diff options
| author | David Benjamin <davidben@google.com> | 2021-12-29 13:05:12 -0500 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-11-09 15:30:43 +0100 |
| commit | 0029f786658229b15f98741a336e8091305cbf15 (patch) | |
| tree | 599881acc9ad10a24cc8d62fe9fe9dc7cb16fb3d /crypto/poly1305 | |
| parent | 068c7fa995249894e5935003d1ac478de1df64f3 (diff) | |
Don't use __ARMEL__/__ARMEB__ in aarch64 assembly
GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm,
respectively. They are not defined on aarch64, which instead use
__AARCH64EL__ and __AARCH64EB__.
However, OpenSSL's assembly originally used the 32-bit defines on both
platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is
less portable and can even interfere with other headers, which use
__ARMEL__ to detect little-endian arm.
Over time, the aarch64 assembly has switched to the correct defines,
such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit
finishes the job: poly1305-armv8.pl needed a fix and the dual-arch
armx.pl files get one more transform to convert from 32-bit to 64-bit.
(There is an even more official endianness detector, __ARM_BIG_ENDIAN in
the Arm C Language Extensions. But I've stuck with the GCC ones here as
that would be a larger change.)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17373)
(cherry picked from commit 40c24d74deaad8a0ad7566a68ea5ea757bc3ccef)
Diffstat (limited to 'crypto/poly1305')
| -rwxr-xr-x | crypto/poly1305/asm/poly1305-armv8.pl | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl index 20816c4283..e2c7f2822c 100755 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/poly1305/asm/poly1305-armv8.pl @@ -86,7 +86,7 @@ poly1305_init: ldp $r0,$r1,[$inp] // load key mov $s1,#0xfffffffc0fffffff movk $s1,#0x0fff,lsl#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $r0,$r0 // flip bytes rev $r1,$r1 #endif @@ -136,7 +136,7 @@ poly1305_blocks: .Loop: ldp $t0,$t1,[$inp],#16 // load input sub $len,$len,#16 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $t0,$t0 rev $t1,$t1 #endif @@ -204,13 +204,13 @@ poly1305_emit: csel $h0,$h0,$d0,eq csel $h1,$h1,$d1,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror $t0,$t0,#32 // flip nonce words ror $t1,$t1,#32 #endif adds $h0,$h0,$t0 // accumulate nonce adc $h1,$h1,$t1 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $h0,$h0 // flip output bytes rev $h1,$h1 #endif @@ -345,7 +345,7 @@ poly1305_blocks_neon: adcs $h1,$h1,xzr adc $h2,$h2,xzr -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $d0,$d0 rev $d1,$d1 #endif @@ -391,7 +391,7 @@ poly1305_blocks_neon: ldp $d0,$d1,[$inp],#16 // load input sub $len,$len,#16 add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $d0,$d0 rev $d1,$d1 #endif @@ -476,7 +476,7 @@ poly1305_blocks_neon: lsl $padbit,$padbit,#24 add x15,$ctx,#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -512,7 +512,7 @@ poly1305_blocks_neon: ld1 {$S2,$R3,$S3,$R4},[x15],#64 ld1 {$S4},[x15] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -573,7 +573,7 @@ poly1305_blocks_neon: umull $ACC1,$IN23_0,${R1}[2] ldp x9,x13,[$in2],#48 umull $ACC0,$IN23_0,${R0}[2] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -638,7 +638,7 @@ poly1305_blocks_neon: umlal $ACC4,$IN01_2,${R2}[0] umlal $ACC1,$IN01_2,${S4}[0] umlal $ACC2,$IN01_2,${R0}[0] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -922,13 +922,13 @@ poly1305_emit_neon: csel $h0,$h0,$d0,eq csel $h1,$h1,$d1,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror $t0,$t0,#32 // flip nonce words ror $t1,$t1,#32 #endif adds $h0,$h0,$t0 // accumulate nonce adc $h1,$h1,$t1 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $h0,$h0 // flip output bytes rev $h1,$h1 #endif |