From: Mark Kettenis Subject: security/openssl/1.1 endbr64 sprinkling To: tb@openbsd.org Cc: ports@openbsd.org Date: Sun, 18 Feb 2024 23:25:04 +0100 ok? Index: Makefile =================================================================== RCS file: /cvs/ports/security/openssl/1.1/Makefile,v retrieving revision 1.66 diff -u -p -r1.66 Makefile --- Makefile 29 Nov 2023 11:47:57 -0000 1.66 +++ Makefile 18 Feb 2024 22:23:53 -0000 @@ -8,7 +8,7 @@ PORTROACH= limit:^1\.1\.[0-9][a-z] skipb V= 1.1.1w PKGSPEC= openssl->=1.1.0v0,<1.2v0 EPOCH= 0 -REVISION= 0 +REVISION= 1 SHLIBVER= 11.6 SHARED_LIBS= crypto ${SHLIBVER} \ Index: patches/patch-crypto_aes_asm_aesni-x86_64_pl =================================================================== RCS file: /cvs/ports/security/openssl/1.1/patches/patch-crypto_aes_asm_aesni-x86_64_pl,v retrieving revision 1.1 diff -u -p -r1.1 patch-crypto_aes_asm_aesni-x86_64_pl --- patches/patch-crypto_aes_asm_aesni-x86_64_pl 20 Jan 2023 20:49:35 -0000 1.1 +++ patches/patch-crypto_aes_asm_aesni-x86_64_pl 18 Feb 2024 22:23:53 -0000 @@ -1,7 +1,95 @@ Index: crypto/aes/asm/aesni-x86_64.pl --- crypto/aes/asm/aesni-x86_64.pl.orig +++ crypto/aes/asm/aesni-x86_64.pl -@@ -4730,6 +4730,7 @@ ___ +@@ -275,6 +275,7 @@ $code.=<<___; + .align 16 + ${PREFIX}_encrypt: + .cfi_startproc ++ endbranch + movups ($inp),$inout0 # load input + mov 240($key),$rounds # key->rounds + ___ +@@ -293,6 +294,7 @@ $code.=<<___; + .align 16 + ${PREFIX}_decrypt: + .cfi_startproc ++ endbranch + movups ($inp),$inout0 # load input + mov 240($key),$rounds # key->rounds + ___ +@@ -613,6 +615,7 @@ $code.=<<___; + .align 16 + aesni_ecb_encrypt: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp +@@ -985,6 +988,7 @@ $code.=<<___; + .align 16 + aesni_ccm64_encrypt_blocks: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp +@@ -1077,6 +1081,7 @@ $code.=<<___; + .align 16 + aesni_ccm64_decrypt_blocks: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp +@@ -1203,6 +1208,7 @@ $code.=<<___; + .align 16 + aesni_ctr32_encrypt_blocks: + .cfi_startproc ++ endbranch + cmp \$1,$len + jne .Lctr32_bulk + +@@ -1775,6 +1781,7 @@ $code.=<<___; + .align 16 + aesni_xts_encrypt: + .cfi_startproc ++ endbranch + lea (%rsp),%r11 # frame pointer + .cfi_def_cfa_register %r11 + push %rbp +@@ -2258,6 +2265,7 @@ $code.=<<___; + .align 16 + aesni_xts_decrypt: + .cfi_startproc ++ endbranch + lea (%rsp),%r11 # frame pointer + .cfi_def_cfa_register %r11 + push %rbp +@@ -2783,6 +2791,7 @@ $code.=<<___; + .align 32 + aesni_ocb_encrypt: + .cfi_startproc ++ endbranch + lea (%rsp),%rax + push %rbx + .cfi_push %rbx +@@ -3249,6 +3258,7 @@ __ocb_encrypt1: + .align 32 + aesni_ocb_decrypt: + .cfi_startproc ++ endbranch + lea (%rsp),%rax + push %rbx + .cfi_push %rbx +@@ -3737,6 +3747,7 @@ $code.=<<___; + .align 16 + ${PREFIX}_cbc_encrypt: + .cfi_startproc ++ endbranch + test $len,$len # check length + jz .Lcbc_ret + +@@ -4730,6 +4741,7 @@ ___ } ␌ $code.