.Lenc_key:
___
$code.=<<___ if ($flavour =~ /64/);
+ AARCH64_VALID_CALL_TARGET
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-16]!
add x29,sp,#0
___
${prefix}_set_decrypt_key:
___
$code.=<<___ if ($flavour =~ /64/);
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
___
___
$code.=<<___ if ($flavour =~ /64/);
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
___
$code.=<<___;
.type ${prefix}_${dir}crypt,%function
.align 5
${prefix}_${dir}crypt:
+___
+$code.=<<___ if ($flavour =~ /64/);
+ AARCH64_VALID_CALL_TARGET
+___
+$code.=<<___;
ldr $rounds,[$key,#240]
vld1.32 {$rndkey0},[$key],#16
vld1.8 {$inout},[$inp]
${prefix}_ecb_encrypt:
___
$code.=<<___ if ($flavour =~ /64/);
+ AARCH64_VALID_CALL_TARGET
subs $len,$len,#16
// Original input data size bigger than 16, jump to big size processing.
b.ne .Lecb_big_size
${prefix}_cbc_encrypt:
___
$code.=<<___ if ($flavour =~ /64/);
+ AARCH64_VALID_CALL_TARGET
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-16]!
add x29,sp,#0
___
${prefix}_ctr32_encrypt_blocks:
___
$code.=<<___ if ($flavour =~ /64/);
+ AARCH64_VALID_CALL_TARGET
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-16]!
add x29,sp,#0
___
${prefix}_xts_encrypt:
___
$code.=<<___ if ($flavour =~ /64/);
+ AARCH64_VALID_CALL_TARGET
cmp $len,#16
// Original input data size bigger than 16, jump to big size processing.
b.ne .Lxts_enc_big_size
.type ${prefix}_xts_decrypt,%function
.align 5
${prefix}_xts_decrypt:
+ AARCH64_VALID_CALL_TARGET
___
$code.=<<___ if ($flavour =~ /64/);
cmp $len,#16
*STDOUT=*OUT;
$code.=<<___;
+#include "arm_arch.h"
+
.text
.type _vpaes_consts,%object
.type vpaes_encrypt,%function
.align 4
vpaes_encrypt:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
st1 {v0.16b}, [$out]
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size vpaes_encrypt,.-vpaes_encrypt
.type vpaes_decrypt,%function
.align 4
vpaes_decrypt:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
st1 {v0.16b}, [$out]
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size vpaes_decrypt,.-vpaes_decrypt
.type _vpaes_schedule_core,%function
.align 4
_vpaes_schedule_core:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29, x30, [sp,#-16]!
add x29,sp,#0
eor v6.16b, v6.16b, v6.16b // vpxor %xmm6, %xmm6, %xmm6
eor v7.16b, v7.16b, v7.16b // vpxor %xmm7, %xmm7, %xmm7
ldp x29, x30, [sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size _vpaes_schedule_core,.-_vpaes_schedule_core
.type vpaes_set_encrypt_key,%function
.align 4
vpaes_set_encrypt_key:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]! // ABI spec says so
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
.type vpaes_set_decrypt_key,%function
.align 4
vpaes_set_decrypt_key:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]! // ABI spec says so
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
___
.type vpaes_cbc_encrypt,%function
.align 4
vpaes_cbc_encrypt:
+ AARCH64_SIGN_LINK_REGISTER
cbz $len, .Lcbc_abort
cmp w5, #0 // check direction
b.eq vpaes_cbc_decrypt
- .inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
st1 {v0.16b}, [$ivec] // write ivec
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
.Lcbc_abort:
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
.type vpaes_cbc_decrypt,%function
.align 4
vpaes_cbc_decrypt:
- .inst 0xd503233f // paciasp
+ // Not adding AARCH64_SIGN_LINK_REGISTER here because vpaes_cbc_decrypt is jumped to
+ // only from vpaes_cbc_encrypt which has already signed the return address.
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]! // ABI spec says so
ldp d10,d11,[sp],#16
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size vpaes_cbc_decrypt,.-vpaes_cbc_decrypt
___
.type vpaes_ecb_encrypt,%function
.align 4
vpaes_ecb_encrypt:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]! // ABI spec says so
ldp d10,d11,[sp],#16
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size vpaes_ecb_encrypt,.-vpaes_ecb_encrypt
.type vpaes_ecb_decrypt,%function
.align 4
vpaes_ecb_decrypt:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]! // ABI spec says so
ldp d10,d11,[sp],#16
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size vpaes_ecb_decrypt,.-vpaes_ecb_decrypt
___
GENERATE[aesv8-armx.S]=asm/aesv8-armx.pl
INCLUDE[aesv8-armx.o]=..
