All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] crypto: x86/poly1305 - Clear key material from stack in SSE2 variant
@ 2019-02-19 15:45 Tommi Hirvola
  2019-02-28  6:29 ` Herbert Xu
  0 siblings, 1 reply; 2+ messages in thread
From: Tommi Hirvola @ 2019-02-19 15:45 UTC (permalink / raw)
  To: Herbert Xu; +Cc: David S. Miller, linux-crypto

1-block SSE2 variant of poly1305 stores variables s1..s4 containing key
material on the stack. This commit adds missing zeroing of the stack
memory. Benchmarks show negligible performance hit (tested on i7-3770).

Signed-off-by: Tommi Hirvola <tommi@hirvola.fi>
---
Similarly, poly1305_blocks() in crypto/poly1305_generic.c stores s1..s4
as well as r0..r4 to local variables which may be stored in the stack by
the compiler. Fixing that is less trivial and left for another patch.

Tests were run with poly1305_simd_blocks() patched to call only 1-block
SSE2 poly1305 function.
---
 arch/x86/crypto/poly1305-sse2-x86_64.S | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/x86/crypto/poly1305-sse2-x86_64.S b/arch/x86/crypto/poly1305-sse2-x86_64.S
index c88c670cb5fc..e6add74d78a5 100644
--- a/arch/x86/crypto/poly1305-sse2-x86_64.S
+++ b/arch/x86/crypto/poly1305-sse2-x86_64.S
@@ -272,6 +272,10 @@ ENTRY(poly1305_block_sse2)
 	dec		%rcx
 	jnz		.Ldoblock
 
+	# Zeroing of key material
+	mov		%rcx,0x00(%rsp)
+	mov		%rcx,0x08(%rsp)
+
 	add		$0x10,%rsp
 	pop		%r12
 	pop		%rbx
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] crypto: x86/poly1305 - Clear key material from stack in SSE2 variant
  2019-02-19 15:45 [PATCH] crypto: x86/poly1305 - Clear key material from stack in SSE2 variant Tommi Hirvola
@ 2019-02-28  6:29 ` Herbert Xu
  0 siblings, 0 replies; 2+ messages in thread
From: Herbert Xu @ 2019-02-28  6:29 UTC (permalink / raw)
  To: Tommi Hirvola; +Cc: David S. Miller, linux-crypto

On Tue, Feb 19, 2019 at 05:45:54PM +0200, Tommi Hirvola wrote:
> 1-block SSE2 variant of poly1305 stores variables s1..s4 containing key
> material on the stack. This commit adds missing zeroing of the stack
> memory. Benchmarks show negligible performance hit (tested on i7-3770).
> 
> Signed-off-by: Tommi Hirvola <tommi@hirvola.fi>
> ---
> Similarly, poly1305_blocks() in crypto/poly1305_generic.c stores s1..s4
> as well as r0..r4 to local variables which may be stored in the stack by
> the compiler. Fixing that is less trivial and left for another patch.
> 
> Tests were run with poly1305_simd_blocks() patched to call only 1-block
> SSE2 poly1305 function.
> ---
>  arch/x86/crypto/poly1305-sse2-x86_64.S | 4 ++++
>  1 file changed, 4 insertions(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-02-28  6:30 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-19 15:45 [PATCH] crypto: x86/poly1305 - Clear key material from stack in SSE2 variant Tommi Hirvola
2019-02-28  6:29 ` Herbert Xu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.