From 66bbb385ec3c7c1dfc121be4dc7be97d590145b6 Mon Sep 17 00:00:00 2001 From: Xu Yizhou Date: Wed, 31 Jan 2024 15:35:50 +0800 Subject: [PATCH] Fix SM4-XTS aarch64 assembly implementation bug --- ...-aarch64-assembly-implementation-bug.patch | 129 ++++++++++++++++++ openssl.spec | 8 +- 2 files changed, 135 insertions(+), 2 deletions(-) create mode 100644 Backport-Fix-SM4-XTS-aarch64-assembly-implementation-bug.patch diff --git a/Backport-Fix-SM4-XTS-aarch64-assembly-implementation-bug.patch b/Backport-Fix-SM4-XTS-aarch64-assembly-implementation-bug.patch new file mode 100644 index 0000000..e0ecafd --- /dev/null +++ b/Backport-Fix-SM4-XTS-aarch64-assembly-implementation-bug.patch @@ -0,0 +1,129 @@ +From de6d5b002f8deffe39d3596e88e380eed1a3d6a4 Mon Sep 17 00:00:00 2001 +From: Xu Yizhou +Date: Thu, 18 Jan 2024 17:35:11 +0800 +Subject: [PATCH] Fix SM4-XTS aarch64 assembly implementation bug + +When macro VPSM4_CAPABLE or VPSM4_EX_CAPABLE is enabled, +the GB variant of the SM4-XTS algorithm will encounter errors when +encrypting or decrypting messages with a length greater than 16 +bytes but less than 32 bytes. + +The OpenSSL has similar issue, the corresponding +solutions can be found in this [PR] +(https://github.com/openssl/openssl/pull/23317). + +Signed-off-by: Xu Yizhou +--- + crypto/sm4/asm/vpsm4-armv8.pl | 12 ++++++------ + crypto/sm4/asm/vpsm4_ex-armv8.pl | 12 ++++++------ + 2 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/crypto/sm4/asm/vpsm4-armv8.pl b/crypto/sm4/asm/vpsm4-armv8.pl +index d30e78f..2bacf9c 100755 +--- a/crypto/sm4/asm/vpsm4-armv8.pl ++++ b/crypto/sm4/asm/vpsm4-armv8.pl +@@ -1477,7 +1477,7 @@ $code.=<<___; + cmp $remain,0 + b.eq .return${std} + +-// This brance calculates the last two tweaks, ++// This brance calculates the last two tweaks, + // while the encryption/decryption length is larger than 32 + .last_2blks_tweak${std}: + ld1 {@tweak[0].4s},[$ivp] +@@ -1489,13 +1489,13 @@ $code.=<<___; + b .check_dec${std} + + +-// This brance calculates the last two tweaks, ++// This brance calculates the last two tweaks, + // while the encryption/decryption length is equal to 32, who only need two tweaks + .only_2blks_tweak${std}: + mov @tweak[1].16b,@tweak[0].16b + ___ + &rev32_armeb(@tweak[1],@tweak[1]); +- &compute_tweak_vec(@tweak[1],@tweak[2]); ++ &compute_tweak_vec(@tweak[1],@tweak[2],$std); + $code.=<<___; + b .check_dec${std} + +@@ -1505,12 +1505,12 @@ $code.=<<___; + .check_dec${std}: + // encryption:1 decryption:0 + cmp $enc,1 +- b.eq .prcess_last_2blks${std} ++ b.eq .process_last_2blks${std} + mov @vtmp[0].16B,@tweak[1].16b + mov @tweak[1].16B,@tweak[2].16b + mov @tweak[2].16B,@vtmp[0].16b + +-.prcess_last_2blks${std}: ++.process_last_2blks${std}: + ___ + &rev32_armeb(@tweak[1],@tweak[1]); + &rev32_armeb(@tweak[2],@tweak[2]); +@@ -1532,7 +1532,7 @@ $code.