GENERATE[vpaes-armv8.S]=asm/vpaes-armv8.pl
+INCLUDE[vpaes-armv8.o]=..
GENERATE[aes-armv4.S]=asm/aes-armv4.pl
INCLUDE[aes-armv4.o]=..
.globl _armv7_neon_probe
.type _armv7_neon_probe,%function
_armv7_neon_probe:
+ AARCH64_VALID_CALL_TARGET
orr v15.16b, v15.16b, v15.16b
ret
.size _armv7_neon_probe,.-_armv7_neon_probe
.globl _armv7_tick
.type _armv7_tick,%function
_armv7_tick:
+ AARCH64_VALID_CALL_TARGET
#ifdef __APPLE__
mrs x0, CNTPCT_EL0
#else
.globl _armv8_aes_probe
.type _armv8_aes_probe,%function
_armv8_aes_probe:
+ AARCH64_VALID_CALL_TARGET
aese v0.16b, v0.16b
ret
.size _armv8_aes_probe,.-_armv8_aes_probe
.globl _armv8_sha1_probe
.type _armv8_sha1_probe,%function
_armv8_sha1_probe:
+ AARCH64_VALID_CALL_TARGET
sha1h s0, s0
ret
.size _armv8_sha1_probe,.-_armv8_sha1_probe
.globl _armv8_sha256_probe
.type _armv8_sha256_probe,%function
_armv8_sha256_probe:
+ AARCH64_VALID_CALL_TARGET
sha256su0 v0.4s, v0.4s
ret
.size _armv8_sha256_probe,.-_armv8_sha256_probe
.globl _armv8_pmull_probe
.type _armv8_pmull_probe,%function
_armv8_pmull_probe:
+ AARCH64_VALID_CALL_TARGET
pmull v0.1q, v0.1d, v0.1d
ret
.size _armv8_pmull_probe,.-_armv8_pmull_probe
.globl _armv8_sha512_probe
.type _armv8_sha512_probe,%function
_armv8_sha512_probe:
+ AARCH64_VALID_CALL_TARGET
.long 0xcec08000 // sha512su0 v0.2d,v0.2d
ret
.size _armv8_sha512_probe,.-_armv8_sha512_probe
.globl _armv8_cpuid_probe
.type _armv8_cpuid_probe,%function
_armv8_cpuid_probe:
+ AARCH64_VALID_CALL_TARGET
mrs x0, midr_el1
ret
.size _armv8_cpuid_probe,.-_armv8_cpuid_probe
.type OPENSSL_cleanse,%function
.align 5
OPENSSL_cleanse:
+ AARCH64_VALID_CALL_TARGET
cbz x1,.Lret // len==0?
cmp x1,#15
b.hi .Lot // len>15
.type CRYPTO_memcmp,%function
.align 4
CRYPTO_memcmp:
+ AARCH64_VALID_CALL_TARGET
eor w3,w3,w3
cbz x2,.Lno_data // len==0?
cmp x2,#16
# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \
(((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum))
+
+#if defined(__ASSEMBLER__)
+
+ /*
+ * Support macros for
+ * - Armv8.3-A Pointer Authentication and
+ * - Armv8.5-A Branch Target Identification
+ * features which require emitting a .note.gnu.property section with the
+ * appropriate architecture-dependent feature bits set.
