openbsd/src/lib/libcrypto/modes/asm, branch libressl-v4.2.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v4.2.1 2025-06-09T14:28:34+00:00 Make OPENSSL_IA32_SSE2 the default for i386 and remove the flag. 2025-06-09T14:28:34+00:00 jsing 2025-06-09T14:28:34+00:00 urn:sha1:951cd4503ff3c4cc93c1a36cf06138b1ddd739d7 The OPENSSL_IA32_SSE2 flag controls whether a number of the perlasm scripts generate additional implementations that use SSE2 functionality. In all cases except ghash, the code checks OPENSSL_ia32cap_P for SSE2 support, before trying to run SSE2 code. For ghash it generates a CLMUL based implementation in addition to different MMX version (one MMX version hides behind OPENSSL_IA32_SSE2, the other does not), however this does not appear to actually use SSE2. We also disable AES-NI on i386 if OPENSSL_IA32_SSE2. On OpenBSD, we've always defined OPENSSL_IA32_SSE2 so this is effectively a no-op. The only change is that we now check MMX rather than SSE2 for the ghash MMX implementation. ok bcook@ beck@ Add a few missing endbr64 to libcrypto 2024-02-24T17:53:20+00:00 tb 2024-02-24T17:53:20+00:00 urn:sha1:2c66b949eac93a66838f31bcbbd5e3c769038538 gcm_{gmult,ghash}_4bit(), aesni_ccm64_decrypt_blocks(), aes_cbc_encrypt(), and aesni_xts_{en,de}crypt() were overlooked in previous passes. Found with a diff for ld.lld by kettenis ok kettenis Replace uses of endbr64 with _CET_ENDBR from cet.h 2024-02-24T15:30:14+00:00 tb 2024-02-24T15:30:14+00:00 urn:sha1:c730c3b3b1845cc7c4a4aceff2031f1135faa6bb cet.h is needed for other platforms to emit the relevant .gnu.properties sections that are necessary for them to enable IBT. It also avoids issues with older toolchains on macOS that explode on encountering endbr64. based on a diff by kettenis ok beck kettenis Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386 2024-01-24T15:24:28+00:00 tb 2024-01-24T15:24:28+00:00 urn:sha1:6db1ed1feaf59b64e81222f16bc861cdb38889ad This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6. The code path is only reachable on machines without FXSR or PCLMUL. ok jsing Avoid a four byte overread in gcm_ghash_4bit() on amd64. 2024-01-24T13:39:44+00:00 jsing 2024-01-24T13:39:44+00:00 urn:sha1:00bd760df094460f9eef0ddf96b36d21660bc5ed The assembly code for gcm_ghash_4bit() reads one too many times from Xi, resulting in a four byte overread. Prevent this by not loading the next value in the final iteration of the loop. If another full iteration is required the next Xi value will be loaded at the top of the outer_loop. Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding and reporting this issue, along with a detailed reproducer. Same diff from deraadt@ ok tb@ Add endbr64 where needed by inspection. Passes regresson tests. 2023-04-25T04:42:26+00:00 deraadt 2023-04-25T04:42:26+00:00 urn:sha1:f56bc15e44b93e564d434a7d0b5c8f837812aac3 ok jsing, and kind of tb an earlier version Use explicit .text instead of .previous to please Windows/MinGW on amd64 2023-02-23T08:55:44+00:00 tb 2023-02-23T08:55:44+00:00 urn:sha1:0dadd2bf46f37ca96a50e247649a11b3c5273234 ok miod Use .section .rodata instead of a plain .rodata 2023-02-09T19:57:00+00:00 tb 2023-02-09T19:57:00+00:00 urn:sha1:4355eb6aeababf0126972f85bdeed63048a99df1 At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to make it happy. ok deraadt miod Move all data blocks from .text to .rodata and cleanup up and homogeneize code 2023-02-02T13:03:50+00:00 miod 2023-02-02T13:03:50+00:00 urn:sha1:9e1924dde08e823680f6e83135f11d55b6b25f38 responsible from getting the proper address of those blocks. Move all data blocks from .text to .rodata and cleanup up and homogeneize code 2023-02-01T20:45:04+00:00 miod 2023-02-01T20:45:04+00:00 urn:sha1:5957c398bf683b5334ed18dd0f830b1cfffbf027 responsible from getting the proper address of those blocks. ok tb@ jsing@