=<<___; @@ -9,7 +97,7 @@ Index: crypto/aes/asm/aesni-x86_64.pl .align 64 .Lbswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 -@@ -4752,6 +4753,7 @@ $code.=<<___; +@@ -4752,6 +4764,7 @@ $code.=<<___; .asciz "AES for Intel AES-NI, CRYPTOGAMS by " .align 64 Index: patches/patch-crypto_aes_asm_vpaes-x86_64_pl =================================================================== RCS file: /cvs/ports/security/openssl/1.1/patches/patch-crypto_aes_asm_vpaes-x86_64_pl,v retrieving revision 1.1 diff -u -p -r1.1 patch-crypto_aes_asm_vpaes-x86_64_pl --- patches/patch-crypto_aes_asm_vpaes-x86_64_pl 20 Jan 2023 20:49:35 -0000 1.1 +++ patches/patch-crypto_aes_asm_vpaes-x86_64_pl 18 Feb 2024 22:23:53 -0000 @@ -1,7 +1,47 @@ Index: crypto/aes/asm/vpaes-x86_64.pl --- crypto/aes/asm/vpaes-x86_64.pl.orig +++ crypto/aes/asm/vpaes-x86_64.pl -@@ -998,6 +998,7 @@ _vpaes_preheat: +@@ -696,6 +696,7 @@ _vpaes_schedule_mangle: + .align 16 + ${PREFIX}_set_encrypt_key: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp +@@ -746,6 +747,7 @@ $code.=<<___; + .align 16 + ${PREFIX}_set_decrypt_key: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp +@@ -801,6 +803,7 @@ $code.=<<___; + .align 16 + ${PREFIX}_encrypt: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp +@@ -846,6 +849,7 @@ $code.=<<___; + .align 16 + ${PREFIX}_decrypt: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp +@@ -897,6 +901,7 @@ $code.=<<___; + .align 16 + ${PREFIX}_cbc_encrypt: + .cfi_startproc ++ endbranch + xchg $key,$len + ___ + ($len,$key)=($key,$len); +@@ -998,6 +1003,7 @@ _vpaes_preheat: ## Constants ## ## ## ######################################################## @@ -9,7 +49,7 @@ Index: crypto/aes/asm/vpaes-x86_64.pl .type _vpaes_consts,\@object .align 64 _vpaes_consts: -@@ -1097,6 +1098,7 @@ _vpaes_consts: +@@ -1097,6 +1103,7 @@ _vpaes_consts: .asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)" .align 64 .size _vpaes_consts,.-_vpaes_consts Index: patches/patch-crypto_camellia_asm_cmll-x86_64_pl =================================================================== RCS file: /cvs/ports/security/openssl/1.1/patches/patch-crypto_camellia_asm_cmll-x86_64_pl,v retrieving revision 1.1 diff -u -p -r1.1 patch-crypto_camellia_asm_cmll-x86_64_pl --- patches/patch-crypto_camellia_asm_cmll-x86_64_pl 20 Jan 2023 20:49:35 -0000 1.1 +++ patches/patch-crypto_camellia_asm_cmll-x86_64_pl 18 Feb 2024 22:23:53 -0000 @@ -9,7 +9,7 @@ Index: crypto/camellia/asm/cmll-x86_64.p .align 64 .LCamellia_SIGMA: .long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858 -@@ -680,6 +681,7 @@ $_ivp="40(%rsp)"; +@@ -680,11 +681,13 @@ $_ivp="40(%rsp)"; $_rsp="48(%rsp)"; $code.