From 8ba95b3566ae4d1ef5e235bbd7dc8e58c93a897d Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 3 Dec 2024 07:37:58 -0800 Subject: [PATCH 01/14] Support Armv8.5 RNDR as prediction resistance --- crypto/CMakeLists.txt | 1 + crypto/fipsmodule/CMakeLists.txt | 2 + crypto/fipsmodule/cpucap/cpu_aarch64_linux.c | 7 ++ crypto/fipsmodule/cpucap/internal.h | 4 ++ crypto/fipsmodule/rand/asm/rndr-armv8.pl | 71 +++++++++++++++++++ .../rand/entropy/entropy_source_tests.cc | 27 +++++++ .../fipsmodule/rand/entropy/entropy_sources.c | 16 +++-- crypto/fipsmodule/rand/internal.h | 35 +++++++-- crypto/fipsmodule/rand/rand.c | 6 +- crypto/fipsmodule/rand/urandom_test.cc | 4 +- crypto/rand_extra/rand_test.cc | 4 +- include/openssl/arm_arch.h | 3 + util/fipstools/delocate/delocate.go | 3 +- 13 files changed, 164 insertions(+), 19 deletions(-) create mode 100644 crypto/fipsmodule/rand/asm/rndr-armv8.pl create mode 100644 crypto/fipsmodule/rand/entropy/entropy_source_tests.cc diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 9efccc4486..22e1f756a9 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -802,6 +802,7 @@ if(BUILD_TESTING) fipsmodule/rand/ctrdrbg_test.cc fipsmodule/rand/cpu_jitter_test.cc fipsmodule/rand/new_rand_test.cc + fipsmodule/rand/entropy/entropy_source_tests.cc fipsmodule/service_indicator/service_indicator_test.cc fipsmodule/sha/sha_test.cc fipsmodule/sha/sha3_test.cc diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt index e2af084285..fad19c2cbc 100644 --- a/crypto/fipsmodule/CMakeLists.txt +++ b/crypto/fipsmodule/CMakeLists.txt @@ -100,6 +100,7 @@ if(ARCH STREQUAL "aarch64") md5-armv8.${ASM_EXT} p256-armv8-asm.${ASM_EXT} p256_beeu-armv8-asm.${ASM_EXT} + rndr-armv8.${ASM_EXT} sha1-armv8.${ASM_EXT} sha256-armv8.${ASM_EXT} sha512-armv8.${ASM_EXT} @@ -149,6 +150,7 @@ if(PERL_EXECUTABLE) perlasm(p256-armv8-asm.${ASM_EXT} ec/asm/p256-armv8-asm.pl) perlasm(p256_beeu-armv8-asm.${ASM_EXT} ec/asm/p256_beeu-armv8-asm.pl) perlasm(rdrand-x86_64.${ASM_EXT} rand/asm/rdrand-x86_64.pl) + perlasm(rndr-armv8.${ASM_EXT} rand/asm/rndr-armv8.pl) perlasm(rsaz-avx2.${ASM_EXT} bn/asm/rsaz-avx2.pl) perlasm(rsaz-2k-avx512.${ASM_EXT} bn/asm/rsaz-2k-avx512.pl) perlasm(rsaz-3k-avx512.${ASM_EXT} bn/asm/rsaz-3k-avx512.pl) diff --git a/crypto/fipsmodule/cpucap/cpu_aarch64_linux.c b/crypto/fipsmodule/cpucap/cpu_aarch64_linux.c index c681a2e0a0..3997f99167 100644 --- a/crypto/fipsmodule/cpucap/cpu_aarch64_linux.c +++ b/crypto/fipsmodule/cpucap/cpu_aarch64_linux.c @@ -35,6 +35,7 @@ static uint64_t armv8_cpuid_probe(void) { void OPENSSL_cpuid_setup(void) { unsigned long hwcap = getauxval(AT_HWCAP); + unsigned long hwcap2 = getauxval(AT_HWCAP2); // See /usr/include/asm/hwcap.h on an aarch64 installation for the source of // these values. @@ -47,6 +48,8 @@ void OPENSSL_cpuid_setup(void) { static const unsigned long kSHA3 = 1 << 17; static const unsigned long kCPUID = 1 << 11; + static const unsigned long kRNGhwcap2 = 1 << 16;; + uint64_t OPENSSL_arm_midr = 0; if ((hwcap & kNEON) == 0) { @@ -97,6 +100,10 @@ void OPENSSL_cpuid_setup(void) { OPENSSL_armcap_P |= (ARMV8_DIT | ARMV8_DIT_ALLOWED); } + if (hwcap2 & kRNGhwcap2) { + OPENSSL_armcap_P |= ARMV8_RNG; + } + // OPENSSL_armcap is a 32-bit, unsigned value which may start with "0x" to // indicate a hex value. Prior to the 32-bit value, a '~' or '|' may be given. // diff --git a/crypto/fipsmodule/cpucap/internal.h b/crypto/fipsmodule/cpucap/internal.h index 784698a873..f898665c66 100644 --- a/crypto/fipsmodule/cpucap/internal.h +++ b/crypto/fipsmodule/cpucap/internal.h @@ -260,6 +260,10 @@ OPENSSL_INLINE int CRYPTO_is_ARMv8_DIT_capable(void) { // This function is used only for testing; hence, not inlined OPENSSL_EXPORT int CRYPTO_is_ARMv8_DIT_capable_for_testing(void); +OPENSSL_INLINE int CRYPTO_is_RNDR_capable(void) { + return (OPENSSL_armcap_P & ARMV8_RNG) != 0; +} + #endif // OPENSSL_ARM || OPENSSL_AARCH64 #if defined(AARCH64_DIT_SUPPORTED) diff --git a/crypto/fipsmodule/rand/asm/rndr-armv8.pl b/crypto/fipsmodule/rand/asm/rndr-armv8.pl new file mode 100644 index 0000000000..f1a4bf89ab --- /dev/null +++ b/crypto/fipsmodule/rand/asm/rndr-armv8.pl @@ -0,0 +1,71 @@ +#! /usr/bin/env perl + +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 OR ISC + +# RNDR from ARMv8.5-A. +# System register encoding: s3_3_c2_c4_0 +# see https://developer.arm.com/documentation/ddi0601/2024-09/AArch64-Registers/RNDR--Random-Number + +# The first two arguments should always be the flavour and output file path. +if ($#ARGV < 1) { die "Not enough arguments provided. + Two arguments are necessary: the flavour and the output file path."; } + +my $flavour = shift; +my $output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +my $rndr_reg = "s3_3_c2_c4_0"; + +$code.=<<___; +#include +#if __ARM_MAX_ARCH__ >= 8 + +.arch armv8-a +.text + +# size_t CRYPTO_rndr(uint8_t *out, size_t out_len) +.globl CRYPTO_rndr +.type CRYPTO_rndr,%function +.align 4 +CRYPTO_rndr: + mov x2, #0 + +.Lrndr_loop: + cbz x1, .Lrndr_done // out_len == 0? + + mrs x3, $rndr_reg + cbz x3, .Lrndr_done // Check of RNDR failed + + cmp x1, #8 // Sets N if strictly less than 8 bytes left + blt .Lrndr_less_than_8_bytes + + str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 + add x2, x2, #8 // Adds 8 to return value + sub x1, x1, #8 + b .Lrndr_loop + +.Lrndr_less_than_8_bytes: + strb w3, [x0] + lsr x3, x3, #8 + add x2, x2, #1 + add x0, x0, #1 + sub x1, x1, #1 + cbnz x1, .Lrndr_less_than_8_bytes + +.Lrndr_done: + mov x0, x2 // Return value + ret +.size CRYPTO_rndr,.-CRYPTO_rndr +#endif +___ + +print $code; +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc new file mode 100644 index 0000000000..05490fec9c --- /dev/null +++ b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc @@ -0,0 +1,27 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 OR ISC + +#include + +#include "internal.h" +#include "../internal.h" + +#define MAX_EXTRACT_FROM_RNG (8*16) + +// In the future this test can be improved by being able to predict whether the +// test is running on hardware that we expect to support RNDR. This will require +// amending the CI with such information. +// For now, simply ensure we exercise all code-paths in the CRYPTO_rndr +// implementation. +TEST(EntropySupport, Aarch64) { +#if !defined(OPENSSL_AARCH64) + ASSERT_FALSE(have_hw_rng_aarch64()); +#else + uint8_t buf[MAX_EXTRACT_FROM_RNG] = { 0 } ; + if (have_hw_rng_aarch64() == 1) { + for (size_t i = 0; i < MAX_EXTRACT_FROM_RNG; i++) { + ASSERT_TRUE(CRYPTO_rndr(buf, i)); + } + } +#endif +} diff --git a/crypto/fipsmodule/rand/entropy/entropy_sources.c b/crypto/fipsmodule/rand/entropy/entropy_sources.c index 333713ed98..aae2d22593 100644 --- a/crypto/fipsmodule/rand/entropy/entropy_sources.c +++ b/crypto/fipsmodule/rand/entropy/entropy_sources.c @@ -13,11 +13,16 @@ static int entropy_get_prediction_resistance( const struct entropy_source_t *entropy_source, uint8_t pred_resistance[RAND_PRED_RESISTANCE_LEN]) { - if (have_fast_rdrand() == 1 && - rdrand(pred_resistance, RAND_PRED_RESISTANCE_LEN) != 1) { - return 0; +#if defined(OPENSSL_X86_64) + if (rdrand(pred_resistance, RAND_PRED_RESISTANCE_LEN) == 1) { + return 1; } - return 1; +#elif defined(OPENSSL_AARCH64) + if (CRYPTO_rndr(pred_resistance, RAND_PRED_RESISTANCE_LEN) == 1) { + return 1; + } +#endif + return 0; } static int entropy_get_extra_entropy( @@ -37,7 +42,8 @@ DEFINE_LOCAL_DATA(struct entropy_source_methods, tree_jitter_entropy_source_meth out->free_thread = tree_jitter_free_thread_drbg; out->get_seed = tree_jitter_get_seed; out->get_extra_entropy = entropy_get_extra_entropy; - if (have_fast_rdrand() == 1) { + if (have_hw_rng_x86_64_fast() == 1 || + have_hw_rng_aarch64() == 1) { out->get_prediction_resistance = entropy_get_prediction_resistance; } else { out->get_prediction_resistance = NULL; diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h index 7da6895dc1..a89169eeb7 100644 --- a/crypto/fipsmodule/rand/internal.h +++ b/crypto/fipsmodule/rand/internal.h @@ -101,14 +101,14 @@ int rdrand(uint8_t *buf, const size_t len); #if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) -OPENSSL_INLINE int have_rdrand(void) { +OPENSSL_INLINE int have_hw_rng_x86_64(void) { return CRYPTO_is_RDRAND_capable(); } // have_fast_rdrand returns true if RDRAND is supported and it's reasonably // fast. Concretely the latter is defined by whether the chip is Intel (fast) or // not (assumed slow). -OPENSSL_INLINE int have_fast_rdrand(void) { +OPENSSL_INLINE int have_hw_rng_x86_64_fast(void) { return CRYPTO_is_RDRAND_capable() && CRYPTO_is_intel_cpu(); } @@ -121,17 +121,40 @@ int CRYPTO_rdrand(uint8_t out[8]); // one on success and zero on hardware failure. int CRYPTO_rdrand_multiple8_buf(uint8_t *buf, size_t len); -#else // OPENSSL_X86_64 && !OPENSSL_NO_ASM +#else // defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) -OPENSSL_INLINE int have_rdrand(void) { +OPENSSL_INLINE int have_hw_rng_x86_64(void) { return 0; } -OPENSSL_INLINE int have_fast_rdrand(void) { +OPENSSL_INLINE int have_hw_rng_x86_64_fast(void) { return 0; } -#endif // OPENSSL_X86_64 && !OPENSSL_NO_ASM +#endif // defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) + +#if defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) + +size_t CRYPTO_rndr(uint8_t *out, size_t out_len); + +OPENSSL_INLINE int have_hw_rng_aarch64(void) { + return CRYPTO_is_RNDR_capable(); +} + + +#else // defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) + +size_t CRYPTO_rndr(uint8_t *out, size_t out_len) { + return 0; +} + +OPENSSL_INLINE int have_hw_rng_aarch64(void) { + return 0; +} + +#endif // defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) + + // Don't retry forever. There is no science in picking this number and can be // adjusted in the future if need be. We do not backoff forever, because we diff --git a/crypto/fipsmodule/rand/rand.c b/crypto/fipsmodule/rand/rand.c index ce900ccdd6..2936543634 100644 --- a/crypto/fipsmodule/rand/rand.c +++ b/crypto/fipsmodule/rand/rand.c @@ -343,7 +343,7 @@ void CRYPTO_get_seed_entropy(uint8_t entropy[PASSIVE_ENTROPY_LOAD_LENGTH], int *out_want_additional_input) { *out_want_additional_input = 0; - if (have_rdrand() == 1) { + if (have_hw_rng_x86_64() == 1) { if (rdrand(entropy, PASSIVE_ENTROPY_LOAD_LENGTH) != 1) { abort(); } @@ -400,7 +400,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, uint8_t additional_data[32]; // Intel chips have fast RDRAND instructions while, in other cases, RDRAND can // be _slower_ than a system call. - if (!have_fast_rdrand() || + if (!have_hw_rng_x86_64_fast() || !rdrand(additional_data, sizeof(additional_data))) { // Without a hardware RNG to save us from address-space duplication, the OS // entropy is used. This can be expensive (one read per |RAND_bytes| call) @@ -411,7 +411,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, if ((snapsafe_status != 0 && fork_generation != 0) || fork_unsafe_buffering) { OPENSSL_memset(additional_data, 0, sizeof(additional_data)); - } else if (!have_rdrand()) { + } else if (!have_hw_rng_x86_64()) { // No alternative so block for OS entropy. CRYPTO_sysrand(additional_data, sizeof(additional_data)); } else if (!CRYPTO_sysrand_if_available(additional_data, diff --git a/crypto/fipsmodule/rand/urandom_test.cc b/crypto/fipsmodule/rand/urandom_test.cc index 8c67b2a733..a7de97d564 100644 --- a/crypto/fipsmodule/rand/urandom_test.cc +++ b/crypto/fipsmodule/rand/urandom_test.cc @@ -495,8 +495,8 @@ static std::vector TestFunctionPRNGModel(unsigned flags) { const size_t kAdditionalDataLength = 32; const size_t kPersonalizationStringLength = CTR_DRBG_ENTROPY_LEN; const size_t kPassiveEntropyWithWhitenFactor = PASSIVE_ENTROPY_LOAD_LENGTH; - const bool kHaveRdrand = have_rdrand(); - const bool kHaveFastRdrand = have_fast_rdrand(); + const bool kHaveRdrand = have_hw_rng_x86_64(); + const bool kHaveFastRdrand = have_hw_rng_x86_64_fast(); const bool kHaveForkDetection = have_fork_detection(); // Additional data might be drawn on each invocation of RAND_bytes(). In case diff --git a/crypto/rand_extra/rand_test.cc b/crypto/rand_extra/rand_test.cc index 45ee613931..02985668ee 100644 --- a/crypto/rand_extra/rand_test.cc +++ b/crypto/rand_extra/rand_test.cc @@ -217,7 +217,7 @@ TEST(RandTest, Threads) { #if defined(OPENSSL_X86_64) && defined(SUPPORTS_ABI_TEST) TEST(RandTest, RdrandABI) { - if (!have_rdrand()) { + if (!have_hw_rng_x86_64()) { fprintf(stderr, "rdrand not supported. Skipping.\n"); return; } @@ -275,7 +275,7 @@ TEST(RandTest, PassiveEntropyDepletedObviouslyNotBroken) { // we can only validate the correct value is set on the static build type. #if !defined(BORINGSSL_SHARED_LIBRARY) int want_additional_input_expect = 0; - if (have_rdrand()) { + if (have_hw_rng_x86_64()) { want_additional_input_expect = 1; } EXPECT_EQ(out_want_additional_input_false_default, want_additional_input_expect); diff --git a/include/openssl/arm_arch.h b/include/openssl/arm_arch.h index b770f964d8..fbec6b6bc3 100644 --- a/include/openssl/arm_arch.h +++ b/include/openssl/arm_arch.h @@ -98,6 +98,9 @@ // |armv8_disable_dit| and |armv8_enable_dit|, respectively. #define ARMV8_DIT_ALLOWED (1 << 16) +// ARMV8_RNG indicates supports for hardware RNG instruction RNDR. +#define ARMV8_RNG (1 << 17) + // // MIDR_EL1 system register diff --git a/util/fipstools/delocate/delocate.go b/util/fipstools/delocate/delocate.go index f3c94573b3..6285b8790e 100644 --- a/util/fipstools/delocate/delocate.go +++ b/util/fipstools/delocate/delocate.go @@ -2418,7 +2418,8 @@ func localEntryName(name string) string { func isSynthesized(symbol string, processor processorType) bool { SymbolisSynthesized := strings.HasSuffix(symbol, "_bss_get") || symbol == "OPENSSL_ia32cap_get" || - symbol == "BORINGSSL_bcm_text_hash" + symbol == "BORINGSSL_bcm_text_hash" || + symbol == "s3_3_c2_c4_0" // While BORINGSSL_bcm_text_[start,end] are known symbols, on aarch64 we go // through the GOT because adr doesn't have adequate reach. From 991f3648cded8b7d6860512a27186829ddf45ee9 Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 3 Dec 2024 07:45:43 -0800 Subject: [PATCH 02/14] Always declare. Also, inline if not supported. --- crypto/fipsmodule/rand/internal.