openssl/Backport-Fix-SM4-CBC-regression-on-Armv8.patch

From d7d5490d7201dcfb1f3811ad1bfc57ed9b2c0b77 Mon Sep 17 00:00:00 2001
From: "fangming.fang" <fangming.fang@arm.com>
Date: Thu, 8 Dec 2022 10:46:27 +0000
Subject: [PATCH 09/13] Fix SM4-CBC regression on Armv8

Fixes #19858

During decryption, the last ciphertext is not fed to next block
correctly when the number of input blocks is exactly 4. Fix this
and add the corresponding test cases.

Thanks xu-yi-zhou for reporting this issue and proposing the fix.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19872)
---
 crypto/sm4/asm/vpsm4-armv8.pl                 |  2 +-
 test/recipes/30-test_evp_data/evpciph_sm4.txt | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/crypto/sm4/asm/vpsm4-armv8.pl b/crypto/sm4/asm/vpsm4-armv8.pl
index 095d9dae64..c842ef61d5 100755
--- a/crypto/sm4/asm/vpsm4-armv8.pl
+++ b/crypto/sm4/asm/vpsm4-armv8.pl
@@ -880,7 +880,7 @@ $code.=<<___;
 	subs	$blocks,$blocks,#4
 	b.gt	.Lcbc_4_blocks_dec
 	// save back IV
-	st1	{@vtmp[3].16b}, [$ivp]
+	st1	{@data[3].16b}, [$ivp]
 	b	100f
 1:	// last block
 	subs	$blocks,$blocks,#1
diff --git a/test/recipes/30-test_evp_data/evpciph_sm4.txt b/test/recipes/30-test_evp_data/evpciph_sm4.txt
index 9fb16ca15c..e9a98c9898 100644
--- a/test/recipes/30-test_evp_data/evpciph_sm4.txt
+++ b/test/recipes/30-test_evp_data/evpciph_sm4.txt
@@ -19,6 +19,18 @@ IV  = 0123456789ABCDEFFEDCBA9876543210
 Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
 Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B
 
+Cipher = SM4-CBC
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV  = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3BFFF5A4F208092C0901BA02D5772977369915E3FA2356C9F4EB6460ECC457E7f8E3CFA3DEEBFE9883E3A48BCF7C4A11AA3EC9E0D317C5D319BE72A5CDDDEC640C
+
+Cipher = SM4-CBC
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV  = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 2677f46b09c122cc975533105bd4a22af6125f7275ce552c3a2bbcf533de8a3bfff5a4f208092c0901ba02d5772977369915e3fa2356c9f4eb6460ecc457e7f8e3cfa3deebfe9883e3a48bcf7c4a11aa3ec9e0d317c5d319be72a5cdddec640c6fc70bfa3ddaafffdd7c09b2774dcb2cec29f0c6f0b6773e985b3e395e924238505a8f120d9ca84de5c3cf7e45f097b14b3a46c5b1068669982a5c1f5f61be291b984f331d44ffb2758f771672448fc957fa1416c446427a41e25d5524a2418b9d96b2f17582f0f1aa9c204c6807f54f7b6833c5f00856659ddabc245936868c
+
 Cipher = SM4-OFB
 Key = 0123456789ABCDEFFEDCBA9876543210
 IV  = 0123456789ABCDEFFEDCBA9876543210
-- 
2.37.3.windows.1
backport SM3/SM4 optimization 2023-03-16 09:45:55 +08:00			`From d7d5490d7201dcfb1f3811ad1bfc57ed9b2c0b77 Mon Sep 17 00:00:00 2001`
			`From: "fangming.fang" <fangming.fang@arm.com>`
			`Date: Thu, 8 Dec 2022 10:46:27 +0000`
			`Subject: [PATCH 09/13] Fix SM4-CBC regression on Armv8`

			`Fixes #19858`

			`During decryption, the last ciphertext is not fed to next block`
			`correctly when the number of input blocks is exactly 4. Fix this`
			`and add the corresponding test cases.`

			`Thanks xu-yi-zhou for reporting this issue and proposing the fix.`

			`Reviewed-by: Tomas Mraz <tomas@openssl.org>`
			`Reviewed-by: Paul Dale <pauli@openssl.org>`
			`(Merged from https://github.com/openssl/openssl/pull/19872)`
			`---`
			`crypto/sm4/asm/vpsm4-armv8.pl \| 2 +-`
			`test/recipes/30-test_evp_data/evpciph_sm4.txt \| 12 ++++++++++++`
			`2 files changed, 13 insertions(+), 1 deletion(-)`

			`diff --git a/crypto/sm4/asm/vpsm4-armv8.pl b/crypto/sm4/asm/vpsm4-armv8.pl`
			`index 095d9dae64..c842ef61d5 100755`
			`--- a/crypto/sm4/asm/vpsm4-armv8.pl`
			`+++ b/crypto/sm4/asm/vpsm4-armv8.pl`
			`@@ -880,7 +880,7 @@ $code.=<<___;`
			`subs $blocks,$blocks,#4`
			`b.gt .Lcbc_4_blocks_dec`
			`// save back IV`
			`- st1 {@vtmp[3].16b}, [$ivp]`
			`+ st1 {@data[3].16b}, [$ivp]`
			`b 100f`
			`1: // last block`
			`subs $blocks,$blocks,#1`
			`diff --git a/test/recipes/30-test_evp_data/evpciph_sm4.txt b/test/recipes/30-test_evp_data/evpciph_sm4.txt`
			`index 9fb16ca15c..e9a98c9898 100644`
			`--- a/test/recipes/30-test_evp_data/evpciph_sm4.txt`
			`+++ b/test/recipes/30-test_evp_data/evpciph_sm4.txt`
			`@@ -19,6 +19,18 @@ IV = 0123456789ABCDEFFEDCBA9876543210`
			`Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210`
			`Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B`

			`+Cipher = SM4-CBC`
			`+Key = 0123456789ABCDEFFEDCBA9876543210`
			`+IV = 0123456789ABCDEFFEDCBA9876543210`
			`+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210`
			`+Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3BFFF5A4F208092C0901BA02D5772977369915E3FA2356C9F4EB6460ECC457E7f8E3CFA3DEEBFE9883E3A48BCF7C4A11AA3EC9E0D317C5D319BE72A5CDDDEC640C`
			`+`
			`+Cipher = SM4-CBC`
			`+Key = 0123456789ABCDEFFEDCBA9876543210`
			`+IV = 0123456789ABCDEFFEDCBA9876543210`
			`+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210`
			`+Ciphertext = 2677f46b09c122cc975533105bd4a22af6125f7275ce552c3a2bbcf533de8a3bfff5a4f208092c0901ba02d5772977369915e3fa2356c9f4eb6460ecc457e7f8e3cfa3deebfe9883e3a48bcf7c4a11aa3ec9e0d317c5d319be72a5cdddec640c6fc70bfa3ddaafffdd7c09b2774dcb2cec29f0c6f0b6773e985b3e395e924238505a8f120d9ca84de5c3cf7e45f097b14b3a46c5b1068669982a5c1f5f61be291b984f331d44ffb2758f771672448fc957fa1416c446427a41e25d5524a2418b9d96b2f17582f0f1aa9c204c6807f54f7b6833c5f00856659ddabc245936868c`
			`+`
			`Cipher = SM4-OFB`
			`Key = 0123456789ABCDEFFEDCBA9876543210`
			`IV = 0123456789ABCDEFFEDCBA9876543210`
			`--`
			`2.37.3.windows.1`