[openssl-dev] [openssl.org #4323] chacha-armv4.pl bugs

Andy Polyakov via RT rt at openssl.org
Sun Feb 21 20:27:50 UTC 2016


Hi,

> The partial-block tail code in chacha-armv4.pl also seems to have problems.
> My colleague Steven and I made an attempt to debug it, but we're not
> familiar enough with ARM to fix it.
> 
> From playing with it in a debugger, it doesn't look like @t[3] contains the
> length. We suspect something is going wrong with the condition flags on
> loading or updating length.
> https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/chacha/asm/chacha-armv4.pl;h=55ebc9e586475a35e313b74483eb4b8d5b6f2b03;hb=HEAD#l585

Attached is patch for chacha-armv4.pl (please verify) and a test snippet
I've put together.

> It may be worth going back and testing these cases on all of the
> implementations as well.

Besides armv4 only s390x module was failing.



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4323
Please log in as guest with password guest if prompted

-------------- next part --------------
diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl
index 55ebc9e..6c20755 100755
--- a/crypto/chacha/asm/chacha-armv4.pl
+++ b/crypto/chacha/asm/chacha-armv4.pl
@@ -440,9 +440,9 @@ $code.=<<___;
 	eorhs	@x[4], at x[4], at t[0]
 	eorhs	@x[5], at x[5], at t[1]
 # ifdef	__thumb2__
-	it	hi
+	 it	ne
 # endif
-	 ldrhi	@t[0],[sp,#4*(32+2)]	@ re-load len
+	 ldrne	@t[0],[sp,#4*(32+2)]	@ re-load len
 # ifdef	__thumb2__
 	itt	hs
 # endif
@@ -584,9 +584,9 @@ ___
 }
 $code.=<<___;
 # ifdef	__thumb2__
-	it	hi
+	it	ne
 # endif
-	ldrhi	@t[0],[sp,#4*(32+2)]		@ re-load len
+	ldrne	@t[0],[sp,#4*(32+2)]		@ re-load len
 # ifdef	__thumb2__
 	it	hs
 # endif
@@ -598,15 +598,15 @@ $code.=<<___;
 
 .Ltail:
 	ldr	r12,[sp,#4*(32+1)]	@ load inp
-	add	@t[2],sp,#4*(0)
+	add	@t[1],sp,#4*(0)
 	ldr	r14,[sp,#4*(32+0)]	@ load out
 
 .Loop_tail:
-	ldrb	@t[0],[@t[2]],#1	@ read buffer on stack
-	ldrb	@t[1],[r12],#1		@ read input
-	subs	@t[3], at t[3],#1
-	eor	@t[0], at t[0], at t[1]
-	strb	@t[0],[r14],#1		@ store output
+	ldrb	@t[2],[@t[1]],#1	@ read buffer on stack
+	ldrb	@t[3],[r12],#1		@ read input
+	subs	@t[0], at t[0],#1
+	eor	@t[3], at t[3], at t[2]
+	strb	@t[3],[r14],#1		@ store output
 	bne	.Loop_tail
 
 .Ldone:
@@ -1120,7 +1120,7 @@ $code.=<<___;
 # endif
 	stmia		@t[0],{@x[0]- at x[7]}
 	 add		@t[2],sp,#4*(0)
-	 sub		@t[3], at t[0],#64*3	@ len-=64*3
+	 sub		@t[3], at t[3],#64*3	@ len-=64*3
 
 .Loop_tail_neon:
 	ldrb		@t[0],[@t[2]],#1	@ read buffer on stack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chacha_test.c
Type: text/x-csrc
Size: 4835 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160221/6de01714/attachment-0001.c>


More information about the openssl-dev mailing list