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h index a89169eeb7..ab4e03abad 100644 --- a/crypto/fipsmodule/rand/internal.h +++ b/crypto/fipsmodule/rand/internal.h @@ -133,18 +133,17 @@ OPENSSL_INLINE int have_hw_rng_x86_64_fast(void) { #endif // defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) -#if defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) - size_t CRYPTO_rndr(uint8_t *out, size_t out_len); +#if defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) + OPENSSL_INLINE int have_hw_rng_aarch64(void) { return CRYPTO_is_RNDR_capable(); } - #else // defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) -size_t CRYPTO_rndr(uint8_t *out, size_t out_len) { +OPENSSL_INLINE size_t CRYPTO_rndr(uint8_t *out, size_t out_len) { return 0; } From 02f7c70c626fe7f2baf94fbb9597c3c3ac2b0b94 Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 3 Dec 2024 07:47:57 -0800 Subject: [PATCH 03/14] Oops previous commit doesn't quite work --- crypto/fipsmodule/rand/internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h index ab4e03abad..f19c08344b 100644 --- a/crypto/fipsmodule/rand/internal.h +++ b/crypto/fipsmodule/rand/internal.h @@ -133,10 +133,10 @@ OPENSSL_INLINE int have_hw_rng_x86_64_fast(void) { #endif // defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) -size_t CRYPTO_rndr(uint8_t *out, size_t out_len); - #if defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) +size_t CRYPTO_rndr(uint8_t *out, size_t out_len); + OPENSSL_INLINE int have_hw_rng_aarch64(void) { return CRYPTO_is_RNDR_capable(); } From 804a6f27155e5cece2b7cb84d4b91983b32210cd Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 3 Dec 2024 10:36:45 -0800 Subject: [PATCH 04/14] Be less strict at pre-compiler time --- crypto/fipsmodule/rand/asm/rndr-armv8.pl | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/fipsmodule/rand/asm/rndr-armv8.pl b/crypto/fipsmodule/rand/asm/rndr-armv8.pl index f1a4bf89ab..14d4ffb989 100644 --- a/crypto/fipsmodule/rand/asm/rndr-armv8.pl +++ b/crypto/fipsmodule/rand/asm/rndr-armv8.pl @@ -26,7 +26,6 @@ $code.=<<___; #include -#if __ARM_MAX_ARCH__ >= 8 .arch armv8-a .text @@ -64,7 +63,6 @@ mov x0, x2 // Return value ret .size CRYPTO_rndr,.-CRYPTO_rndr -#endif ___ print $code; From 2cb3adcd5d50283521de303fa02243a7f4bd5a50 Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 3 Dec 2024 12:24:47 -0800 Subject: [PATCH 05/14] Fix tests --- crypto/fipsmodule/rand/asm/rndr-armv8.pl | 28 +++++++++++-------- .../rand/entropy/entropy_source_tests.cc | 5 +++- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/crypto/fipsmodule/rand/asm/rndr-armv8.pl b/crypto/fipsmodule/rand/asm/rndr-armv8.pl index 14d4ffb989..b10d565a7c 100644 --- a/crypto/fipsmodule/rand/asm/rndr-armv8.pl +++ b/crypto/fipsmodule/rand/asm/rndr-armv8.pl @@ -22,8 +22,6 @@ open OUT,"| \"$^X\" $xlate $flavour $output"; *STDOUT=*OUT; -my $rndr_reg = "s3_3_c2_c4_0"; - $code.=<<___; #include @@ -35,23 +33,25 @@ .type CRYPTO_rndr,%function .align 4 CRYPTO_rndr: - mov x2, #0 + cbz x1, .Lrndr_error // out_len = 0 is not supported + mov x4, x1 // out_len: requested number of bytes + mov x2, #0 // Counts number of bytes generated .Lrndr_loop: - cbz x1, .Lrndr_done // out_len == 0? - - mrs x3, $rndr_reg - cbz x3, .Lrndr_done // Check of RNDR failed + mrs x3, s3_3_c2_c4_0 // rndr instruction + cbz x3, .Lrndr_error // Check if RNDR failed - cmp x1, #8 // Sets N if strictly less than 8 bytes left + cmp x1, #8 // Sets N if strictly less than 8 bytes left blt .Lrndr_less_than_8_bytes - str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 - add x2, x2, #8 // Adds 8 to return value + str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 + add x2, x2, #8 // Adds 8 to counter sub x1, x1, #8 + cbz x1, .Lrndr_done // If multiple of 8 this will be 0 eventually b .Lrndr_loop .Lrndr_less_than_8_bytes: + // Copy remaining bytes one by one strb w3, [x0] lsr x3, x3, #8 add x2, x2, #1 @@ -60,7 +60,13 @@ cbnz x1, .Lrndr_less_than_8_bytes .Lrndr_done: - mov x0, x2 // Return value + cmp x2, x4 // Ensure correct number of bytes were generated + bne .Lrndr_error + mov x0, #1 // Return value success + ret + +.Lrndr_error: + mov x0, #0 // Return value error ret .size CRYPTO_rndr,.-CRYPTO_rndr ___ diff --git a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc index 05490fec9c..ef47458cdf 100644 --- a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc +++ b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc @@ -19,7 +19,10 @@ TEST(EntropySupport, Aarch64) { #else uint8_t buf[MAX_EXTRACT_FROM_RNG] = { 0 } ; if (have_hw_rng_aarch64() == 1) { - for (size_t i = 0; i < MAX_EXTRACT_FROM_RNG; i++) { + // Extracting 0 bytes is not supported. + ASSERT_FALSE(CRYPTO_rndr(buf, 0)); + + for (size_t i = 1; i < MAX_EXTRACT_FROM_RNG; i++) { ASSERT_TRUE(CRYPTO_rndr(buf, i)); } } From a5993e648cdea8c2594557f6b746c04289f68eaf Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 3 Dec 2024 12:25:01 -0800 Subject: [PATCH 06/14] Update build files in generated-src --- .../crypto/fipsmodule/rndr-armv8.S | 54 ++++++++++++++++++ .../crypto/fipsmodule/rndr-armv8.S | 54 ++++++++++++++++++ .../crypto/fipsmodule/rndr-armv8.S | 56 +++++++++++++++++++ 3 files changed, 164 insertions(+) create mode 100644 generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S create mode 100644 generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S create mode 100644 generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S diff --git a/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S b/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S new file mode 100644 index 0000000000..616f24922f --- /dev/null +++ b/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S @@ -0,0 +1,54 @@ +// This file is generated from a similarly-named Perl script in the BoringSSL +// source tree. Do not edit by hand. + +#include + +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__) +#include + + +.text + +# size_t CRYPTO_rndr(uint8_t *out, size_t out_len) +.globl _CRYPTO_rndr +.private_extern _CRYPTO_rndr + +.align 4 +_CRYPTO_rndr: + cbz x1, Lrndr_error // out_len = 0 is not supported + mov x4, x1 // out_len: requested number of bytes + mov x2, #0 // Counts number of bytes generated + +Lrndr_loop: + mrs x3, s3_3_c2_c4_0 // rndr instruction + cbz x3, Lrndr_error // Check if RNDR failed + + cmp x1, #8 // Sets N if strictly less than 8 bytes left + blt Lrndr_less_than_8_bytes + + str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 + add x2, x2, #8 // Adds 8 to counter + sub x1, x1, #8 + cbz x1, Lrndr_done // If multiple of 8 this will be 0 eventually + b Lrndr_loop + +Lrndr_less_than_8_bytes: + // Copy remaining bytes one by one + strb w3, [x0] + lsr x3, x3, #8 + add x2, x2, #1 + add x0, x0, #1 + sub x1, x1, #1 + cbnz x1, Lrndr_less_than_8_bytes + +Lrndr_done: + cmp x2, x4 // Ensure correct number of bytes were generated + bne Lrndr_error + mov x0, #1 // Return value success + ret + +Lrndr_error: + mov x0, #0 // Return value error + ret + +#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__) diff --git a/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S b/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S new file mode 100644 index 0000000000..553b193a08 --- /dev/null +++ b/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S @@ -0,0 +1,54 @@ +// This file is generated from a similarly-named Perl script in the BoringSSL +// source tree. Do not edit by hand. + +#include + +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__) +#include + +.arch armv8-a +.text + +# size_t CRYPTO_rndr(uint8_t *out, size_t out_len) +.globl CRYPTO_rndr +.hidden CRYPTO_rndr +.type CRYPTO_rndr,%function +.align 4 +CRYPTO_rndr: + cbz x1, .Lrndr_error // out_len = 0 is not supported + mov x4, x1 // out_len: requested number of bytes + mov x2, #0 // Counts number of bytes generated + +.Lrndr_loop: + mrs x3, s3_3_c2_c4_0 // rndr instruction + cbz x3, .Lrndr_error // Check if RNDR failed + + cmp x1, #8 // Sets N if strictly less than 8 bytes left + blt .Lrndr_less_than_8_bytes + + str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 + add x2, x2, #8 // Adds 8 to counter + sub x1, x1, #8 + cbz x1, .Lrndr_done // If multiple of 8 this will be 0 eventually + b .Lrndr_loop + +.Lrndr_less_than_8_bytes: + // Copy remaining bytes one by one + strb w3, [x0] + lsr x3, x3, #8 + add x2, x2, #1 + add x0, x0, #1 + sub x1, x1, #1 + cbnz x1, .Lrndr_less_than_8_bytes + +.Lrndr_done: + cmp x2, x4 // Ensure correct number of bytes were generated + bne .Lrndr_error + mov x0, #1 // Return value success + ret + +.Lrndr_error: + mov x0, #0 // Return value error + ret +.size CRYPTO_rndr,.-CRYPTO_rndr +#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__) diff --git a/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S b/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S new file mode 100644 index 0000000000..2b75bd0bc9 --- /dev/null +++ b/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S @@ -0,0 +1,56 @@ +// This file is generated from a similarly-named Perl script in the BoringSSL +// source tree. Do not edit by hand. + +#include + +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(_WIN32) +#include + +.arch armv8-a +.text + +# size_t CRYPTO_rndr(uint8_t *out, size_t out_len) +.globl CRYPTO_rndr + +.def CRYPTO_rndr + .type 32 +.endef +.align 4 +CRYPTO_rndr: + cbz x1, Lrndr_error // out_len = 0 is not supported + mov x4, x1 // out_len: requested number of bytes + mov x2, #0 // Counts number of bytes generated + +Lrndr_loop: + mrs x3, s3_3_c2_c4_0 // rndr instruction + cbz x3, Lrndr_error // Check if RNDR failed + + cmp x1, #8 // Sets N if strictly less than 8 bytes left + blt Lrndr_less_than_8_bytes + + str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 + add x2, x2, #8 // Adds 8 to counter + sub x1, x1, #8 + cbz x1, Lrndr_done // If multiple of 8 this will be 0 eventually + b Lrndr_loop + +Lrndr_less_than_8_bytes: + // Copy remaining bytes one by one + strb w3, [x0] + lsr x3, x3, #8 + add x2, x2, #1 + add x0, x0, #1 + sub x1, x1, #1 + cbnz x1, Lrndr_less_than_8_bytes + +Lrndr_done: + cmp x2, x4 // Ensure correct number of bytes were generated + bne Lrndr_error + mov x0, #1 // Return value success + ret + +Lrndr_error: + mov x0, #0 // Return value error + ret + +#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(_WIN32) From 6d8aec1ddc6c04f61cbfc3cb825121f85d2b1539 Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 3 Dec 2024 14:00:53 -0800 Subject: [PATCH 07/14] Try more fixes --- crypto/fipsmodule/rand/asm/rndr-armv8.pl | 2 +- crypto/fipsmodule/rand/entropy/entropy_source_tests.cc | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/fipsmodule/rand/asm/rndr-armv8.pl b/crypto/fipsmodule/rand/asm/rndr-armv8.pl index b10d565a7c..df91ca6d7e 100644 --- a/crypto/fipsmodule/rand/asm/rndr-armv8.pl +++ b/crypto/fipsmodule/rand/asm/rndr-armv8.pl @@ -62,7 +62,7 @@ .Lrndr_done: cmp x2, x4 // Ensure correct number of bytes were generated bne .Lrndr_error - mov x0, #1 // Return value success + mov x0, #1 // Return value success ret .Lrndr_error: diff --git a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc index ef47458cdf..be36bebb49 100644 --- a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc +++ b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc @@ -5,6 +5,7 @@ #include "internal.h" #include "../internal.h" +#include "../cpucap/internal.h" #define MAX_EXTRACT_FROM_RNG (8*16) From 6ac93e4c92f3b600252e74c62aeef300026f3274 Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 3 Dec 2024 14:06:51 -0800 Subject: [PATCH 08/14] Correct path --- crypto/fipsmodule/rand/entropy/entropy_source_tests.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc index be36bebb49..341db3af92 100644 --- a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc +++ b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc @@ -5,7 +5,7 @@ #include "internal.h" #include "../internal.h" -#include "../cpucap/internal.h" +#include "../../cpucap/internal.h" #define MAX_EXTRACT_FROM_RNG (8*16) From 05c44122d04eee2de1f8007b00831f97f6fd1679 Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 3 Dec 2024 14:54:47 -0800 Subject: [PATCH 09/14] Workaround Arm capability vector being non-resolvable outside librypto --- crypto/fipsmodule/rand/asm/rndr-armv8.pl | 6 ++--- .../rand/entropy/entropy_source_tests.cc | 10 +++----- .../fipsmodule/rand/entropy/entropy_sources.c | 10 +++++++- crypto/fipsmodule/rand/entropy/internal.h | 25 +++++++++++++++++++ crypto/fipsmodule/rand/internal.h | 22 ---------------- 5 files changed, 41 insertions(+), 32 deletions(-) diff --git a/crypto/fipsmodule/rand/asm/rndr-armv8.pl b/crypto/fipsmodule/rand/asm/rndr-armv8.pl index df91ca6d7e..587fb91c26 100644 --- a/crypto/fipsmodule/rand/asm/rndr-armv8.pl +++ b/crypto/fipsmodule/rand/asm/rndr-armv8.pl @@ -28,13 +28,13 @@ .arch armv8-a .text -# size_t CRYPTO_rndr(uint8_t *out, size_t out_len) +# int CRYPTO_rndr(uint8_t *out, const size_t len) .globl CRYPTO_rndr .type CRYPTO_rndr,%function .align 4 CRYPTO_rndr: - cbz x1, .Lrndr_error // out_len = 0 