+ * Read more: "ELF for the Arm® 64-bit Architecture"
+ */
+
+# if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
+# define GNU_PROPERTY_AARCH64_BTI (1 << 0) /* Has Branch Target Identification */
+# define AARCH64_VALID_CALL_TARGET hint #34 /* BTI 'c' */
+# else
+# define GNU_PROPERTY_AARCH64_BTI 0 /* No Branch Target Identification */
+# define AARCH64_VALID_CALL_TARGET
+# endif
+
+# if defined(__ARM_FEATURE_PAC_DEFAULT) && \
+ (__ARM_FEATURE_PAC_DEFAULT & 1) == 1 /* Signed with A-key */
+# define GNU_PROPERTY_AARCH64_POINTER_AUTH \
+ (1 << 1) /* Has Pointer Authentication */
+# define AARCH64_SIGN_LINK_REGISTER hint #25 /* PACIASP */
+# define AARCH64_VALIDATE_LINK_REGISTER hint #29 /* AUTIASP */
+# elif defined(__ARM_FEATURE_PAC_DEFAULT) && \
+ (__ARM_FEATURE_PAC_DEFAULT & 2) == 2 /* Signed with B-key */
+# define GNU_PROPERTY_AARCH64_POINTER_AUTH \
+ (1 << 1) /* Has Pointer Authentication */
+# define AARCH64_SIGN_LINK_REGISTER hint #27 /* PACIBSP */
+# define AARCH64_VALIDATE_LINK_REGISTER hint #31 /* AUTIBSP */
+# else
+# define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 /* No Pointer Authentication */
+# if GNU_PROPERTY_AARCH64_BTI != 0
+# define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET
+# else
+# define AARCH64_SIGN_LINK_REGISTER
+# endif
+# define AARCH64_VALIDATE_LINK_REGISTER
+# endif
+
+# if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0
+ .pushsection .note.gnu.property, "a";
+ .balign 8;
+ .long 4;
+ .long 0x10;
+ .long 0x5;
+ .asciz "GNU";
+ .long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
+ .long 4;
+ .long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
+ .long 0;
+ .popsection;
+# endif
+
+# endif /* defined __ASSEMBLER__ */
+
#endif
$num="x5"; # int num);
$code.=<<___;
+#include "arm_arch.h"
#ifndef __KERNEL__
-# include "arm_arch.h"
.extern OPENSSL_armv8_rsa_neonized
.hidden OPENSSL_armv8_rsa_neonized
#endif
.type bn_mul_mont,%function
.align 5
bn_mul_mont:
+ AARCH64_SIGN_LINK_REGISTER
.Lbn_mul_mont:
tst $num,#3
b.ne .Lmul_mont
mov x0,#1
ldp x23,x24,[x29,#48]
ldr x29,[sp],#64
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size bn_mul_mont,.-bn_mul_mont
___
.type bn_mul8x_mont_neon,%function
.align 5
bn_mul8x_mont_neon:
+ // Not adding AARCH64_SIGN_LINK_REGISTER here because bn_mul8x_mont_neon is jumped to
+ // only from bn_mul_mont which has already signed the return address.
stp x29,x30,[sp,#-80]!
mov x16,sp
stp d8,d9,[sp,#16]
ldp d10,d11,[sp,#32]
ldp d8,d9,[sp,#16]
ldr x29,[sp],#80
+ AARCH64_VALIDATE_LINK_REGISTER
ret // bx lr
.size bn_mul8x_mont_neon,.-bn_mul8x_mont_neon
cmp $ap,$bp
b.ne __bn_mul4x_mont
.Lsqr8x_mont:
- .inst 0xd503233f // paciasp
+ // Not adding AARCH64_SIGN_LINK_REGISTER here because __bn_sqr8x_mont is jumped to
+ // only from bn_mul_mont which has already signed the return address.
stp x29,x30,[sp,#-128]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldr x29,[sp],#128
- .inst 0xd50323bf // autiasp
+ // x30 is loaded earlier
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size __bn_sqr8x_mont,.-__bn_sqr8x_mont
___
.type __bn_mul4x_mont,%function
.align 5
__bn_mul4x_mont:
- .inst 0xd503233f // paciasp
+ // Not adding AARCH64_SIGN_LINK_REGISTER here because __bn_mul4x_mont is jumped to
+ // only from bn_mul_mont (or __bn_sqr8x_mont from bn_mul_mont) which has already signed the return address.
stp x29,x30,[sp,#-128]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldr x29,[sp],#128
- .inst 0xd50323bf // autiasp
+ // x30 loaded earlier
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size __bn_mul4x_mont,.-__bn_mul4x_mont
___
}
$code.=<<___;
+#include "arm_arch.h"
#ifndef __KERNEL__
-# include "arm_arch.h"
.extern OPENSSL_armcap_P
.hidden OPENSSL_armcap_P
#endif
.type ChaCha20_ctr32,%function
.align 5
ChaCha20_ctr32:
+ AARCH64_SIGN_LINK_REGISTER
cbz $len,.Labort
cmp $len,#192
b.lo .Lshort
#endif
.Lshort:
- .inst 0xd503233f // paciasp
stp x29,x30,[sp,#-96]!
add x29,sp,#0
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
- .inst 0xd50323bf // autiasp
.Labort:
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.align 4
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ChaCha20_ctr32,.-ChaCha20_ctr32
___
.type ChaCha20_neon,%function
.align 5
ChaCha20_neon:
+ AARCH64_SIGN_LINK_REGISTER
.LChaCha20_neon:
- .inst 0xd503233f // paciasp
stp x29,x30,[sp,#-96]!
