Set vZZ.16b register to zero before use in armv8 gcm implementation

* cipher/cipher-gcm-armv8-aarch64-ce.S (_gcry_ghash_setup_armv8_ce_pmull): Set vZZ to zero. -- Reported by "Marvin W." at https://dev.gnupg.org/D497: > > The register vZZ.16b is expected to be always 0 throughout the macros > in cipher/cipher-gcm-armv8-aarch64-ce.S. The PMUL_128x128 and REDUCTION > macros are used in gcry_ghash_setup_armv8_ce_pmull function, however that > function does not set vZZ.16b to zero. If previous use left `vZZ.16b > non-zero before gcry_ghash_setup_armv8_ce_pmull is called, this will cause > invalid GCM auth tag results. > > The patch resets vZZ.16b to 0 at the beginning of > gcry_ghash_setup_armv8_ce_pmull. > [jk: from differential web-ui to commit] Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
author: Marvin W <git@larma.de> 2020-01-22 19:36:13 +0200
committer: Jussi Kivilinna <jussi.kivilinna@iki.fi> 2020-01-22 19:36:13 +0200
commit: 79ed620ec46adbb08f5cea6a4865a95a436e4109 (patch)
tree: cbca007c4a2688debdffd495fa84dd33f8ca2b1e
parent: aa9c78afa1d867bb7b9b3c695cf31a832c9419e5 (diff)
download: libgcrypt-79ed620ec46adbb08f5cea6a4865a95a436e4109.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/cipher/cipher-gcm-armv8-aarch64-ce.S b/cipher/cipher-gcm-armv8-aarch64-ce.S
index b0c2cccc..877207d3 100644
--- a/cipher/cipher-gcm-armv8-aarch64-ce.S
+++ b/cipher/cipher-gcm-armv8-aarch64-ce.S
@@ -385,6 +385,8 @@ _gcry_ghash_setup_armv8_ce_pmull:
 
   GET_DATA_POINTER(x2, .Lrconst)
 
+  eor vZZ.16b, vZZ.16b, vZZ.16b
+
   /* H¹ */
   ld1 {rh1.16b}, [x0]
   rbit rh1.16b, rh1.16b
author	Marvin W <git@larma.de>	2020-01-22 19:36:13 +0200
committer	Jussi Kivilinna <jussi.kivilinna@iki.fi>	2020-01-22 19:36:13 +0200
commit	79ed620ec46adbb08f5cea6a4865a95a436e4109 (patch)
tree	cbca007c4a2688debdffd495fa84dd33f8ca2b1e
parent	aa9c78afa1d867bb7b9b3c695cf31a832c9419e5 (diff)
download	libgcrypt-79ed620ec46adbb08f5cea6a4865a95a436e4109.tar.gz