is not supported - mov x4, x1 // out_len: requested number of bytes + cbz x1, .Lrndr_error // len = 0 is not supported + mov x4, x1 // len: requested number of bytes mov x2, #0 // Counts number of bytes generated .Lrndr_loop: diff --git a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc index 341db3af92..f4f5dd53e9 100644 --- a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc +++ b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc @@ -4,8 +4,6 @@ #include #include "internal.h" -#include "../internal.h" -#include "../../cpucap/internal.h" #define MAX_EXTRACT_FROM_RNG (8*16) @@ -16,15 +14,15 @@ // implementation. TEST(EntropySupport, Aarch64) { #if !defined(OPENSSL_AARCH64) - ASSERT_FALSE(have_hw_rng_aarch64()); + ASSERT_FALSE(have_hw_rng_aarch64_for_testing()); #else uint8_t buf[MAX_EXTRACT_FROM_RNG] = { 0 } ; - if (have_hw_rng_aarch64() == 1) { + if (have_hw_rng_aarch64_for_testing() == 1) { // Extracting 0 bytes is not supported. - ASSERT_FALSE(CRYPTO_rndr(buf, 0)); + ASSERT_FALSE(rndr(buf, 0)); for (size_t i = 1; i < MAX_EXTRACT_FROM_RNG; i++) { - ASSERT_TRUE(CRYPTO_rndr(buf, i)); + ASSERT_TRUE(rndr(buf, i)); } } #endif diff --git a/crypto/fipsmodule/rand/entropy/entropy_sources.c b/crypto/fipsmodule/rand/entropy/entropy_sources.c index aae2d22593..d06c7ef288 100644 --- a/crypto/fipsmodule/rand/entropy/entropy_sources.c +++ b/crypto/fipsmodule/rand/entropy/entropy_sources.c @@ -18,7 +18,7 @@ static int entropy_get_prediction_resistance( return 1; } #elif defined(OPENSSL_AARCH64) - if (CRYPTO_rndr(pred_resistance, RAND_PRED_RESISTANCE_LEN) == 1) { + if (rndr(pred_resistance, RAND_PRED_RESISTANCE_LEN) == 1) { return 1; } #endif @@ -74,3 +74,11 @@ struct entropy_source_t * get_entropy_source(void) { return entropy_source; } + +int rndr(uint8_t *buf, const size_t len) { + return CRYPTO_rndr(buf, len); +} + +int have_hw_rng_aarch64_for_testing(void) { + return have_hw_rng_aarch64(); +} diff --git a/crypto/fipsmodule/rand/entropy/internal.h b/crypto/fipsmodule/rand/entropy/internal.h index 8900b81f76..46b43f7aec 100644 --- a/crypto/fipsmodule/rand/entropy/internal.h +++ b/crypto/fipsmodule/rand/entropy/internal.h @@ -7,6 +7,7 @@ #include #include "../new_rand_internal.h" +#include "../../cpucap/internal.h" #if defined(__cplusplus) extern "C" { @@ -40,6 +41,30 @@ OPENSSL_EXPORT void tree_jitter_free_thread_drbg(struct entropy_source_t *entrop OPENSSL_EXPORT int tree_jitter_get_seed( const struct entropy_source_t *entropy_source, uint8_t seed[CTR_DRBG_ENTROPY_LEN]); + +OPENSSL_EXPORT int rndr(uint8_t *buf, const size_t len); +OPENSSL_EXPORT int have_hw_rng_aarch64_for_testing(void); + +#if defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) + +int CRYPTO_rndr(uint8_t *out, size_t out_len); + +OPENSSL_INLINE int have_hw_rng_aarch64(void) { + return CRYPTO_is_RNDR_capable(); +} + +#else // defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) + +OPENSSL_INLINE int CRYPTO_rndr(uint8_t *out, size_t out_len) { + return 0; +} + +OPENSSL_INLINE int have_hw_rng_aarch64(void) { + return 0; +} + +#endif // defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) + #if defined(__cplusplus) } // extern C #endif diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h index f19c08344b..d19bbac738 100644 --- a/crypto/fipsmodule/rand/internal.h +++ b/crypto/fipsmodule/rand/internal.h @@ -133,28 +133,6 @@ OPENSSL_INLINE int have_hw_rng_x86_64_fast(void) { #endif // defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) -#if defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) - -size_t CRYPTO_rndr(uint8_t *out, size_t out_len); - -OPENSSL_INLINE int have_hw_rng_aarch64(void) { - return CRYPTO_is_RNDR_capable(); -} - -#else // defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) - -OPENSSL_INLINE size_t CRYPTO_rndr(uint8_t *out, size_t out_len) { - return 0; -} - -OPENSSL_INLINE int have_hw_rng_aarch64(void) { - return 0; -} - -#endif // defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) - - - // Don't retry forever. There is no science in picking this number and can be // adjusted in the future if need be. We do not backoff forever, because we // believe that it is easier to detect failing calls than detecting infinite From 860f7a29c4e2bd906ec72f7c3f5ca848f2e700b1 Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Sun, 8 Dec 2024 08:30:43 -0800 Subject: [PATCH 10/14] function rename. reference for system register rndr encoding. use blo instead for unsigned integers. --- crypto/fipsmodule/cpucap/internal.h | 2 +- crypto/fipsmodule/rand/asm/rndr-armv8.pl | 10 +++++----- crypto/fipsmodule/rand/entropy/internal.h | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/crypto/fipsmodule/cpucap/internal.h b/crypto/fipsmodule/cpucap/internal.h index f898665c66..cb50656f34 100644 --- a/crypto/fipsmodule/cpucap/internal.h +++ b/crypto/fipsmodule/cpucap/internal.h @@ -260,7 +260,7 @@ OPENSSL_INLINE int CRYPTO_is_ARMv8_DIT_capable(void) { // This function is used only for testing; hence, not inlined OPENSSL_EXPORT int CRYPTO_is_ARMv8_DIT_capable_for_testing(void); -OPENSSL_INLINE int CRYPTO_is_RNDR_capable(void) { +OPENSSL_INLINE int CRYPTO_is_ARMv8_RNDR_capable(void) { return (OPENSSL_armcap_P & ARMV8_RNG) != 0; } diff --git a/crypto/fipsmodule/rand/asm/rndr-armv8.pl b/crypto/fipsmodule/rand/asm/rndr-armv8.pl index 587fb91c26..19cac0732b 100644 --- a/crypto/fipsmodule/rand/asm/rndr-armv8.pl +++ b/crypto/fipsmodule/rand/asm/rndr-armv8.pl @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 OR ISC # RNDR from ARMv8.5-A. -# System register encoding: s3_3_c2_c4_0 +# System register encoding: s3_3_c2_c4_0. # see https://developer.arm.com/documentation/ddi0601/2024-09/AArch64-Registers/RNDR--Random-Number # The first two arguments should always be the flavour and output file path. @@ -38,11 +38,11 @@ mov x2, #0 // Counts number of bytes generated .Lrndr_loop: - mrs x3, s3_3_c2_c4_0 // rndr instruction - cbz x3, .Lrndr_error // Check if RNDR failed + mrs x3, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding + cbz x3, .Lrndr_error // Check if rndr failed - cmp x1, #8 // Sets N if strictly less than 8 bytes left - blt .Lrndr_less_than_8_bytes + cmp x1, #8 // If strictly less than 8, does not set condition flag C + blo .Lrndr_less_than_8_bytes str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 add x2, x2, #8 // Adds 8 to counter diff --git a/crypto/fipsmodule/rand/entropy/internal.h b/crypto/fipsmodule/rand/entropy/internal.h index 46b43f7aec..32ef106427 100644 --- a/crypto/fipsmodule/rand/entropy/internal.h +++ b/crypto/fipsmodule/rand/entropy/internal.h @@ -50,7 +50,7 @@ OPENSSL_EXPORT int have_hw_rng_aarch64_for_testing(void); int CRYPTO_rndr(uint8_t *out, size_t out_len); OPENSSL_INLINE int have_hw_rng_aarch64(void) { - return CRYPTO_is_RNDR_capable(); + return