=<<___; @@ -17,3 +17,9 @@ Index: crypto/camellia/asm/cmll-x86_64.p .globl Camellia_cbc_encrypt .type Camellia_cbc_encrypt,\@function,6 .align 16 + Camellia_cbc_encrypt: + .cfi_startproc ++ endbranch + cmp \$0,%rdx + je .Lcbc_abort + push %rbx Index: patches/patch-crypto_modes_asm_ghash-x86_64_pl =================================================================== RCS file: /cvs/ports/security/openssl/1.1/patches/patch-crypto_modes_asm_ghash-x86_64_pl,v retrieving revision 1.1 diff -u -p -r1.1 patch-crypto_modes_asm_ghash-x86_64_pl --- patches/patch-crypto_modes_asm_ghash-x86_64_pl 20 Jan 2023 20:49:35 -0000 1.1 +++ patches/patch-crypto_modes_asm_ghash-x86_64_pl 18 Feb 2024 22:23:53 -0000 @@ -1,7 +1,55 @@ Index: crypto/modes/asm/ghash-x86_64.pl --- crypto/modes/asm/ghash-x86_64.pl.orig +++ crypto/modes/asm/ghash-x86_64.pl -@@ -1601,6 +1601,7 @@ ___ +@@ -239,6 +239,7 @@ $code=<<___; + .align 16 + gcm_gmult_4bit: + .cfi_startproc ++ endbranch + push %rbx + .cfi_push %rbx + push %rbp # %rbp and others are pushed exclusively in +@@ -286,6 +287,7 @@ $code.=<<___; + .align 16 + gcm_ghash_4bit: + .cfi_startproc ++ endbranch + push %rbx + .cfi_push %rbx + push %rbp +@@ -612,6 +614,7 @@ $code.=<<___; + .align 16 + gcm_gmult_clmul: + .cfi_startproc ++ endbranch + .L_gmult_clmul: + movdqu ($Xip),$Xi + movdqa .Lbswap_mask(%rip),$T3 +@@ -663,6 +666,7 @@ $code.=<<___; + .align 32 + gcm_ghash_clmul: + .cfi_startproc ++ endbranch + .L_ghash_clmul: + ___ + $code.=<<___ if ($win64); +@@ -1166,6 +1170,7 @@ $code.=<<___; + .align 32 + gcm_gmult_avx: + .cfi_startproc ++ endbranch + jmp .L_gmult_clmul + .cfi_endproc + .size gcm_gmult_avx,.-gcm_gmult_avx +@@ -1177,6 +1182,7 @@ $code.=<<___; + .align 32 + gcm_ghash_avx: + .cfi_startproc ++ endbranch + ___ + if ($avx) { + my ($Xip,$Htbl,$inp,$len)=@_4args; +@@ -1601,6 +1607,7 @@ ___ } ␌ $code.=<<___; @@ -9,7 +57,7 @@ Index: crypto/modes/asm/ghash-x86_64.pl .align 64 .Lbswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 -@@ -1654,6 +1655,7 @@ $code.=<<___; +@@ -1654,6 +1661,7 @@ $code.=<<___; .asciz "GHASH for x86_64, CRYPTOGAMS by " .align 64 Index: patches/patch-crypto_poly1305_asm_poly1305-x86_64_pl =================================================================== RCS file: /cvs/ports/security/openssl/1.1/patches/patch-crypto_poly1305_asm_poly1305-x86_64_pl,v retrieving revision 1.1 diff -u -p -r1.1 patch-crypto_poly1305_asm_poly1305-x86_64_pl --- patches/patch-crypto_poly1305_asm_poly1305-x86_64_pl 20 Jan 2023 20:49:35 -0000 1.1 +++ patches/patch-crypto_poly1305_asm_poly1305-x86_64_pl 18 Feb 2024 22:23:53 -0000 @@ -1,7 +1,71 @@ Index: crypto/poly1305/asm/poly1305-x86_64.pl --- crypto/poly1305/asm/poly1305-x86_64.pl.orig +++ crypto/poly1305/asm/poly1305-x86_64.pl -@@ -3774,6 +3774,7 @@ poly1305_emit_base2_44: +@@ -227,6 +227,7 @@ $code.=<<___; + .align 32 + poly1305_blocks: + .cfi_startproc ++ endbranch + .Lblocks: + shr \$4,$len + jz .Lno_data # too short +@@ -301,6 +302,7 @@ $code.=<<___; + .align 32 + poly1305_emit: + .cfi_startproc ++ endbranch + .Lemit: + mov 0($ctx),%r8 # load hash value + mov 8($ctx),%r9 +@@ -522,6 +524,7 @@ __poly1305_init_avx: + .align 32 + poly1305_blocks_avx: + .cfi_startproc ++ endbranch + mov 20($ctx),%r8d # is_base2_26 + cmp \$128,$len + jae .Lblocks_avx +@@ -1382,6 +1385,7 @@ $code.