[PATCH 3.16 004/370] crypto: arm64/sha2-ce - fix for big endian

From: Ben Hutchings
Date: Fri Mar 10 2017 - 06:51:04 EST


3.16.42-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>

commit 174122c39c369ed924d2608fc0be0171997ce800 upstream.

The SHA256 digest is an array of 8 32-bit quantities, so we should refer
to them as such in order for this code to work correctly when built for
big endian. So replace 16 byte scalar loads and stores with 4x32 vector
ones where appropriate.

Fixes: 6ba6c74dfc6b ("arm64/crypto: SHA-224/SHA-256 using ARMv8 Crypto Extensions")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
[bwh: Backported to 3.16: use x2 instead of x0]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
arch/arm64/crypto/sha2-ce-core.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/arm64/crypto/sha2-ce-core.S
+++ b/arch/arm64/crypto/sha2-ce-core.S
@@ -85,7 +85,7 @@ ENTRY(sha2_ce_transform)
ld1 {v12.4s-v15.4s}, [x8]

/* load state */
- ldp dga, dgb, [x2]
+ ld1 {dgav.4s, dgbv.4s}, [x2]

/* load partial input (if supplied) */
cbz x3, 0f
@@ -151,6 +151,6 @@ CPU_LE( rev32 v19.16b, v19.16b )
b 2b

/* store new state */
-3: stp dga, dgb, [x2]
+3: st1 {dgav.4s, dgbv.4s}, [x2]
ret
ENDPROC(sha2_ce_transform)