Add straight-line speculation hardening for aarch64 assembly

* cipher/asm-common-aarch64.h (ret_spec_stop): New. * cipher/asm-poly1305-aarch64.h: Use 'ret_spec_stop' for 'ret' instruction. * cipher/camellia-aarch64.S: Likewise. * cipher/chacha20-aarch64.S: Likewise. * cipher/cipher-gcm-armv8-aarch64-ce.S: Likewise. * cipher/crc-armv8-aarch64-ce.S: Likewise. * cipher/rijndael-aarch64.S: Likewise. * cipher/rijndael-armv8-aarch64-ce.S: Likewise. * cipher/sha1-armv8-aarch64-ce.S: Likewise. * cipher/sha256-armv8-aarch64-ce.S: Likewise. * cipher/sm3-aarch64.S: Likewise. * cipher/twofish-aarch64.S: Likewise. * mpi/aarch64/mpih-add1.S: Likewise. * mpi/aarch64/mpih-mul1.S: Likewise. * mpi/aarch64/mpih-mul2.S: Likewise. * mpi/aarch64/mpih-mul3.S: Likewise. * mpi/aarch64/mpih-sub1.S: Likewise. -- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
author: Jussi Kivilinna <jussi.kivilinna@iki.fi> 2022-01-08 21:09:09 +0200
committer: Jussi Kivilinna <jussi.kivilinna@iki.fi> 2022-01-11 20:10:12 +0200
commit: 34bcc102158a651781f4e7639e2654068a39db6d (patch)
tree: e96dbc6c4b2288e4ec299c6fcff3d55ff46c4259 /cipher/rijndael-armv8-aarch64-ce.S
parent: 11ade08efbfbc36dbf3571f1026946269950bc40 (diff)
download: libgcrypt-34bcc102158a651781f4e7639e2654068a39db6d.tar.gz
1 files changed, 15 insertions, 15 deletions
diff --git a/cipher/rijndael-armv8-aarch64-ce.S b/cipher/rijndael-armv8-aarch64-ce.S
index 9f8d9d49..4fef0345 100644
--- a/cipher/rijndael-armv8-aarch64-ce.S
+++ b/cipher/rijndael-armv8-aarch64-ce.S
@@ -301,7 +301,7 @@ _gcry_aes_enc_armv8_ce:
   CLEAR_REG(v0)
 
   mov x0, #0
-  ret
+  ret_spec_stop
 
 .Lenc1_192:
   do_aes_one192(e, mc, v0, v0, vk0);
@@ -365,7 +365,7 @@ _gcry_aes_dec_armv8_ce:
   CLEAR_REG(v0)
 
   mov x0, #0
-  ret
+  ret_spec_stop
 
 .Ldec1_192:
   do_aes_one192(d, imc, v0, v0, vk0);
@@ -463,7 +463,7 @@ _gcry_aes_cbc_enc_armv8_ce:
   CLEAR_REG(v0)
 
 .Lcbc_enc_skip:
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_cbc_enc_armv8_ce,.-_gcry_aes_cbc_enc_armv8_ce;)
 
@@ -584,7 +584,7 @@ _gcry_aes_cbc_dec_armv8_ce:
   CFI_ADJUST_CFA_OFFSET(-64);
 
 .Lcbc_dec_skip:
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_cbc_dec_armv8_ce,.-_gcry_aes_cbc_dec_armv8_ce;)
 
@@ -777,7 +777,7 @@ _gcry_aes_ctr_enc_armv8_ce:
   CFI_ADJUST_CFA_OFFSET(-128);
 
 .Lctr_enc_skip:
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_ctr_enc_armv8_ce,.-_gcry_aes_ctr_enc_armv8_ce;)
 
@@ -924,7 +924,7 @@ _gcry_aes_ctr32le_enc_armv8_ce:
   CFI_ADJUST_CFA_OFFSET(-128);
 
 .Lctr32le_enc_skip:
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_ctr32le_enc_armv8_ce,.-_gcry_aes_ctr32le_enc_armv8_ce;)
 
@@ -1006,7 +1006,7 @@ _gcry_aes_cfb_enc_armv8_ce:
   CLEAR_REG(v4)
 
 .Lcfb_enc_skip:
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_cfb_enc_armv8_ce,.-_gcry_aes_cfb_enc_armv8_ce;)
 
@@ -1130,7 +1130,7 @@ _gcry_aes_cfb_dec_armv8_ce:
   CFI_ADJUST_CFA_OFFSET(-64);
 
 .Lcfb_dec_skip:
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_cfb_dec_armv8_ce,.-_gcry_aes_cfb_dec_armv8_ce;)
 
@@ -1379,7 +1379,7 @@ _gcry_aes_ocb_enc_armv8_ce:
   add sp, sp, #128;
   CFI_ADJUST_CFA_OFFSET(-128);
 
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_ocb_enc_armv8_ce,.-_gcry_aes_ocb_enc_armv8_ce;)
 
@@ -1458,7 +1458,7 @@ _gcry_aes_ocb_dec_armv8_ce:
   add sp, sp, #128;
   CFI_ADJUST_CFA_OFFSET(-128);
 
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_ocb_dec_armv8_ce,.-_gcry_aes_ocb_dec_armv8_ce;)
 
@@ -1605,7 +1605,7 @@ _gcry_aes_ocb_auth_armv8_ce:
   CLEAR_REG(v2)
   CLEAR_REG(v16)
 
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_ocb_auth_armv8_ce,.-_gcry_aes_ocb_auth_armv8_ce;)
 
@@ -1806,7 +1806,7 @@ _gcry_aes_xts_enc_armv8_ce:
   CFI_ADJUST_CFA_OFFSET(-128);
 
 .Lxts_enc_skip:
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_xts_enc_armv8_ce,.-_gcry_aes_xts_enc_armv8_ce;)
 
@@ -1874,7 +1874,7 @@ _gcry_aes_xts_dec_armv8_ce:
   CFI_ADJUST_CFA_OFFSET(-128);
 
 .Lxts_dec_skip:
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_xts_dec_armv8_ce,.-_gcry_aes_xts_dec_armv8_ce;)
 
@@ -1897,7 +1897,7 @@ _gcry_aes_sbox4_armv8_ce:
   addv s0, v0.4s
   mov w0, v0.S[0]
   CLEAR_REG(v0)
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_sbox4_armv8_ce,.-_gcry_aes_sbox4_armv8_ce;)
 
@@ -1914,7 +1914,7 @@ _gcry_aes_invmixcol_armv8_ce:
   aesimc v0.16b, v0.16b
   st1 {v0.16b}, [x0]
   CLEAR_REG(v0)
-  ret
+  ret_spec_stop
   CFI_ENDPROC();
 ELF(.size _gcry_aes_invmixcol_armv8_ce,.-_gcry_aes_invmixcol_armv8_ce;)
author	Jussi Kivilinna <jussi.kivilinna@iki.fi>	2022-01-08 21:09:09 +0200
committer	Jussi Kivilinna <jussi.kivilinna@iki.fi>	2022-01-11 20:10:12 +0200
commit	34bcc102158a651781f4e7639e2654068a39db6d (patch)
tree	e96dbc6c4b2288e4ec299c6fcff3d55ff46c4259 /cipher/rijndael-armv8-aarch64-ce.S
parent	11ade08efbfbc36dbf3571f1026946269950bc40 (diff)
download	libgcrypt-34bcc102158a651781f4e7639e2654068a39db6d.tar.gz