=<<___; + .align 32 + poly1305_emit_avx: + .cfi_startproc ++ endbranch + cmpl \$0,20($ctx) # is_base2_26? + je .Lemit + +@@ -1446,6 +1450,7 @@ $code.=<<___; + .align 32 + poly1305_blocks_avx2: + .cfi_startproc ++ endbranch + mov 20($ctx),%r8d # is_base2_26 + cmp \$128,$len + jae .Lblocks_avx2 +@@ -2142,6 +2147,7 @@ $code.=<<___; + .align 32 + poly1305_blocks_avx512: + .cfi_startproc ++ endbranch + .Lblocks_avx512: + mov \$15,%eax + kmovw %eax,%k2 +@@ -2806,6 +2812,7 @@ $code.=<<___; + .align 32 + poly1305_blocks_vpmadd52: + .cfi_startproc ++ endbranch + shr \$4,$len + jz .Lno_data_vpmadd52 # too short + +@@ -3739,6 +3746,7 @@ $code.=<<___; + .align 32 + poly1305_emit_base2_44: + .cfi_startproc ++ endbranch + mov 0($ctx),%r8 # load hash value + mov 8($ctx),%r9 + mov 16($ctx),%r10 +@@ -3774,6 +3782,7 @@ poly1305_emit_base2_44: ___ } } } $code.=<<___; @@ -9,7 +73,7 @@ Index: crypto/poly1305/asm/poly1305-x86_ .align 64 .Lconst: .Lmask24: -@@ -3810,6 +3811,7 @@ ___ +@@ -3810,6 +3819,7 @@ ___ $code.=<<___; .asciz "Poly1305 for x86_64, CRYPTOGAMS by " .align 16 Index: patches/patch-crypto_rc4_asm_rc4-x86_64_pl =================================================================== RCS file: /cvs/ports/security/openssl/1.1/patches/patch-crypto_rc4_asm_rc4-x86_64_pl,v retrieving revision 1.1 diff -u -p -r1.1 patch-crypto_rc4_asm_rc4-x86_64_pl --- patches/patch-crypto_rc4_asm_rc4-x86_64_pl 22 Feb 2023 09:21:34 -0000 1.1 +++ patches/patch-crypto_rc4_asm_rc4-x86_64_pl 18 Feb 2024 22:23:53 -0000 @@ -1,7 +1,31 @@ Index: crypto/rc4/asm/rc4-x86_64.pl --- crypto/rc4/asm/rc4-x86_64.pl.orig +++ crypto/rc4/asm/rc4-x86_64.pl -@@ -542,14 +542,16 @@ RC4_options: +@@ -140,6 +140,7 @@ $code=<<___; + .align 16 + RC4: + .cfi_startproc ++ endbranch + or $len,$len + jne .Lentry + ret +@@ -455,6 +456,7 @@ $code.=<<___; + .align 16 + RC4_set_key: + .cfi_startproc ++ endbranch + lea 8($dat),$dat + lea ($inp,$len),$inp + neg $len +@@ -529,6 +531,7 @@ RC4_set_key: + .align 16 + RC4_options: + .cfi_startproc ++ endbranch + lea .Lopts(%rip),%rax + mov OPENSSL_ia32cap_P(%rip),%edx + bt \$20,%edx +@@ -542,14 +545,16 @@ RC4_options: .Ldone: ret .cfi_endproc Index: patches/patch-crypto_x86_64cpuid_pl =================================================================== RCS file: patches/patch-crypto_x86_64cpuid_pl diff -N patches/patch-crypto_x86_64cpuid_pl --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-crypto_x86_64cpuid_pl 18 Feb 2024 22:23:53 -0000 @@ -0,0 +1,19 @@ +Index: crypto/x86_64cpuid.pl +--- crypto/x86_64cpuid.pl.orig ++++ crypto/x86_64cpuid.pl +@@ -237,6 +237,7 @@ OPENSSL_ia32_cpuid: + .align 16 + OPENSSL_cleanse: + .cfi_startproc ++ endbranch + xor %rax,%rax + cmp \$15,$arg2 + jae .Lot +@@ -274,6 +275,7 @@ OPENSSL_cleanse: + .align 16 + CRYPTO_memcmp: + .cfi_startproc ++ endbranch + xor %rax,%rax + xor %r10,%r10 + cmp \$0,$arg3