!313 Fix SM4-XTS aarch64 assembly implementation bug

From: @xu-yi-zhou Reviewed-by: @HuaxinLuGitee, @zhujianwei001 Signed-off-by: @HuaxinLuGitee, @zhujianwei001
2024-03-01 02:13:40 +00:00 · 2024-03-01 02:13:40 +00:00 · c399ceeacd
commit c399ceeacd
parent 900d34179e cc8d51358f
2 changed files with 135 additions and 2 deletions
--- a/Backport-Fix-SM4-XTS-aarch64-assembly-implementation-bug.patch
+++ b/Backport-Fix-SM4-XTS-aarch64-assembly-implementation-bug.patch
@ -0,0 +1,129 @@
 From de6d5b002f8deffe39d3596e88e380eed1a3d6a4 Mon Sep 17 00:00:00 2001
 From: Xu Yizhou <xuyizhou1@huawei.com>
 Date: Thu, 18 Jan 2024 17:35:11 +0800
 Subject: [PATCH] Fix SM4-XTS aarch64 assembly implementation bug
 When macro VPSM4_CAPABLE or VPSM4_EX_CAPABLE is enabled,
 the GB variant of the SM4-XTS algorithm will encounter errors when
 encrypting or decrypting messages with a length greater than 16
 bytes but less than 32 bytes.
 The OpenSSL has similar issue,  the corresponding
 solutions can be found in this [PR]
 (https://github.com/openssl/openssl/pull/23317).
 Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
 ---
 crypto/sm4/asm/vpsm4-armv8.pl    | 12 ++++++------
 crypto/sm4/asm/vpsm4_ex-armv8.pl | 12 ++++++------
 2 files changed, 12 insertions(+), 12 deletions(-)
 diff --git a/crypto/sm4/asm/vpsm4-armv8.pl b/crypto/sm4/asm/vpsm4-armv8.pl
 index d30e78f..2bacf9c 100755
 --- a/crypto/sm4/asm/vpsm4-armv8.pl
 +++ b/crypto/sm4/asm/vpsm4-armv8.pl
@@ -1477,7 +1477,7 @@ $code.=<<___;
 	cmp $remain,0
 	b.eq .return${std}
 -// This brance calculates the last two tweaks, 
 +// This brance calculates the last two tweaks,
 // while the encryption/decryption length is larger than 32
 .last_2blks_tweak${std}:
 	ld1	{@tweak[0].4s},[$ivp]
@@ -1489,13 +1489,13 @@ $code.=<<___;
 	b .check_dec${std}
 -// This brance calculates the last two tweaks, 
 +// This brance calculates the last two tweaks,
 // while the encryption/decryption length is equal to 32, who only need two tweaks
 .only_2blks_tweak${std}:
 	mov @tweak[1].16b,@tweak[0].16b
 ___
 	&rev32_armeb(@tweak[1],@tweak[1]);
 -	&compute_tweak_vec(@tweak[1],@tweak[2]);
 +	&compute_tweak_vec(@tweak[1],@tweak[2],$std);
 $code.=<<___;
 	b .check_dec${std}
@@ -1505,12 +1505,12 @@ $code.=<<___;
 .check_dec${std}:
 	// encryption:1 decryption:0
 	cmp $enc,1
 -	b.eq .prcess_last_2blks${std}
 +	b.eq .process_last_2blks${std}
 	mov @vtmp[0].16B,@tweak[1].16b
 	mov @tweak[1].16B,@tweak[2].16b
 	mov @tweak[2].16B,@vtmp[0].16b
 -.prcess_last_2blks${std}:
 +.process_last_2blks${std}:
 ___
 	&rev32_armeb(@tweak[1],@tweak[1]);
 	&rev32_armeb(@tweak[2],@tweak[2]);
@@ -1532,7 +1532,7 @@ $code.=<<___;
 		strb	$wtmp1,[$lastBlk,$remain]
 		strb	$wtmp0,[$outp,$remain]
 	b.gt .loop${std}
 -	ld1		{@data[0].4s}, [$lastBlk]	
 +	ld1		{@data[0].4s}, [$lastBlk]
 	eor @data[0].16b, @data[0].16b, @tweak[2].16b
 ___
 	&rev32(@data[0],@data[0]);
