From 34bcc102158a651781f4e7639e2654068a39db6d Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Sat, 8 Jan 2022 21:09:09 +0200 Subject: Add straight-line speculation hardening for aarch64 assembly * cipher/asm-common-aarch64.h (ret_spec_stop): New. * cipher/asm-poly1305-aarch64.h: Use 'ret_spec_stop' for 'ret' instruction. * cipher/camellia-aarch64.S: Likewise. * cipher/chacha20-aarch64.S: Likewise. * cipher/cipher-gcm-armv8-aarch64-ce.S: Likewise. * cipher/crc-armv8-aarch64-ce.S: Likewise. * cipher/rijndael-aarch64.S: Likewise. * cipher/rijndael-armv8-aarch64-ce.S: Likewise. * cipher/sha1-armv8-aarch64-ce.S: Likewise. * cipher/sha256-armv8-aarch64-ce.S: Likewise. * cipher/sm3-aarch64.S: Likewise. * cipher/twofish-aarch64.S: Likewise. * mpi/aarch64/mpih-add1.S: Likewise. * mpi/aarch64/mpih-mul1.S: Likewise. * mpi/aarch64/mpih-mul2.S: Likewise. * mpi/aarch64/mpih-mul3.S: Likewise. * mpi/aarch64/mpih-sub1.S: Likewise. -- Signed-off-by: Jussi Kivilinna --- cipher/rijndael-armv8-aarch64-ce.S | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'cipher/rijndael-armv8-aarch64-ce.S') diff --git a/cipher/rijndael-armv8-aarch64-ce.S b/cipher/rijndael-armv8-aarch64-ce.S index 9f8d9d49..4fef0345 100644 --- a/cipher/rijndael-armv8-aarch64-ce.S +++ b/cipher/rijndael-armv8-aarch64-ce.S @@ -301,7 +301,7 @@ _gcry_aes_enc_armv8_ce: CLEAR_REG(v0) mov x0, #0 - ret + ret_spec_stop .Lenc1_192: do_aes_one192(e, mc, v0, v0, vk0); @@ -365,7 +365,7 @@ _gcry_aes_dec_armv8_ce: CLEAR_REG(v0) mov x0, #0 - ret + ret_spec_stop .Ldec1_192: do_aes_one192(d, imc, v0, v0, vk0); @@ -463,7 +463,7 @@ _gcry_aes_cbc_enc_armv8_ce: CLEAR_REG(v0) .Lcbc_enc_skip: - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_cbc_enc_armv8_ce,.-_gcry_aes_cbc_enc_armv8_ce;) @@ -584,7 +584,7 @@ _gcry_aes_cbc_dec_armv8_ce: CFI_ADJUST_CFA_OFFSET(-64); .Lcbc_dec_skip: - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_cbc_dec_armv8_ce,.-_gcry_aes_cbc_dec_armv8_ce;) @@ -777,7 +777,7 @@ _gcry_aes_ctr_enc_armv8_ce: CFI_ADJUST_CFA_OFFSET(-128); .Lctr_enc_skip: - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_ctr_enc_armv8_ce,.-_gcry_aes_ctr_enc_armv8_ce;) @@ -924,7 +924,7 @@ _gcry_aes_ctr32le_enc_armv8_ce: CFI_ADJUST_CFA_OFFSET(-128); .Lctr32le_enc_skip: - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_ctr32le_enc_armv8_ce,.-_gcry_aes_ctr32le_enc_armv8_ce;) @@ -1006,7 +1006,7 @@ _gcry_aes_cfb_enc_armv8_ce: CLEAR_REG(v4) .Lcfb_enc_skip: - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_cfb_enc_armv8_ce,.-_gcry_aes_cfb_enc_armv8_ce;) @@ -1130,7 +1130,7 @@ _gcry_aes_cfb_dec_armv8_ce: CFI_ADJUST_CFA_OFFSET(-64); .Lcfb_dec_skip: - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_cfb_dec_armv8_ce,.-_gcry_aes_cfb_dec_armv8_ce;) @@ -1379,7 +1379,7 @@ _gcry_aes_ocb_enc_armv8_ce: add sp, sp, #128; CFI_ADJUST_CFA_OFFSET(-128); - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_ocb_enc_armv8_ce,.-_gcry_aes_ocb_enc_armv8_ce;) @@ -1458,7 +1458,7 @@ _gcry_aes_ocb_dec_armv8_ce: add sp, sp, #128; CFI_ADJUST_CFA_OFFSET(-128); - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_ocb_dec_armv8_ce,.-_gcry_aes_ocb_dec_armv8_ce;) @@ -1605,7 +1605,7 @@ _gcry_aes_ocb_auth_armv8_ce: CLEAR_REG(v2) CLEAR_REG(v16) - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_ocb_auth_armv8_ce,.-_gcry_aes_ocb_auth_armv8_ce;) @@ -1806,7 +1806,7 @@ _gcry_aes_xts_enc_armv8_ce: CFI_ADJUST_CFA_OFFSET(-128); .Lxts_enc_skip: - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_xts_enc_armv8_ce,.-_gcry_aes_xts_enc_armv8_ce;) @@ -1874,7 +1874,7 @@ _gcry_aes_xts_dec_armv8_ce: CFI_ADJUST_CFA_OFFSET(-128); .Lxts_dec_skip: - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_xts_dec_armv8_ce,.-_gcry_aes_xts_dec_armv8_ce;) @@ -1897,7 +1897,7 @@ _gcry_aes_sbox4_armv8_ce: addv s0, v0.4s mov w0, v0.S[0] CLEAR_REG(v0) - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_sbox4_armv8_ce,.-_gcry_aes_sbox4_armv8_ce;) @@ -1914,7 +1914,7 @@ _gcry_aes_invmixcol_armv8_ce: aesimc v0.16b, v0.16b st1 {v0.16b}, [x0] CLEAR_REG(v0) - ret + ret_spec_stop CFI_ENDPROC(); ELF(.size _gcry_aes_invmixcol_armv8_ce,.-_gcry_aes_invmixcol_armv8_ce;) -- cgit v1.2.1