diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-08-30 14:35:47 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-08-30 14:35:47 +0200 |
commit | 7e6ab83de79ef36481daa5f85918efaab5d1082d (patch) | |
tree | 31e19a01de9c93bd53fb5f74a0cc2d9dc4cd814b /lib/accelerated | |
parent | 423a1565d280107edd92684714ee22356200b038 (diff) | |
download | gnutls-7e6ab83de79ef36481daa5f85918efaab5d1082d.tar.gz |
padlock: fix partial PHE detection
The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead
of arbitrary length data when EAX is set to -1.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'lib/accelerated')
-rw-r--r-- | lib/accelerated/x86/x86-common.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c index 3845c6b4c9..29410e51fd 100644 --- a/lib/accelerated/x86/x86-common.c +++ b/lib/accelerated/x86/x86-common.c @@ -306,17 +306,21 @@ static int check_phe_sha512(unsigned edx) static int check_phe_partial(void) { - const char *text = "test and test"; + const char text[64] = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; uint32_t iv[5] = { 0x67452301UL, 0xEFCDAB89UL, 0x98BADCFEUL, 0x10325476UL, 0xC3D2E1F0UL }; - padlock_sha1_blocks(iv, text, sizeof(text) - 1); - padlock_sha1_blocks(iv, text, sizeof(text) - 1); + /* If EAX is set to -1 (this is the case with padlock_sha1_blocks), the + * xsha1 instruction takes a complete SHA-1 block (64 bytes), while it + * takes arbitrary length data otherwise. */ + padlock_sha1_blocks(iv, text, 1); - if (iv[0] == 0x9096E2D8UL && iv[1] == 0xA33074EEUL && - iv[2] == 0xCDBEE447UL && iv[3] == 0xEC7979D2UL && - iv[4] == 0x9D3FF5CFUL) + if (iv[0] == 0xDA4968EBUL && iv[1] == 0x2E377C1FUL && + iv[2] == 0x884E8F52UL && iv[3] == 0x83524BEBUL && + iv[4] == 0xE74EBDBDUL) return 1; else return 0; |