CRYPTO_is_ARMv8_RNDR_capable(); } #else // defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) From 06863d1adcc37d95be260fa6b3545a5878693a19 Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 10 Dec 2024 07:01:34 -0800 Subject: [PATCH 11/14] Update build files in generated-src --- .../ios-aarch64/crypto/fipsmodule/rndr-armv8.S | 16 ++++++++-------- .../linux-aarch64/crypto/fipsmodule/rndr-armv8.S | 16 ++++++++-------- .../win-aarch64/crypto/fipsmodule/rndr-armv8.S | 16 ++++++++-------- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S b/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S index 616f24922f..186b1b0955 100644 --- a/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S +++ b/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S @@ -9,22 +9,22 @@ .text -# size_t CRYPTO_rndr(uint8_t *out, size_t out_len) +# int CRYPTO_rndr(uint8_t *out, const size_t len) .globl _CRYPTO_rndr .private_extern _CRYPTO_rndr .align 4 _CRYPTO_rndr: - cbz x1, Lrndr_error // out_len = 0 is not supported - mov x4, x1 // out_len: requested number of bytes + cbz x1, Lrndr_error // len = 0 is not supported + mov x4, x1 // len: requested number of bytes mov x2, #0 // Counts number of bytes generated Lrndr_loop: - mrs x3, s3_3_c2_c4_0 // rndr instruction - cbz x3, Lrndr_error // Check if RNDR failed + mrs x3, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding + cbz x3, Lrndr_error // Check if rndr failed - cmp x1, #8 // Sets N if strictly less than 8 bytes left - blt Lrndr_less_than_8_bytes + cmp x1, #8 // If strictly less than 8, does not set condition flag C + blo Lrndr_less_than_8_bytes str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 add x2, x2, #8 // Adds 8 to counter @@ -44,7 +44,7 @@ Lrndr_less_than_8_bytes: Lrndr_done: cmp x2, x4 // Ensure correct number of bytes were generated bne Lrndr_error - mov x0, #1 // Return value success + mov x0, #1 // Return value success ret Lrndr_error: diff --git a/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S b/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S index 553b193a08..4fdea12bbc 100644 --- a/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S +++ b/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S @@ -9,22 +9,22 @@ .arch armv8-a .text -# size_t CRYPTO_rndr(uint8_t *out, size_t out_len) +# int CRYPTO_rndr(uint8_t *out, const size_t len) .globl CRYPTO_rndr .hidden CRYPTO_rndr .type CRYPTO_rndr,%function .align 4 CRYPTO_rndr: - cbz x1, .Lrndr_error // out_len = 0 is not supported - mov x4, x1 // out_len: requested number of bytes + cbz x1, .Lrndr_error // len = 0 is not supported + mov x4, x1 // len: requested number of bytes mov x2, #0 // Counts number of bytes generated .Lrndr_loop: - mrs x3, s3_3_c2_c4_0 // rndr instruction - cbz x3, .Lrndr_error // Check if RNDR failed + mrs x3, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding + cbz x3, .Lrndr_error // Check if rndr failed - cmp x1, #8 // Sets N if strictly less than 8 bytes left - blt .Lrndr_less_than_8_bytes + cmp x1, #8 // If strictly less than 8, does not set condition flag C + blo .Lrndr_less_than_8_bytes str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 add x2, x2, #8 // Adds 8 to counter @@ -44,7 +44,7 @@ CRYPTO_rndr: .Lrndr_done: cmp x2, x4 // Ensure correct number of bytes were generated bne .Lrndr_error - mov x0, #1 // Return value success + mov x0, #1 // Return value success ret .Lrndr_error: diff --git a/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S b/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S index 2b75bd0bc9..59f9693cab 100644 --- a/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S +++ b/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S @@ -9,7 +9,7 @@ .arch armv8-a .text -# size_t CRYPTO_rndr(uint8_t *out, size_t out_len) +# int CRYPTO_rndr(uint8_t *out, const size_t len) .globl CRYPTO_rndr .def CRYPTO_rndr @@ -17,16 +17,16 @@ .endef .align 4 CRYPTO_rndr: - cbz x1, Lrndr_error // out_len = 0 is not supported - mov x4, x1 // out_len: requested number of bytes + cbz x1, Lrndr_error // len = 0 is not supported + mov x4, x1 // len: requested number of bytes mov x2, #0 // Counts number of bytes generated Lrndr_loop: - mrs x3, s3_3_c2_c4_0 // rndr instruction - cbz x3, Lrndr_error // Check if RNDR failed + mrs x3, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding + cbz x3, Lrndr_error // Check if rndr failed - cmp x1, #8 // Sets N if strictly less than 8 bytes left - blt Lrndr_less_than_8_bytes + cmp x1, #8 // If strictly less than 8, does not set condition flag C + blo Lrndr_less_than_8_bytes str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 add x2, x2, #8 // Adds 8 to counter @@ -46,7 +46,7 @@ Lrndr_less_than_8_bytes: Lrndr_done: cmp x2, x4 // Ensure correct number of bytes were generated bne Lrndr_error - mov x0, #1 // Return value success + mov x0, #1 // Return value success ret Lrndr_error: From 1e93f40785db61835cc2363552ea82171a614f34 Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Thu, 12 Dec 2024 08:02:51 -0800 Subject: [PATCH 12/14] Only allow multiples of 8 for RNDR significantly simplifying assembly --- crypto/fipsmodule/rand/asm/rndr-armv8.pl | 53 +++++++------------ .../rand/entropy/entropy_source_tests.cc | 33 ++++++++---- .../fipsmodule/rand/entropy/entropy_sources.c | 9 ++-- crypto/fipsmodule/rand/entropy/internal.h | 15 ++++-- crypto/fipsmodule/rand/internal.h | 2 + 5 files changed, 61 insertions(+), 51 deletions(-) diff --git a/crypto/fipsmodule/rand/asm/rndr-armv8.pl b/crypto/fipsmodule/rand/asm/rndr-armv8.pl index 19cac0732b..53162762dd 100644 --- a/crypto/fipsmodule/rand/asm/rndr-armv8.pl +++ b/crypto/fipsmodule/rand/asm/rndr-armv8.pl @@ -22,53 +22,38 @@ open OUT,"| \"$^X\" $xlate $flavour $output"; *STDOUT=*OUT; +my ($out, $len, $rndr64) = ("x0", "x1", "x2"); + $code.=<<___; #include .arch armv8-a .text -# int CRYPTO_rndr(uint8_t *out, const size_t len) -.globl CRYPTO_rndr -.type CRYPTO_rndr,%function +# int CRYPTO_rndr_multiple8(uint8_t *out, const size_t len) +.globl CRYPTO_rndr_multiple8 +.type CRYPTO_rndr_multiple8,%function .align 4 -CRYPTO_rndr: - cbz x1, .Lrndr_error // len = 0 is not supported - mov x4, x1 // len: requested number of bytes - mov x2, #0 // Counts number of bytes generated - -.Lrndr_loop: - mrs x3, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding - cbz x3, .Lrndr_error // Check if rndr failed - - cmp x1, #8 // If strictly less than 8, does not set condition flag C - blo .Lrndr_less_than_8_bytes +CRYPTO_rndr_multiple8: + cbz $len, .Lrndr_multiple8_error // len = 0 is not supported - str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 - add x2, x2, #8 // Adds 8 to counter - sub x1, x1, #8 - cbz x1, .Lrndr_done // If multiple of 8 this will be 0 eventually - b .Lrndr_loop +.Lrndr_multiple8_loop: + mrs $rndr64, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding + cbz $rndr64, .Lrndr_multiple8_error // Check if rndr failed -.Lrndr_less_than_8_bytes: - // Copy remaining bytes one by one - strb w3, [x0] - lsr x3, x3, #8 - add x2, x2, #1 - add x0, x0, #1 - sub x1, x1, #1 - cbnz x1, .Lrndr_less_than_8_bytes + str $rndr64, [$out], #8 // Copy 8 bytes to *out and increment pointer by 8 + sub $len, $len, #8 + cbz $len, .Lrndr_multiple8_done // If multiple of 8 this will be 0 eventually + b .Lrndr_multiple8_loop -.Lrndr_done: - cmp x2, x4 // Ensure correct number of bytes were generated - bne .Lrndr_error - mov x0, #1 // Return value success +.Lrndr_multiple8_done: + mov x0, #1 // Return value success ret -.Lrndr_error: - mov x0, #0 // Return value error +.Lrndr_multiple8_error: + mov x0, #0 // Return value error ret -.size CRYPTO_rndr,.