From: Mark Kettenis <mark.kettenis@xs4all.nl>
Subject: Re: openssl/1.1: missing endbr64 for padlock engine
To: Theo Buehler <tb@theobuehler.org>
Cc: ports@openbsd.org, kettenis@openbsd.org
Date: Sat, 24 Feb 2024 17:39:23 +0100

> Date: Sat, 24 Feb 2024 17:33:10 +0100
> From: Theo Buehler <tb@theobuehler.org>
> 
> This adds missing endbr64 to the padlock engine in openssl/1.1:
> 
> ld: warning: padlock_capability: missing endbr64
> ld: warning: padlock_key_bswap: missing endbr64
> ld: warning: padlock_verify_context: missing endbr64
> ld: warning: padlock_reload_key: missing endbr64
> ld: warning: padlock_aes_block: missing endbr64
> ld: warning: padlock_xstore: missing endbr64
> ld: warning: padlock_sha1_oneshot: missing endbr64
> ld: warning: padlock_sha1_blocks: missing endbr64
> ld: warning: padlock_sha256_oneshot: missing endbr64
> ld: warning: padlock_sha256_blocks: missing endbr64
> ld: warning: padlock_sha512_blocks: missing endbr64
> ld: warning: padlock_ecb_encrypt: missing endbr64
> ld: warning: padlock_cbc_encrypt: missing endbr64
> ld: warning: padlock_cfb_encrypt: missing endbr64
> ld: warning: padlock_ofb_encrypt: missing endbr64
> ld: warning: padlock_ctr32_encrypt: missing endbr64

Not opposed to fixing these, but I doubt we'll ever see a CPU that has
both the VIA PadLock instructions and IBT ;).

(Sorry, didn't realize this until after I sent out that diff)

ok kettenis@ (but also fine if you decide to drop this)

Is this code still there in openssl 3.x?


> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/security/openssl/1.1/Makefile,v
> diff -u -p -r1.67 Makefile
> --- Makefile	18 Feb 2024 22:36:59 -0000	1.67
> +++ Makefile	24 Feb 2024 16:29:35 -0000
> @@ -8,7 +8,7 @@ PORTROACH=	limit:^1\.1\.[0-9][a-z] skipb
>  V=		1.1.1w
>  PKGSPEC=	openssl->=1.1.0v0,<1.2v0
>  EPOCH=		0
> -REVISION=	1
> +REVISION=	2
>  
>  SHLIBVER=	11.6
>  SHARED_LIBS=	crypto ${SHLIBVER} \
> Index: patches/patch-engines_asm_e_padlock-x86_64_pl
> ===================================================================
> RCS file: patches/patch-engines_asm_e_padlock-x86_64_pl
> diff -N patches/patch-engines_asm_e_padlock-x86_64_pl
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ patches/patch-engines_asm_e_padlock-x86_64_pl	24 Feb 2024 16:23:50 -0000
> @@ -0,0 +1,99 @@
> +Index: engines/asm/e_padlock-x86_64.pl
> +--- engines/asm/e_padlock-x86_64.pl.orig
> ++++ engines/asm/e_padlock-x86_64.pl
> +@@ -52,6 +52,7 @@ $code.=<<___;
> + .type	padlock_capability,\@abi-omnipotent
> + .align	16
> + padlock_capability:
> ++	endbranch;
> + 	mov	%rbx,%r8
> + 	xor	%eax,%eax
> + 	cpuid
> +@@ -91,6 +92,7 @@ padlock_capability:
> + .type	padlock_key_bswap,\@abi-omnipotent,0
> + .align	16
> + padlock_key_bswap:
> ++	endbranch;
> + 	mov	240($arg1),%edx
> + 	inc	%edx
> + 	shl	\$2,%edx
> +@@ -108,6 +110,7 @@ padlock_key_bswap:
> + .type	padlock_verify_context,\@abi-omnipotent
> + .align	16
> + padlock_verify_context:
> ++	endbranch;
> + 	mov	$arg1,$ctx
> + 	pushf
> + 	lea	.Lpadlock_saved_context(%rip),%rax
> +@@ -135,6 +138,7 @@ _padlock_verify_ctx:
> + .type	padlock_reload_key,\@abi-omnipotent
> + .align	16
> + padlock_reload_key:
> ++	endbranch;
> + 	pushf
> + 	popf
> + 	ret
> +@@ -144,6 +148,7 @@ padlock_reload_key:
> + .type	padlock_aes_block,\@function,3
> + .align	16
> + padlock_aes_block:
> ++	endbranch;
> + 	mov	%rbx,%r8
> + 	mov	\$1,$len
> + 	lea	32($ctx),%rbx		# key
> +@@ -157,6 +162,7 @@ padlock_aes_block:
> + .type	padlock_xstore,\@function,2
> + .align	16
> + padlock_xstore:
> ++	endbranch;
> + 	mov	%esi,%edx
> + 	.byte	0x0f,0xa7,0xc0		# xstore
> + 	ret
> +@@ -166,6 +172,7 @@ padlock_xstore:
> + .type	padlock_sha1_oneshot,\@function,3
> + .align	16
> + padlock_sha1_oneshot:
> ++	endbranch;
> + 	mov	%rdx,%rcx
> + 	mov	%rdi,%rdx		# put aside %rdi
> + 	movups	(%rdi),%xmm0		# copy-in context
> +@@ -188,6 +195,7 @@ padlock_sha1_oneshot:
> + .type	padlock_sha1_blocks,\@function,3
> + .align	16
> + padlock_sha1_blocks:
> ++	endbranch;
> + 	mov	%rdx,%rcx
> + 	mov	%rdi,%rdx		# put aside %rdi
> + 	movups	(%rdi),%xmm0		# copy-in context
> +@@ -210,6 +218,7 @@ padlock_sha1_blocks:
> + .type	padlock_sha256_oneshot,\@function,3
> + .align	16
> + padlock_sha256_oneshot:
> ++	endbranch;
> + 	mov	%rdx,%rcx
> + 	mov	%rdi,%rdx		# put aside %rdi
> + 	movups	(%rdi),%xmm0		# copy-in context
> +@@ -232,6 +241,7 @@ padlock_sha256_oneshot:
> + .type	padlock_sha256_blocks,\@function,3
> + .align	16
> + padlock_sha256_blocks:
> ++	endbranch;
> + 	mov	%rdx,%rcx
> + 	mov	%rdi,%rdx		# put aside %rdi
> + 	movups	(%rdi),%xmm0		# copy-in context
> +@@ -254,6 +264,7 @@ padlock_sha256_blocks:
> + .type	padlock_sha512_blocks,\@function,3
> + .align	16
> + padlock_sha512_blocks:
> ++	endbranch;
> + 	mov	%rdx,%rcx
> + 	mov	%rdi,%rdx		# put aside %rdi
> + 	movups	(%rdi),%xmm0		# copy-in context
> +@@ -289,6 +300,7 @@ $code.=<<___;
> + .type	padlock_${mode}_encrypt,\@function,4
> + .align	16
> + padlock_${mode}_encrypt:
> ++	endbranch;
> + 	push	%rbp
> + 	push	%rbx
> + 
>