add x29,sp,#0
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.align 4
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ChaCha20_neon,.-ChaCha20_neon
___
.type ChaCha20_512_neon,%function
.align 5
ChaCha20_512_neon:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-96]!
add x29,sp,#0
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ChaCha20_512_neon,.-ChaCha20_512_neon
___
.type ecp_nistz256_to_mont,%function
.align 6
ecp_nistz256_to_mont:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-32]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x19,x20,[sp,#16]
ldp x29,x30,[sp],#32
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
.type ecp_nistz256_from_mont,%function
.align 4
ecp_nistz256_from_mont:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-32]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x19,x20,[sp,#16]
ldp x29,x30,[sp],#32
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
.type ecp_nistz256_mul_mont,%function
.align 4
ecp_nistz256_mul_mont:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-32]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x19,x20,[sp,#16]
ldp x29,x30,[sp],#32
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
.type ecp_nistz256_sqr_mont,%function
.align 4
ecp_nistz256_sqr_mont:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-32]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x19,x20,[sp,#16]
ldp x29,x30,[sp],#32
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
.type ecp_nistz256_add,%function
.align 4
ecp_nistz256_add:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
bl __ecp_nistz256_add
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_add,.-ecp_nistz256_add
.type ecp_nistz256_div_by_2,%function
.align 4
ecp_nistz256_div_by_2:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
bl __ecp_nistz256_div_by_2
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
.type ecp_nistz256_mul_by_2,%function
.align 4
ecp_nistz256_mul_by_2:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
bl __ecp_nistz256_add // ret = a+a // 2*a
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
.type ecp_nistz256_mul_by_3,%function
.align 4
ecp_nistz256_mul_by_3:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
bl __ecp_nistz256_add // ret += a // 2*a+a=3*a
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
.type ecp_nistz256_sub,%function
.align 4
ecp_nistz256_sub:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
bl __ecp_nistz256_sub_from
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_sub,.-ecp_nistz256_sub
.type ecp_nistz256_neg,%function
.align 4
ecp_nistz256_neg:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
bl __ecp_nistz256_sub_from
ldp x29,x30,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_neg,.-ecp_nistz256_neg
.type ecp_nistz256_point_double,%function
.align 5
ecp_nistz256_point_double:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-96]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x19,x20,[x29,#16]
ldp x21,x22,[x29,#32]
ldp x29,x30,[sp],#96
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_point_double,.-ecp_nistz256_point_double
___
.type ecp_nistz256_point_add,%function
.align 5
ecp_nistz256_point_add:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-96]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_point_add,.-ecp_nistz256_point_add
___
.type ecp_nistz256_point_add_affine,%function
.align 5
ecp_nistz256_point_add_affine:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-80]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x23,x24,[x29,#48]
ldp x25,x26,[x29,#64]
ldp x29,x30,[sp],#80
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
___
.type ecp_nistz256_ord_mul_mont,%function
.align 4
ecp_nistz256_ord_mul_mont:
+ AARCH64_VALID_CALL_TARGET
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-64]!
add x29,sp,#0
stp x19,x20,[sp,#16]
.type ecp_nistz256_ord_sqr_mont,%function
.align 4
ecp_nistz256_ord_sqr_mont:
+ AARCH64_VALID_CALL_TARGET
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-64]!
add x29,sp,#0
stp x19,x20,[sp,#16]
.type ecp_nistz256_scatter_w5,%function
.align 4
ecp_nistz256_scatter_w5:
+ AARCH64_VALID_CALL_TARGET
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-16]!
add x29,sp,#0
.type ecp_nistz256_gather_w5,%function
.align 4
ecp_nistz256_gather_w5:
+ AARCH64_VALID_CALL_TARGET
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-16]!
add x29,sp,#0
.type ecp_nistz256_scatter_w7,%function
.align 4
ecp_nistz256_scatter_w7:
+ AARCH64_VALID_CALL_TARGET
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-16]!
add x29,sp,#0
.type ecp_nistz256_gather_w7,%function
.align 4
ecp_nistz256_gather_w7:
+ AARCH64_VALID_CALL_TARGET
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-16]!
add x29,sp,#0
.type aes_gcm_enc_128_kernel,%function
.align 4
aes_gcm_enc_128_kernel:
+ AARCH64_VALID_CALL_TARGET
cbz x1, .L128_enc_ret
stp x19, x20, [sp, #-112]!