-CRYPTO_rndr +.size CRYPTO_rndr_multiple8,.-CRYPTO_rndr_multiple8 ___ print $code; diff --git a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc index f4f5dd53e9..3ddd8e91eb 100644 --- a/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc +++ b/crypto/fipsmodule/rand/entropy/entropy_source_tests.cc @@ -5,25 +5,36 @@ #include "internal.h" -#define MAX_EXTRACT_FROM_RNG (8*16) +#define MAX_MULTIPLE_FROM_RNG (16) // In the future this test can be improved by being able to predict whether the // test is running on hardware that we expect to support RNDR. This will require // amending the CI with such information. -// For now, simply ensure we exercise all code-paths in the CRYPTO_rndr -// implementation. +// For now, simply ensure we exercise all code-paths in the +// CRYPTO_rndr_multiple8 implementation. TEST(EntropySupport, Aarch64) { + uint8_t buf[MAX_MULTIPLE_FROM_RNG*8] = { 0 } ; + #if !defined(OPENSSL_AARCH64) ASSERT_FALSE(have_hw_rng_aarch64_for_testing()); + ASSERT_FALSE(rndr_multiple8(buf, 0)); + ASSERT_FALSE(rndr_multiple8(buf, 8)); #else - uint8_t buf[MAX_EXTRACT_FROM_RNG] = { 0 } ; - if (have_hw_rng_aarch64_for_testing() == 1) { - // Extracting 0 bytes is not supported. - ASSERT_FALSE(rndr(buf, 0)); - - for (size_t i = 1; i < MAX_EXTRACT_FROM_RNG; i++) { - ASSERT_TRUE(rndr(buf, i)); - } + if (have_hw_rng_aarch64_for_testing() != 1) { + GTEST_SKIP() << "Compiled for Arm64, but Aarch64 hw rng is not available in run-time"; + } + + // Extracting 0 bytes is never supported. + ASSERT_FALSE(rndr_multiple8(buf, 0)); + + // Multiples of 8 allowed. + for (size_t i = 8; i < MAX_MULTIPLE_FROM_RNG; i += 8) { + ASSERT_TRUE(rndr_multiple8(buf, i)); + } + + // Must be multiples of 8. + for (size_t i : {1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 13, 14, 15}) { + ASSERT_FALSE(rndr_multiple8(buf, i)); } #endif } diff --git a/crypto/fipsmodule/rand/entropy/entropy_sources.c b/crypto/fipsmodule/rand/entropy/entropy_sources.c index d06c7ef288..43d7729a03 100644 --- a/crypto/fipsmodule/rand/entropy/entropy_sources.c +++ b/crypto/fipsmodule/rand/entropy/entropy_sources.c @@ -18,7 +18,7 @@ static int entropy_get_prediction_resistance( return 1; } #elif defined(OPENSSL_AARCH64) - if (rndr(pred_resistance, RAND_PRED_RESISTANCE_LEN) == 1) { + if (rndr_multiple8(pred_resistance, RAND_PRED_RESISTANCE_LEN) == 1) { return 1; } #endif @@ -75,8 +75,11 @@ struct entropy_source_t * get_entropy_source(void) { return entropy_source; } -int rndr(uint8_t *buf, const size_t len) { - return CRYPTO_rndr(buf, len); +int rndr_multiple8(uint8_t *buf, const size_t len) { + if (len == 0 || ((len & 0x7) != 0)) { + return 0; + } + return CRYPTO_rndr_multiple8(buf, len); } int have_hw_rng_aarch64_for_testing(void) { diff --git a/crypto/fipsmodule/rand/entropy/internal.h b/crypto/fipsmodule/rand/entropy/internal.h index 32ef106427..61e7601bae 100644 --- a/crypto/fipsmodule/rand/entropy/internal.h +++ b/crypto/fipsmodule/rand/entropy/internal.h @@ -41,21 +41,30 @@ OPENSSL_EXPORT void tree_jitter_free_thread_drbg(struct entropy_source_t *entrop OPENSSL_EXPORT int tree_jitter_get_seed( const struct entropy_source_t *entropy_source, uint8_t seed[CTR_DRBG_ENTROPY_LEN]); +// rndr_multiple8 writes |len| number of bytes to |buf| generated using the +// rndr instruction. |len| must be a multiple of 8. +// Outputs 1 on success, 0 otherwise. +OPENSSL_EXPORT int rndr_multiple8(uint8_t *buf, const size_t len); -OPENSSL_EXPORT int rndr(uint8_t *buf, const size_t len); +// have_hw_rng_aarch64_for_testing wraps |have_hw_rng_aarch64| to allow usage +// in testing. OPENSSL_EXPORT int have_hw_rng_aarch64_for_testing(void); #if defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) -int CRYPTO_rndr(uint8_t *out, size_t out_len); +// rndr_multiple8 writes |len| number of bytes to |buf| generated using the +// rndr instruction. |len| must be a multiple of 8 and positive. +// Outputs 1 on success, 0 otherwise. +int CRYPTO_rndr_multiple8(uint8_t *out, size_t out_len); +// Returns 1 if Armv8-A instruction rndr is available, 0 otherwise. OPENSSL_INLINE int have_hw_rng_aarch64(void) { return CRYPTO_is_ARMv8_RNDR_capable(); } #else // defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) -OPENSSL_INLINE int CRYPTO_rndr(uint8_t *out, size_t out_len) { +OPENSSL_INLINE int CRYPTO_rndr_multiple8(uint8_t *out, size_t out_len) { return 0; } diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h index d19bbac738..59d9c7c3b4 100644 --- a/crypto/fipsmodule/rand/internal.h +++ b/crypto/fipsmodule/rand/internal.h @@ -112,6 +112,8 @@ OPENSSL_INLINE int have_hw_rng_x86_64_fast(void) { return CRYPTO_is_RDRAND_capable() && CRYPTO_is_intel_cpu(); } +// TODO only allow multiples of 8 from rdrand + // CRYPTO_rdrand writes eight bytes of random data from the hardware RNG to // |out|. It returns one on success or zero on hardware failure. int CRYPTO_rdrand(uint8_t out[8]); From 33577f8018428a4ac3c081ddca6a2e576c887b5b Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Thu, 12 Dec 2024 08:12:52 -0800 Subject: [PATCH 13/14] Update build files in generated-src --- .../crypto/fipsmodule/rndr-armv8.S | 49 ++++++----------- .../crypto/fipsmodule/rndr-armv8.S | 53 +++++++------------ .../crypto/fipsmodule/rndr-armv8.S | 49 ++++++----------- 3 files changed, 50 insertions(+), 101 deletions(-) diff --git a/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S b/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S index 186b1b0955..6a71b5cde2 100644 --- a/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S +++ b/generated-src/ios-aarch64/crypto/fipsmodule/rndr-armv8.S @@ -9,46 +9,29 @@ .text -# int CRYPTO_rndr(uint8_t *out, const size_t len) -.globl _CRYPTO_rndr -.private_extern _CRYPTO_rndr +# int CRYPTO_rndr_multiple8(uint8_t *out, const size_t len) +.globl _CRYPTO_rndr_multiple8 +.private_extern _CRYPTO_rndr_multiple8 .align 4 -_CRYPTO_rndr: - cbz x1, Lrndr_error // len = 0 is not supported - mov x4, x1 // len: requested number of bytes - mov