summaryrefslogtreecommitdiff
path: root/lib/accelerated
diff options
context:
space:
mode:
authorDaiki Ueno <ueno@gnu.org>2020-08-30 14:35:47 +0200
committerDaiki Ueno <ueno@gnu.org>2020-08-30 14:35:47 +0200
commit7e6ab83de79ef36481daa5f85918efaab5d1082d (patch)
tree31e19a01de9c93bd53fb5f74a0cc2d9dc4cd814b /lib/accelerated
parent423a1565d280107edd92684714ee22356200b038 (diff)
downloadgnutls-7e6ab83de79ef36481daa5f85918efaab5d1082d.tar.gz
padlock: fix partial PHE detection
The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead of arbitrary length data when EAX is set to -1. Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'lib/accelerated')
-rw-r--r--lib/accelerated/x86/x86-common.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
index 3845c6b4c9..29410e51fd 100644
--- a/lib/accelerated/x86/x86-common.c
+++ b/lib/accelerated/x86/x86-common.c
@@ -306,17 +306,21 @@ static int check_phe_sha512(unsigned edx)
static int check_phe_partial(void)
{
- const char *text = "test and test";
+ const char text[64] =
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
uint32_t iv[5] = { 0x67452301UL, 0xEFCDAB89UL,
0x98BADCFEUL, 0x10325476UL, 0xC3D2E1F0UL
};
- padlock_sha1_blocks(iv, text, sizeof(text) - 1);
- padlock_sha1_blocks(iv, text, sizeof(text) - 1);
+ /* If EAX is set to -1 (this is the case with padlock_sha1_blocks), the
+ * xsha1 instruction takes a complete SHA-1 block (64 bytes), while it
+ * takes arbitrary length data otherwise. */
+ padlock_sha1_blocks(iv, text, 1);
- if (iv[0] == 0x9096E2D8UL && iv[1] == 0xA33074EEUL &&
- iv[2] == 0xCDBEE447UL && iv[3] == 0xEC7979D2UL &&
- iv[4] == 0x9D3FF5CFUL)
+ if (iv[0] == 0xDA4968EBUL && iv[1] == 0x2E377C1FUL &&
+ iv[2] == 0x884E8F52UL && iv[3] == 0x83524BEBUL &&
+ iv[4] == 0xE74EBDBDUL)
return 1;
else
return 0;