crypto: x86/poly1305 - Clear key material from stack in SSE2 variant

1-block SSE2 variant of poly1305 stores variables s1..s4 containing key
material on the stack. This commit adds missing zeroing of the stack
memory. Benchmarks show negligible performance hit (tested on i7-3770).

Signed-off-by: Tommi Hirvola <tommi@hirvola.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/arch/x86/crypto/poly1305-sse2-x86_64.S b/arch/x86/crypto/poly1305-sse2-x86_64.S
index c88c670..e6add74 100644 (file)
--- a/arch/x86/crypto/poly1305-sse2-x86_64.S
+++ b/arch/x86/crypto/poly1305-sse2-x86_64.S
@@ -272,6 +272,10 @@ ENTRY(poly1305_block_sse2)
        dec             %rcx
        jnz             .Ldoblock
 
+       # Zeroing of key material
+       mov             %rcx,0x00(%rsp)
+       mov             %rcx,0x08(%rsp)
+
        add             $0x10,%rsp
        pop             %r12
        pop             %rbx