mov x16, x4
.type aes_gcm_dec_128_kernel,%function
.align 4
aes_gcm_dec_128_kernel:
+ AARCH64_VALID_CALL_TARGET
cbz x1, .L128_dec_ret
stp x19, x20, [sp, #-112]!
mov x16, x4
.type aes_gcm_enc_192_kernel,%function
.align 4
aes_gcm_enc_192_kernel:
+ AARCH64_VALID_CALL_TARGET
cbz x1, .L192_enc_ret
stp x19, x20, [sp, #-112]!
mov x16, x4
.type aes_gcm_dec_192_kernel,%function
.align 4
aes_gcm_dec_192_kernel:
+ AARCH64_VALID_CALL_TARGET
cbz x1, .L192_dec_ret
stp x19, x20, [sp, #-112]!
mov x16, x4
.type aes_gcm_enc_256_kernel,%function
.align 4
aes_gcm_enc_256_kernel:
+ AARCH64_VALID_CALL_TARGET
cbz x1, .L256_enc_ret
stp x19, x20, [sp, #-112]!
mov x16, x4
.type aes_gcm_dec_256_kernel,%function
.align 4
aes_gcm_dec_256_kernel:
+ AARCH64_VALID_CALL_TARGET
cbz x1, .L256_dec_ret
stp x19, x20, [sp, #-112]!
mov x16, x4
.type gcm_init_v8,%function
.align 4
gcm_init_v8:
+___
+$code.=<<___ if ($flavour =~ /64/);
+ AARCH64_VALID_CALL_TARGET
+___
+$code.=<<___;
vld1.64 {$t1},[x1] @ load input H
vmov.i8 $xC2,#0xe1
vshl.i64 $xC2,$xC2,#57 @ 0xc2.0
.type gcm_gmult_v8,%function
.align 4
gcm_gmult_v8:
+___
+$code.=<<___ if ($flavour =~ /64/);
+ AARCH64_VALID_CALL_TARGET
+___
+$code.=<<___;
vld1.64 {$t1},[$Xi] @ load Xi
vmov.i8 $xC2,#0xe1
vld1.64 {$H-$Hhl},[$Htbl] @ load twisted H, ...
gcm_ghash_v8:
___
$code.=<<___ if ($flavour =~ /64/);
+ AARCH64_VALID_CALL_TARGET
cmp $len,#64
b.hs .Lgcm_ghash_v8_4x
___
.type poly1305_init,%function
.align 5
poly1305_init:
+ AARCH64_VALID_CALL_TARGET
cmp $inp,xzr
stp xzr,xzr,[$ctx] // zero hash value
stp xzr,xzr,[$ctx,#16] // [along with is_base2_26]
.align 5
poly1305_blocks:
.Lpoly1305_blocks:
+ // The symbol .Lpoly1305_blocks is not a .globl symbol
+ // but a pointer to it is returned by poly1305_init
+ AARCH64_VALID_CALL_TARGET
ands $len,$len,#-16
b.eq .Lno_data
.align 5
poly1305_emit:
.Lpoly1305_emit:
+ // The symbol .poly1305_emit is not a .globl symbol
+ // but a pointer to it is returned by poly1305_init
+ AARCH64_VALID_CALL_TARGET
ldp $h0,$h1,[$ctx] // load hash base 2^64
ldr $h2,[$ctx,#16]
ldp $t0,$t1,[$nonce] // load nonce
.align 5
poly1305_blocks_neon:
.Lpoly1305_blocks_neon:
+ // The symbol .Lpoly1305_blocks_neon is not a .globl symbol
+ // but a pointer to it is returned by poly1305_init
+ AARCH64_VALID_CALL_TARGET
ldr $is_base2_26,[$ctx,#24]
cmp $len,#128
b.hs .Lblocks_neon
cbz $is_base2_26,.Lpoly1305_blocks
.Lblocks_neon:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-80]!
