aes-s390x.pl: Initialize reserved and unused memory

The reserved bytes in the parameter block (bytes 0-11) for the KMA
instruction should be set to zero to be compatible in case of future
architecture changes.

While at it, also the following unused parts of the parameter block
(bytes 48-63) are also cleared to avoid false positives with various
memory checkers like valgrind.

As it makes - performance wise - no difference to process 12, 48 or 64
bytes with one XC call, but two XC calls are slower than one call, the
first 64 bytes of the parameter block will be cleared with a single XC
call. This will also initialize the counter in the parameter block
(bytes 12-15), although it is not strictly necessary.

Co-developed-by: Juergen Christ <jchrist@linux.ibm.com>
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28315)

diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
index 78aa6dacfc9d1b7d7b5ed786c0dfc6f49ceb24a6..891d33bb7dca1e1c41986f6b24f07a823c3f4d1c 100644 (file)
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
@@ -1431,6 +1431,9 @@ $code.=<<___ if (!$softonly);
        st${g}  $s3,0($sp)                      # backchain
        la      %r1,$stdframe($sp)
 
+       xc      $stdframe+0(64,$sp),$stdframe+0($sp)    # clear reserved/unused
+                                                       # in parameter block
+
        lmg     $s2,$s3,0($key)                 # copy key
        stg     $s2,$stdframe+80($sp)
        stg     $s3,$stdframe+88($sp)