From 0abc1ce1eadb335304ca63f6460467eff129e7a1 Mon Sep 17 00:00:00 2001 From: Solar Designer Date: Sat, 30 Nov 2024 04:42:47 +0100 Subject: [PATCH 1/3] Specify register clobbers in mbedtls_aesni_crypt_ecb() Signed-off-by: Solar Designer --- tf-psa-crypto/drivers/builtin/src/aesni.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/drivers/builtin/src/aesni.c b/tf-psa-crypto/drivers/builtin/src/aesni.c index 8e5bd55ab9..69fe9e52b3 100644 --- a/tf-psa-crypto/drivers/builtin/src/aesni.c +++ b/tf-psa-crypto/drivers/builtin/src/aesni.c @@ -489,7 +489,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, "movdqu %%xmm0, (%4) \n\t" // export output : : "r" (ctx->nr), "r" (ctx->buf + ctx->rk_offset), "r" (mode), "r" (input), "r" (output) - : "memory", "cc", "xmm0", "xmm1"); + : "memory", "cc", "xmm0", "xmm1", "0", "1"); return 0; From 4393dff8ca0c42e89f92897e2a7333f9daaa82e3 Mon Sep 17 00:00:00 2001 From: Solar Designer Date: Sun, 8 Dec 2024 18:55:53 +0100 Subject: [PATCH 2/3] Specify previously missed XMM register clobbers in AES-NI asm blocks Noticed by Gilles Peskine Co-authored-by: Gilles Peskine Signed-off-by: Solar Designer --- tf-psa-crypto/drivers/builtin/src/aesni.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/src/aesni.c b/tf-psa-crypto/drivers/builtin/src/aesni.c index 69fe9e52b3..4fc1cb918b 100644 --- a/tf-psa-crypto/drivers/builtin/src/aesni.c +++ b/tf-psa-crypto/drivers/builtin/src/aesni.c @@ -679,7 +679,7 @@ static void aesni_setkey_enc_128(unsigned char *rk, AESKEYGENA(xmm0_xmm1, "0x36") "call 1b \n\t" : : "r" (rk), "r" (key) - : "memory", "cc", "0"); + : "memory", "cc", "xmm0", "xmm1", "0"); } /* @@ -737,7 +737,7 @@ static void aesni_setkey_enc_192(unsigned char *rk, : : "r" (rk), "r" (key) - : "memory", "cc", "0"); + : "memory", "cc", "xmm0", "xmm1", "xmm2", "0"); } #endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ @@ -805,7 +805,7 @@ static void aesni_setkey_enc_256(unsigned char *rk, AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t" : : "r" (rk), "r" (key) - : "memory", "cc", "0"); + : "memory", "cc", "xmm0", "xmm1", "xmm2", "0"); } #endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ From 6b2ca180a8e7b84eee5b92632ece855f43dd8fc1 Mon Sep 17 00:00:00 2001 From: Solar Designer Date: Wed, 11 Dec 2024 02:47:20 +0100 Subject: [PATCH 3/3] Add change log entry on AES-NI asm block fixes Co-authored-by: Gilles Peskine Signed-off-by: Solar Designer --- ChangeLog.d/fix-aesni-asm-clobbers.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/fix-aesni-asm-clobbers.txt diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/fix-aesni-asm-clobbers.txt new file mode 100644 index 0000000000..538f0c5115 --- /dev/null +++ b/ChangeLog.d/fix-aesni-asm-clobbers.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix missing constraints on the AES-NI inline assembly which is used on + GCC-like compilers when building AES for generic x86_64 targets. This + may have resulted in incorrect code with some compilers, depending on + optimizations. Fixes #9819.