1*03514f19SPatrick WilliamsFrom ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 2*03514f19SPatrick WilliamsFrom: Tom Cosgrove <tom.cosgrove@arm.com> 3*03514f19SPatrick WilliamsDate: Tue, 26 Mar 2024 13:18:00 +0000 4*03514f19SPatrick WilliamsSubject: [PATCH] aarch64: fix BTI in bsaes assembly code 5*03514f19SPatrick Williams 6*03514f19SPatrick WilliamsIn Arm systems where BTI is enabled but the Crypto extensions are not (more 7*03514f19SPatrick Williamslikely in FVPs than in real hardware), the bit-sliced assembler code will 8*03514f19SPatrick Williamsbe used. However, this wasn't annotated with BTI instructions when BTI was 9*03514f19SPatrick Williamsenabled, so the moment libssl jumps into this code it (correctly) aborts. 10*03514f19SPatrick Williams 11*03514f19SPatrick WilliamsSolve this by adding the missing BTI landing pads. 12*03514f19SPatrick Williams 13*03514f19SPatrick WilliamsUpstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] 14*03514f19SPatrick WilliamsSigned-off-by: Ross Burton <ross.burton@arm.com> 15*03514f19SPatrick Williams--- 16*03514f19SPatrick Williams crypto/aes/asm/bsaes-armv8.pl | 5 ++++- 17*03514f19SPatrick Williams 1 file changed, 4 insertions(+), 1 deletion(-) 18*03514f19SPatrick Williams 19*03514f19SPatrick Williamsdiff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl 20*03514f19SPatrick Williamsindex b3c97e439f..c3c5ff3e05 100644 21*03514f19SPatrick Williams--- a/crypto/aes/asm/bsaes-armv8.pl 22*03514f19SPatrick Williams+++ b/crypto/aes/asm/bsaes-armv8.pl 23*03514f19SPatrick Williams@@ -1018,6 +1018,7 @@ _bsaes_key_convert: 24*03514f19SPatrick Williams // Initialisation vector overwritten with last quadword of ciphertext 25*03514f19SPatrick Williams // No output registers, usual AAPCS64 register preservation 26*03514f19SPatrick Williams ossl_bsaes_cbc_encrypt: 27*03514f19SPatrick Williams+ AARCH64_VALID_CALL_TARGET 28*03514f19SPatrick Williams cmp x2, #128 29*03514f19SPatrick Williams bhs .Lcbc_do_bsaes 30*03514f19SPatrick Williams b AES_cbc_encrypt 31*03514f19SPatrick Williams@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: 32*03514f19SPatrick Williams // Output text filled in 33*03514f19SPatrick Williams // No output registers, usual AAPCS64 register preservation 34*03514f19SPatrick Williams ossl_bsaes_ctr32_encrypt_blocks: 35*03514f19SPatrick Williams- 36*03514f19SPatrick Williams+ AARCH64_VALID_CALL_TARGET 37*03514f19SPatrick Williams cmp x2, #8 // use plain AES for 38*03514f19SPatrick Williams blo .Lctr_enc_short // small sizes 39*03514f19SPatrick Williams 40*03514f19SPatrick Williams@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: 41*03514f19SPatrick Williams // Output ciphertext filled in 42*03514f19SPatrick Williams // No output registers, usual AAPCS64 register preservation 43*03514f19SPatrick Williams ossl_bsaes_xts_encrypt: 44*03514f19SPatrick Williams+ AARCH64_VALID_CALL_TARGET 45*03514f19SPatrick Williams // Stack layout: 46*03514f19SPatrick Williams // sp -> 47*03514f19SPatrick Williams // nrounds*128-96 bytes: key schedule 48*03514f19SPatrick Williams@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: 49*03514f19SPatrick Williams // Output plaintext filled in 50*03514f19SPatrick Williams // No output registers, usual AAPCS64 register preservation 51*03514f19SPatrick Williams ossl_bsaes_xts_decrypt: 52*03514f19SPatrick Williams+ AARCH64_VALID_CALL_TARGET 53*03514f19SPatrick Williams // Stack layout: 54*03514f19SPatrick Williams // sp -> 55*03514f19SPatrick Williams // nrounds*128-96 bytes: key schedule 56*03514f19SPatrick Williams-- 57*03514f19SPatrick Williams2.34.1 58*03514f19SPatrick Williams 59