diff --git a/avx/sha1_one_block_avx.asm b/avx/sha1_one_block_avx.asm index 281200f7..090285e5 100644 --- a/avx/sha1_one_block_avx.asm +++ b/avx/sha1_one_block_avx.asm @@ -477,9 +477,17 @@ loop3_5: vmovdqa xmm7, [rsp + 1 * 16] vmovdqa xmm6, [rsp + 0 * 16] - mov rsp,[_RSP] +%ifdef SAFE_DATA + ;; Clear potential sensitive data stored in stack + vpxor xmm0, xmm0 + vmovdqa [rsp + 0 * 16], xmm0 + vmovdqa [rsp + 1 * 16], xmm0 + vmovdqa [rsp + 2 * 16], xmm0 %endif + mov rsp,[_RSP] +%endif ;; LINUX + pop r13 pop r12 pop rdi diff --git a/avx/sha256_one_block_avx.asm b/avx/sha256_one_block_avx.asm index f9953c06..9c96f036 100644 --- a/avx/sha256_one_block_avx.asm +++ b/avx/sha256_one_block_avx.asm @@ -519,7 +519,19 @@ done_hash: vmovdqa xmm11,[rsp + _XMM_SAVE + 5*16] vmovdqa xmm12,[rsp + _XMM_SAVE + 6*16] vmovdqa xmm13,[rsp + _XMM_SAVE + 7*16] +%ifdef SAFE_DATA + ;; Clear potential sensitive data stored in stack + vpxor xmm0, xmm0 + vmovdqa [rsp + _XMM_SAVE + 0 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 1 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 2 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 3 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 4 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 5 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 6 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 7 * 16], xmm0 %endif +%endif ;; LINUX add rsp, STACK_size diff --git a/avx/sha512_one_block_avx.asm b/avx/sha512_one_block_avx.asm index 29cbadea..040518e7 100644 --- a/avx/sha512_one_block_avx.asm +++ b/avx/sha512_one_block_avx.asm @@ -439,7 +439,19 @@ done_hash: vmovdqa xmm11,[rsp + _XMM_SAVE + 5*16] vmovdqa xmm12,[rsp + _XMM_SAVE + 6*16] vmovdqa xmm13,[rsp + _XMM_SAVE + 7*16] +%ifdef SAFE_DATA + ;; Clear potential sensitive data stored in stack + vpxor xmm0, xmm0 + vmovdqa [rsp + _XMM_SAVE + 0 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 1 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 2 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 3 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 4 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 5 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 6 * 16], xmm0 + vmovdqa [rsp + _XMM_SAVE + 7 * 16], xmm0 %endif +%endif ;; LINUX add rsp, STACK_size diff --git a/include/save_xmms.asm b/include/save_xmms.asm index d82ced8e..c9fd67eb 100644 --- a/include/save_xmms.asm +++ b/include/save_xmms.asm @@ -63,6 +63,21 @@ restore_xmms: movdqa xmm13, [ARG1 + 7*16] movdqa xmm14, [ARG1 + 8*16] movdqa xmm15, [ARG1 + 9*16] +%ifdef SAFE_DATA + ;; Clear potential sensitive data stored in stack + pxor xmm0, xmm0 + movdqa [ARG1 + 0 * 16], xmm0 + movdqa [ARG1 + 1 * 16], xmm0 + movdqa [ARG1 + 2 * 16], xmm0 + movdqa [ARG1 + 3 * 16], xmm0 + movdqa [ARG1 + 4 * 16], xmm0 + movdqa [ARG1 + 5 * 16], xmm0 + movdqa [ARG1 + 6 * 16], xmm0 + movdqa [ARG1 + 7 * 16], xmm0 + movdqa [ARG1 + 8 * 16], xmm0 + movdqa [ARG1 + 9 * 16], xmm0 +%endif + ret @@ -95,6 +110,21 @@ restore_xmms_avx: vmovdqa xmm13, [ARG1 + 7*16] vmovdqa xmm14, [ARG1 + 8*16] vmovdqa xmm15, [ARG1 + 9*16] + +%ifdef SAFE_DATA + ;; Clear potential sensitive data stored in stack + vpxor xmm0, xmm0 + vmovdqa [ARG1 + 0 * 16], xmm0 + vmovdqa [ARG1 + 1 * 16], xmm0 + vmovdqa [ARG1 + 2 * 16], xmm0 + vmovdqa [ARG1 + 3 * 16], xmm0 + vmovdqa [ARG1 + 4 * 16], xmm0 + vmovdqa [ARG1 + 5 * 16], xmm0 + vmovdqa [ARG1 + 6 * 16], xmm0 + vmovdqa [ARG1 + 7 * 16], xmm0 + vmovdqa [ARG1 + 8 * 16], xmm0 + vmovdqa [ARG1 + 9 * 16], xmm0 +%endif ret %ifdef LINUX diff --git a/sse/sha1_one_block_sse.asm b/sse/sha1_one_block_sse.asm index 7d70d976..9039660c 100644 --- a/sse/sha1_one_block_sse.asm +++ b/sse/sha1_one_block_sse.asm @@ -488,9 +488,17 @@ loop3_5: movdqa xmm7, [rsp + 1 * 16] movdqa xmm6, [rsp + 0 * 16] - mov rsp, [_RSP] +%ifdef SAFE_DATA + ;; Clear potential sensitive data stored in stack + pxor xmm0, xmm0 + movdqa [rsp + 0 * 16], xmm0 + movdqa [rsp + 1 * 16], xmm0 + movdqa [rsp + 2 * 16], xmm0 %endif + mov rsp, [_RSP] +%endif ;; LINUX + pop r13 pop r12 pop rdi diff --git a/sse/sha256_one_block_sse.asm b/sse/sha256_one_block_sse.asm index 3b939157..8869c14e 100644 --- a/sse/sha256_one_block_sse.asm +++ b/sse/sha256_one_block_sse.asm @@ -479,7 +479,18 @@ done_hash: movdqa xmm10,[rsp + _XMM_SAVE + 4*16] movdqa xmm11,[rsp + _XMM_SAVE + 5*16] movdqa xmm12,[rsp + _XMM_SAVE + 6*16] +%ifdef SAFE_DATA + ;; Clear potential sensitive data stored in stack + pxor xmm0, xmm0 + movdqa [rsp + _XMM_SAVE + 0 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 1 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 2 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 3 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 4 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 5 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 6 * 16], xmm0 %endif +%endif ;; LINUX add rsp, STACK_size diff --git a/sse/sha512_one_block_sse.asm b/sse/sha512_one_block_sse.asm index 63b08cf7..534cfbfd 100644 --- a/sse/sha512_one_block_sse.asm +++ b/sse/sha512_one_block_sse.asm @@ -445,7 +445,20 @@ done_hash: movdqa xmm11,[rsp + _XMM_SAVE + 5*16] movdqa xmm12,[rsp + _XMM_SAVE + 6*16] movdqa xmm13,[rsp + _XMM_SAVE + 7*16] + +%ifdef SAFE_DATA + ;; Clear potential sensitive data stored in stack + pxor xmm0, xmm0 + movdqa [rsp + _XMM_SAVE + 0 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 1 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 2 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 3 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 4 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 5 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 6 * 16], xmm0 + movdqa [rsp + _XMM_SAVE + 7 * 16], xmm0 %endif +%endif ;; LINUX add rsp, STACK_size