 diff --git a/crypto/sm4/asm/vpsm4_ex-armv8.pl b/crypto/sm4/asm/vpsm4_ex-armv8.pl
 index f2d5b6d..727e0f2 100644
 --- a/crypto/sm4/asm/vpsm4_ex-armv8.pl
 +++ b/crypto/sm4/asm/vpsm4_ex-armv8.pl
@@ -1452,7 +1452,7 @@ $code.=<<___;
 	cmp $remain,0
 	b.eq .return${std}
 -// This brance calculates the last two tweaks, 
 +// This brance calculates the last two tweaks,
 // while the encryption/decryption length is larger than 32
 .last_2blks_tweak${std}:
 ___
@@ -1463,13 +1463,13 @@ $code.=<<___;
 	b .check_dec${std}
 -// This brance calculates the last two tweaks, 
 +// This brance calculates the last two tweaks,
 // while the encryption/decryption length is equal to 32, who only need two tweaks
 .only_2blks_tweak${std}:
 	mov @tweak[1].16b,@tweak[0].16b
 ___
 	&rev32_armeb(@tweak[1],@tweak[1]);
 -	&compute_tweak_vec(@tweak[1],@tweak[2]);
 +	&compute_tweak_vec(@tweak[1],@tweak[2],$std);
 $code.=<<___;
 	b .check_dec${std}
@@ -1479,12 +1479,12 @@ $code.=<<___;
 .check_dec${std}:
 	// encryption:1 decryption:0
 	cmp $enc,1
 -	b.eq .prcess_last_2blks${std}
 +	b.eq .process_last_2blks${std}
 	mov @vtmp[0].16B,@tweak[1].16b
 	mov @tweak[1].16B,@tweak[2].16b
 	mov @tweak[2].16B,@vtmp[0].16b
 -.prcess_last_2blks${std}:
 +.process_last_2blks${std}:
 ___
 	&rev32_armeb(@tweak[1],@tweak[1]);
 	&rev32_armeb(@tweak[2],@tweak[2]);
@@ -1506,7 +1506,7 @@ $code.=<<___;
 		strb	$wtmp1,[$lastBlk,$remain]
 		strb	$wtmp0,[$outp,$remain]
 	b.gt .loop${std}
 -	ld1		{@data[0].4s}, [$lastBlk]	
 +	ld1		{@data[0].4s}, [$lastBlk]
 	eor @data[0].16b, @data[0].16b, @tweak[2].16b
 ___
 	&rev32(@data[0],@data[0]);
 -- 
 2.27.0
--- a/openssl.spec
+++ b/openssl.spec
@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     3.0.12
-Release:     1
+Release:     2
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@ -30,6 +30,7 @@ Patch18:     Backport-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch
 Patch19:     Backport-poly1305-ppc.pl-Fix-vector-register-clobbering.patch
 Patch20:     Backport-Limit-the-execution-time-of-RSA-public-key-check.patch
 Patch21:     Backport-Add-NULL-checks-where-ContentInfo-data-can-be-NULL.patch
 Patch22:     Backport-Fix-SM4-XTS-aarch64-assembly-implementation-bug.patch
 BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
 Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -230,6 +231,9 @@ make test || :
 %ldconfig_scriptlets libs
 %changelog
 * Thu Jan 18 2024 Xu Yizhou <xuyizhou1@huawei.com> - 1:3.0.12-2
 - Fix SM4-XTS aarch64 assembly implementation bug
 * Thu Jan 04 2024 wangcheng <wangcheng156@huawei.com> - 1:3.0.12-1
 - Upgrade to 3.0.12
  Resolves: CVE-2023-0464
@ -268,7 +272,7 @@ make test || :
 - fix some CVEs
 * Mon Mar 27 2023 xuraoqing <xuraoqing@huawei.com> - 1:3.0.8-4
- fix CVE-2023-0464 and add test cases 
+- fix CVE-2023-0464 and add test cases
 * Fri Mar 17 2023 wangjunqiang <wangjunqiang@iscas.ac.cn> - 1:3.0.8-3
 - fix sslarch and libdir for riscv64