Zero the stack after AVX-512 XTS

[pittma]

Description of changes:

A small patch to zero out the used stack frames in the AVX-512 XTS implementation.

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (eaa19c7) 76.89% compared to head (3af4098) 76.85%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1415      +/-   ##
==========================================
- Coverage   76.89%   76.85%   -0.05%     
==========================================
  Files         425      425              
  Lines       71527    71527              
==========================================
- Hits        55000    54970      -30     
- Misses      16527    16557      +30     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[nebeid]

Thank you, Dan @pittma.
I believe we could add:

• clearing the locations on the stack where the registers were backed up, taking into account the extra ones in the case of win64. This is done in aesni-x86_64.pl
• this change and the suggestion above to the decryption function.

[pittma]

As far as I can tell, this CI failure is unrelated. It looks like HEAD moved a few hours ago for the tpm2 dependency in this test, and now there is a conflict with the patch:

commit 84ead1b7a35362d5fae9b26a0edb9a68eeb6e5c8 (HEAD -> master, origin/master, origin/HEAD)
Author: Juergen Repp <[email protected]>
Date:   Tue Jan 23 12:00:45 2024 +0100

    FAPI: Clean command context before execution.
    
    The FAPI command context now is cleared in the async function of
    every command.
    
    Signed-off-by: Juergen Repp <[email protected]>

This is the error I'm seeing:

$ git apply /home/dpitt/src/aws-lc/tests/ci/integration/tpm2_tss_patch/aws-lc-tpm2-tss.patch
error: patch failed: test/unit/fapi-eventlog.c:138
error: test/unit/fapi-eventlog.c: patch does not apply

[torben-hansen]

As far as I can tell, this CI failure is unrelated. It looks like HEAD moved a few hours ago for the tpm2 dependency in this test, and now there is a conflict with the patch:

commit 84ead1b7a35362d5fae9b26a0edb9a68eeb6e5c8 (HEAD -> master, origin/master, origin/HEAD)
Author: Juergen Repp <[email protected]>
Date:   Tue Jan 23 12:00:45 2024 +0100

    FAPI: Clean command context before execution.
    
    The FAPI command context now is cleared in the async function of
    every command.
    
    Signed-off-by: Juergen Repp <[email protected]>

This is the error I'm seeing:

$ git apply /home/dpitt/src/aws-lc/tests/ci/integration/tpm2_tss_patch/aws-lc-tpm2-tss.patch
error: patch failed: test/unit/fapi-eventlog.c:138
error: test/unit/fapi-eventlog.c: patch does not apply

Resolved here: #1422

[nebeid]

I think the comments that used to be there before line 1881 for the special case of zeroising were helpful:

# Stack usage isn't divisible by 64, so we use a kmask register to
# only use 48 of the bytes (6 quad-words).

The prior comments were good too.

[pittma]

I think the comments that used to be there before line 1881 for the special case of zeroising were helpful:

# Stack usage isn't divisible by 64, so we use a kmask register to
# only use 48 of the bytes (6 quad-words).

The prior comments were good too.

Thanks for saying so @nebeid. I'd mostly left them as mnemonics for myself and I began to fear I was the only one! I've added them back.