add x29,sp,#0
.Lno_data_neon:
ldr x29,[sp],#80
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size poly1305_blocks_neon,.-poly1305_blocks_neon
.align 5
poly1305_emit_neon:
.Lpoly1305_emit_neon:
+ // The symbol .Lpoly1305_emit_neon is not a .globl symbol
+ // but a pointer to it is returned by poly1305_init
+ AARCH64_VALID_CALL_TARGET
ldr $is_base2_26,[$ctx,#24]
cbz $is_base2_26,poly1305_emit
[ 18, 2, 61, 56, 14 ]);
$code.=<<___;
+#include "arm_arch.h"
+
.text
.align 8 // strategic alignment and padding that allows to use
.align 5
KeccakF1600_int:
adr $C[2],iotas
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp $C[2],x30,[sp,#16] // 32 bytes on top are mine
b .Loop
.align 4
bne .Loop
ldr x30,[sp,#24]
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size KeccakF1600_int,.-KeccakF1600_int
.type KeccakF1600,%function
.align 5
KeccakF1600:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-128]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#128
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size KeccakF1600,.-KeccakF1600
.type SHA3_absorb,%function
.align 5
SHA3_absorb:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-128]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#128
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size SHA3_absorb,.-SHA3_absorb
___
.type SHA3_squeeze,%function
.align 5
SHA3_squeeze:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-48]!
add x29,sp,#0
stp x19,x20,[sp,#16]
ldp x19,x20,[sp,#16]
ldp x21,x22,[sp,#32]
ldp x29,x30,[sp],#48
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size SHA3_squeeze,.-SHA3_squeeze
___
.type KeccakF1600_cext,%function
.align 5
KeccakF1600_cext:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-80]!
add x29,sp,#0
stp d8,d9,[sp,#16] // per ABI requirement
ldp d12,d13,[sp,#48]
ldp d14,d15,[sp,#64]
ldr x29,[sp],#80
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size KeccakF1600_cext,.-KeccakF1600_cext
___
.type SHA3_absorb_cext,%function
.align 5
SHA3_absorb_cext:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-80]!
add x29,sp,#0
stp d8,d9,[sp,#16] // per ABI requirement
ldp d12,d13,[sp,#48]
ldp d14,d15,[sp,#64]
ldp x29,x30,[sp],#80
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size SHA3_absorb_cext,.-SHA3_absorb_cext
___
.type SHA3_squeeze_cext,%function
.align 5
SHA3_squeeze_cext:
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-16]!
add x29,sp,#0
mov x9,$ctx
.Lsqueeze_done_ce:
ldr x29,[sp],#16
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size SHA3_squeeze_cext,.-SHA3_squeeze_cext
___
}
$code.=<<___;
+#include "arm_arch.h"
#ifndef __KERNEL__
-# include "arm_arch.h"
.extern OPENSSL_armcap_P
.hidden OPENSSL_armcap_P
#endif
.type sha1_block_data_order,%function
.align 6
sha1_block_data_order:
+ AARCH64_VALID_CALL_TARGET
adrp x16,OPENSSL_armcap_P
ldr w16,[x16,#:lo12:OPENSSL_armcap_P]
tst w16,#ARMV8_SHA1
b.ne .Lv8_entry
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-96]!
add x29,sp,#0
stp x19,x20,[sp,#16]
.align 6
sha1_block_armv8:
.Lv8_entry:
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-16]!
add x29,sp,#0
}
$code.=<<___;
+#include "arm_arch.h"
#ifndef __KERNEL__
-# include "arm_arch.h"
.extern OPENSSL_armcap_P
.hidden OPENSSL_armcap_P
#endif
.type $func,%function
.align 6
$func:
+ AARCH64_VALID_CALL_TARGET
#ifndef __KERNEL__
adrp x16,OPENSSL_armcap_P
ldr w16,[x16,#:lo12:OPENSSL_armcap_P]
___
$code.=<<___;
#endif
- .inst 0xd503233f // paciasp
+ AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-128]!
add x29,sp,#0
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#128
- .inst 0xd50323bf // autiasp
+ AARCH64_VALIDATE_LINK_REGISTER
ret
.size $func,.-$func
.align 6
sha256_block_armv8:
.Lv8_entry:
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
stp x29,x30,[sp,#-16]!
add x29,sp,#0
.type sha256_block_neon,%function
.align 4
sha256_block_neon:
+ AARCH64_VALID_CALL_TARGET
.Lneon_entry:
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later
stp x29, x30, [sp, #-16]!
mov x29, sp
sub sp,sp,#16*4
.align 6
sha512_block_armv8:
.Lv8_entry:
+ // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later
stp x29,x30,[sp,#-16]!
add x29,sp,#0
GENERATE[sha512-armv8.S]=asm/sha512-armv8.pl
INCLUDE[sha512-armv8.o]=..
GENERATE[keccak1600-armv8.S]=asm/keccak1600-armv8.pl
+INCLUDE[keccak1600-armv8.o]=..
GENERATE[sha1-s390x.S]=asm/sha1-s390x.pl
INCLUDE[sha1-s390x.o]=..