	* void sha1_ce_transform(struct sha1_ce_state sst, u8 const src,	68	* void sha1_ce_transform(struct sha1_ce_state sst, u8 const src,
@@ -71,11 +70,10 @@
71	*/	70	*/
72	ENTRY(sha1_ce_transform)	71	ENTRY(sha1_ce_transform)
73	/* load round constants */	72	/* load round constants */
74	adr x6, .Lsha1_rcon	73	loadrc k0.4s, 0x5a827999, w6
75	ld1r {k0.4s}, [x6], #4	74	loadrc k1.4s, 0x6ed9eba1, w6
76	ld1r {k1.4s}, [x6], #4	75	loadrc k2.4s, 0x8f1bbcdc, w6
77	ld1r {k2.4s}, [x6], #4	76	loadrc k3.4s, 0xca62c1d6, w6
78	ld1r {k3.4s}, [x6]
79		77
80	/* load state */	78	/* load state */
81	ld1 {dgav.4s}, [x0]	79	ld1 {dgav.4s}, [x0]