=<<___; + strb $wtmp1,[$lastBlk,$remain] + strb $wtmp0,[$outp,$remain] + b.gt .loop${std} +- ld1 {@data[0].4s}, [$lastBlk] ++ ld1 {@data[0].4s}, [$lastBlk] + eor @data[0].16b, @data[0].16b, @tweak[2].16b + ___ + &rev32(@data[0],@data[0]); +diff --git a/crypto/sm4/asm/vpsm4_ex-armv8.pl b/crypto/sm4/asm/vpsm4_ex-armv8.pl +index f2d5b6d..727e0f2 100644 +--- a/crypto/sm4/asm/vpsm4_ex-armv8.pl ++++ b/crypto/sm4/asm/vpsm4_ex-armv8.pl +@@ -1452,7 +1452,7 @@ $code.=<<___; + cmp $remain,0 + b.eq .return${std} + +-// This brance calculates the last two tweaks, ++// This brance calculates the last two tweaks, + // while the encryption/decryption length is larger than 32 + .last_2blks_tweak${std}: + ___ +@@ -1463,13 +1463,13 @@ $code.=<<___; + b .check_dec${std} + + +-// This brance calculates the last two tweaks, ++// This brance calculates the last two tweaks, + // while the encryption/decryption length is equal to 32, who only need two tweaks + .only_2blks_tweak${std}: + mov @tweak[1].16b,@tweak[0].16b + ___ + &rev32_armeb(@tweak[1],@tweak[1]); +- &compute_tweak_vec(@tweak[1],@tweak[2]); ++ &compute_tweak_vec(@tweak[1],@tweak[2],$std); + $code.=<<___; + b .check_dec${std} + +@@ -1479,12 +1479,12 @@ $code.=<<___; + .check_dec${std}: + // encryption:1 decryption:0 + cmp $enc,1 +- b.eq .prcess_last_2blks${std} ++ b.eq .process_last_2blks${std} + mov @vtmp[0].16B,@tweak[1].16b + mov @tweak[1].16B,@tweak[2].16b + mov @tweak[2].16B,@vtmp[0].16b + +-.prcess_last_2blks${std}: ++.process_last_2blks${std}: + ___ + &rev32_armeb(@tweak[1],@tweak[1]); + &rev32_armeb(@tweak[2],@tweak[2]); +@@ -1506,7 +1506,7 @@ $code.=<<___; + strb $wtmp1,[$lastBlk,$remain] + strb $wtmp0,[$outp,$remain] + b.gt .loop${std} +- ld1 {@data[0].4s}, [$lastBlk] ++ ld1 {@data[0].4s}, [$lastBlk] + eor @data[0].16b, @data[0].16b, @tweak[2].16b + ___ + &rev32(@data[0],@data[0]); +-- +2.27.0 + diff --git a/openssl.spec b/openssl.spec index fe4084f..1fa076b 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 3.0.9 -Release: 5 +Release: 6 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -34,6 +34,7 @@ Patch22: Backport-support-decode-SM2-parameters.patch Patch23: Feature-support-SM2-CMS-signature.patch Patch24: Feature-use-default-id-if-SM2-id-is-not-set.patch Patch25: backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch +Patch26: Backport-Fix-SM4-XTS-aarch64-assembly-implementation-bug.patch BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -234,6 +235,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Thu Jan 18 2024 Xu Yizhou - 1:3.0.9-6 +- Fix SM4-XTS aarch64 assembly implementation bug + * Fri Sep 22 2023 dongyuzhen - 1:3.0.9-5 - Backport some upstream patches @@ -259,7 +263,7 @@ make test || : - fix some CVEs * Mon Mar 27 2023 xuraoqing - 1:3.0.8-4 -- fix CVE-2023-0464 and add test cases +- fix CVE-2023-0464 and add test cases * Fri Mar 17 2023 wangjunqiang - 1:3.0.8-3 - fix sslarch and libdir for riscv64 -- Gitee