| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXG8rEGH9suNf+s26174-SDrVWaV3RcuY53ysiBbrJtKUQ@mail.gmail.com> Date: Mon, 21 Jul 2025 13:31:47 +1000 From: Ard Biesheuvel <ardb@...nel.org> To: Eric Biggers <ebiggers@...nel.org> Cc: linux-crypto@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, "Jason A . Donenfeld" <Jason@...c4.com> Subject: Re: [PATCH] lib/crypto: arm64/sha512-ce: Drop compatibility macros for older binutils On Sat, 19 Jul 2025 at 08:07, Eric Biggers <ebiggers@...nel.org> wrote: > > Now that the oldest supported binutils version is 2.30, the macros that > emit the SHA-512 instructions as '.inst' words are no longer needed. So > drop them. No change in the generated machine code. > > Changed from the original patch by Ard Biesheuvel: > (https://lore.kernel.org/r/20250515142702.2592942-2-ardb+git@google.com): > - Reduced scope to just SHA-512 > - Added comment that explains why "sha3" is used instead of "sha2" > > Signed-off-by: Eric Biggers <ebiggers@...nel.org> Acked-by: Ard Biesheuvel <ardb@...nel.org> Nit below > --- > > This patch is targeting libcrypto-next > > lib/crypto/arm64/sha512-ce-core.S | 27 +++++++-------------------- > 1 file changed, 7 insertions(+), 20 deletions(-) > > diff --git a/lib/crypto/arm64/sha512-ce-core.S b/lib/crypto/arm64/sha512-ce-core.S > index 7d870a435ea38..eaa485244af52 100644 > --- a/lib/crypto/arm64/sha512-ce-core.S > +++ b/lib/crypto/arm64/sha512-ce-core.S > @@ -10,30 +10,17 @@ > */ > > #include <linux/linkage.h> > #include <asm/assembler.h> > > - .irp b,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 > - .set .Lq\b, \b > - .set .Lv\b\().2d, \b > - .endr > - > - .macro sha512h, rd, rn, rm > - .inst 0xce608000 | .L\rd | (.L\rn << 5) | (.L\rm << 16) > - .endm > - > - .macro sha512h2, rd, rn, rm > - .inst 0xce608400 | .L\rd | (.L\rn << 5) | (.L\rm << 16) > - .endm > - > - .macro sha512su0, rd, rn > - .inst 0xcec08000 | .L\rd | (.L\rn << 5) > - .endm > - > - .macro sha512su1, rd, rn, rm > - .inst 0xce608800 | .L\rd | (.L\rn << 5) | (.L\rm << 16) > - .endm > + /* > + * While SHA-512 is part of the SHA-2 family of algorithms, the > + * corresponding arm64 instructions are actually part of the "sha3" CPU > + * feature. (Except in binutils 2.30 through 2.42, which used "sha2". Nit: the ARM ARM describes these features as FEAT_SHA256, FEAT_SHA512 and FEAT_SHA3, and the latter two happen to have appeared in the same architecture revision. So this is likely just the GCC/binutils devs getting confused, and assuming a) that SHA-3 implies SHA-2 (which is silly if you know the difference) and b) SHA512 has anything to do with SHA-3. > + * But "sha3" implies "sha2", so "sha3" still works in those versions.) > + */ > + .arch armv8-a+sha3 > > /* > * The SHA-512 round constants > */ > .section ".rodata", "a" > > base-commit: 66be847cc4c2e82fb50190b52b05b3bb0ef57999 > -- > 2.50.1 >
Powered by blists - more mailing lists