x2, #0 // Counts number of bytes generated +_CRYPTO_rndr_multiple8: + cbz x1, Lrndr_multiple8_error // len = 0 is not supported -Lrndr_loop: - mrs x3, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding - cbz x3, Lrndr_error // Check if rndr failed +Lrndr_multiple8_loop: + mrs x2, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding + cbz x2, Lrndr_multiple8_error // Check if rndr failed - cmp x1, #8 // If strictly less than 8, does not set condition flag C - blo Lrndr_less_than_8_bytes - - str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 - add x2, x2, #8 // Adds 8 to counter + str x2, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 sub x1, x1, #8 - cbz x1, Lrndr_done // If multiple of 8 this will be 0 eventually - b Lrndr_loop - -Lrndr_less_than_8_bytes: - // Copy remaining bytes one by one - strb w3, [x0] - lsr x3, x3, #8 - add x2, x2, #1 - add x0, x0, #1 - sub x1, x1, #1 - cbnz x1, Lrndr_less_than_8_bytes - -Lrndr_done: - cmp x2, x4 // Ensure correct number of bytes were generated - bne Lrndr_error - mov x0, #1 // Return value success + cbz x1, Lrndr_multiple8_done // If multiple of 8 this will be 0 eventually + b Lrndr_multiple8_loop + +Lrndr_multiple8_done: + mov x0, #1 // Return value success ret -Lrndr_error: - mov x0, #0 // Return value error +Lrndr_multiple8_error: + mov x0, #0 // Return value error ret #endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__) diff --git a/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S b/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S index 4fdea12bbc..256ef47ffb 100644 --- a/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S +++ b/generated-src/linux-aarch64/crypto/fipsmodule/rndr-armv8.S @@ -9,46 +9,29 @@ .arch armv8-a .text -# int CRYPTO_rndr(uint8_t *out, const size_t len) -.globl CRYPTO_rndr -.hidden CRYPTO_rndr -.type CRYPTO_rndr,%function +# int CRYPTO_rndr_multiple8(uint8_t *out, const size_t len) +.globl CRYPTO_rndr_multiple8 +.hidden CRYPTO_rndr_multiple8 +.type CRYPTO_rndr_multiple8,%function .align 4 -CRYPTO_rndr: - cbz x1, .Lrndr_error // len = 0 is not supported - mov x4, x1 // len: requested number of bytes - mov x2, #0 // Counts number of bytes generated +CRYPTO_rndr_multiple8: + cbz x1, .Lrndr_multiple8_error // len = 0 is not supported -.Lrndr_loop: - mrs x3, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding - cbz x3, .Lrndr_error // Check if rndr failed +.Lrndr_multiple8_loop: + mrs x2, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding + cbz x2, .Lrndr_multiple8_error // Check if rndr failed - cmp x1, #8 // If strictly less than 8, does not set condition flag C - blo .Lrndr_less_than_8_bytes - - str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 - add x2, x2, #8 // Adds 8 to counter + str x2, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 sub x1, x1, #8 - cbz x1, .Lrndr_done // If multiple of 8 this will be 0 eventually - b .Lrndr_loop - -.Lrndr_less_than_8_bytes: - // Copy remaining bytes one by one - strb w3, [x0] - lsr x3, x3, #8 - add x2, x2, #1 - add x0, x0, #1 - sub x1, x1, #1 - cbnz x1, .Lrndr_less_than_8_bytes - -.Lrndr_done: - cmp x2, x4 // Ensure correct number of bytes were generated - bne .Lrndr_error - mov x0, #1 // Return value success + cbz x1, .Lrndr_multiple8_done // If multiple of 8 this will be 0 eventually + b .Lrndr_multiple8_loop + +.Lrndr_multiple8_done: + mov x0, #1 // Return value success ret -.Lrndr_error: - mov x0, #0 // Return value error +.Lrndr_multiple8_error: + mov x0, #0 // Return value error ret -.size CRYPTO_rndr,.-CRYPTO_rndr +.size CRYPTO_rndr_multiple8,.-CRYPTO_rndr_multiple8 #endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__) diff --git a/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S b/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S index 59f9693cab..042a429f66 100644 --- a/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S +++ b/generated-src/win-aarch64/crypto/fipsmodule/rndr-armv8.S @@ -9,48 +9,31 @@ .arch armv8-a .text -# int CRYPTO_rndr(uint8_t *out, const size_t len) -.globl CRYPTO_rndr +# int CRYPTO_rndr_multiple8(uint8_t *out, const size_t len) +.globl CRYPTO_rndr_multiple8 -.def CRYPTO_rndr +.def CRYPTO_rndr_multiple8 .type 32 .endef .align 4 -CRYPTO_rndr: - cbz x1, Lrndr_error // len = 0 is not supported - mov x4, x1 // len: requested number of bytes - mov x2, #0 // Counts number of bytes generated +CRYPTO_rndr_multiple8: + cbz x1, Lrndr_multiple8_error // len = 0 is not supported -Lrndr_loop: - mrs x3, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding - cbz x3, Lrndr_error // Check if rndr failed +Lrndr_multiple8_loop: + mrs x2, s3_3_c2_c4_0 // rndr instruction https://developer.arm.com/documentation/ddi0601/2024-09/Index-by-Encoding + cbz x2, Lrndr_multiple8_error // Check if rndr failed - cmp x1, #8 // If strictly less than 8, does not set condition flag C - blo Lrndr_less_than_8_bytes - - str x3, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 - add x2, x2, #8 // Adds 8 to counter + str x2, [x0], #8 // Copy 8 bytes to *out and increment pointer by 8 sub x1, x1, #8 - cbz x1, Lrndr_done // If multiple of 8 this will be 0 eventually - b Lrndr_loop - -Lrndr_less_than_8_bytes: - // Copy remaining bytes one by one - strb w3, [x0] - lsr x3, x3, #8 - add x2, x2, #1 - add x0, x0, #1 - sub x1, x1, #1 - cbnz x1, Lrndr_less_than_8_bytes - -Lrndr_done: - cmp x2, x4 // Ensure correct number of bytes were generated - bne Lrndr_error - mov x0, #1 // Return value success + cbz x1, Lrndr_multiple8_done // If multiple of 8 this will be 0 eventually + b Lrndr_multiple8_loop + +Lrndr_multiple8_done: + mov x0, #1 // Return value success ret -Lrndr_error: - mov x0, #0 // Return value error +Lrndr_multiple8_error: + mov x0, #0 // Return value error ret #endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(_WIN32) From c40df9ce532999dd1263c4638b27394f37fabb9a Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Thu, 12 Dec 2024 15:25:08 -0800 Subject: [PATCH 14/14] typo --- crypto/fipsmodule/rand/entropy/internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/fipsmodule/rand/entropy/internal.h b/crypto/fipsmodule/rand/entropy/internal.h index 61e7601bae..cb15022905 100644 --- a/crypto/fipsmodule/rand/entropy/internal.h +++ b/crypto/fipsmodule/rand/entropy/internal.h @@ -52,8 +52,8 @@ OPENSSL_EXPORT int have_hw_rng_aarch64_for_testing(void); #if defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM) -// rndr_multiple8 writes |len| number of bytes to |buf| generated using the -// rndr instruction. |len| must be a multiple of 8 and positive. +// CRYPTO_rndr_multiple8 writes |len| number of bytes to |buf| generated using +// the rndr instruction. |len| must be a multiple of 8 and positive. // Outputs 1 on success, 0 otherwise. int CRYPTO_rndr_multiple8(uint8_t *out, size_t out_len);