poly1305-ppc.pl: Fix vector register clobbering
authorRohan McLure <rmclure@linux.ibm.com>
Thu, 4 Jan 2024 09:25:50 +0000 (10:25 +0100)
committerTomas Mraz <tomas@openssl.org>
Tue, 9 Jan 2024 14:48:56 +0000 (15:48 +0100)
commit050d26383d4e264966fb83428e72d5d48f402d35
tree9a0c00532c1597ad2bb1880ca0f3b3ce07701da8
parent1c75ba909967adeac960eddae32297acc463c8d6
poly1305-ppc.pl: Fix vector register clobbering

Fixes CVE-2023-6129

The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs saves the the contents of vector registers in different order
than they are restored. Thus the contents of some of these vector registers
is corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)

(cherry picked from commit 8d847a3ffd4f0b17ee33962cf69c36224925b34f)
crypto/poly1305/asm/poly1305-ppc.pl