crypto: arm64/sha1-ce - get rid of literal pool

Load the four SHA-1 round constants using immediates rather than literal pool entries, to avoid having executable data that may be exploitable under speculation attacks. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: arm64/sha1-ce - get rid of literal pool
Load the four SHA-1 round constants using immediates rather than literal pool entries, to avoid having executable data that may be exploitable under speculation attacks. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
20b04c02 · Ard Biesheuvel · Herbert Xu · 17a06070 · 20b04c02
Commit 20b04c02 authored Jan 10, 2018 by Ard Biesheuvel Committed by Herbert Xu Jan 18, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 11 deletions

arch/arm64/crypto/sha1-ce-core.S arch/arm64/crypto/sha1-ce-core.S +9 -11

No files found.
--- a/arch/arm64/crypto/sha1-ce-core.S
+++ b/arch/arm64/crypto/sha1-ce-core.S
@@ -58,12 +58,11 @@
 	sha1su1		v\s0\().4s, v\s3\().4s
 	.endm
-	/*
+	.macro		loadrc, k, val, tmp
-	 * The SHA1 round constants
+	movz		\tmp, :abs_g0_nc:\val
-	 */
+	movk		\tmp, :abs_g1:\val
-	.align		4
+	dup		\k, \tmp
-.Lsha1_rcon:
+	.endm
-	.word		0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6
 	/*
 	 * void sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src,
@@ -71,11 +70,10 @@
 	 */
 ENTRY(sha1_ce_transform)
 	/* load round constants */
-	adr		x6, .Lsha1_rcon
+	loadrc		k0.4s, 0x5a827999, w6
-	ld1r		{k0.4s}, [x6], #4
+	loadrc		k1.4s, 0x6ed9eba1, w6
-	ld1r		{k1.4s}, [x6], #4
+	loadrc		k2.4s, 0x8f1bbcdc, w6
-	ld1r		{k2.4s}, [x6], #4
+	loadrc		k3.4s, 0xca62c1d6, w6
-	ld1r		{k3.4s}, [x6]
 	/* load state */
 	ld1		{dgav.4s}, [x0]