git: e6c8997a8958 - main - OpenSSL: commit sys/crypto changes for 3.5.5
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 01 Feb 2026 17:16:01 UTC
The branch main has been updated by ngie:
URL: https://cgit.FreeBSD.org/src/commit/?id=e6c8997a8958c7aaec8e266d2eeefbfaa137e218
commit e6c8997a8958c7aaec8e266d2eeefbfaa137e218
Author: Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2026-02-01 17:05:55 +0000
Commit: Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2026-02-01 17:05:55 +0000
OpenSSL: commit sys/crypto changes for 3.5.5
These files were changed as part of the 3.5.4 -> 3.5.5 upgrade. Please
see the upstream release notes linked in
1731fc70f7344af08db49b06c63c963fa12ee354, et al, for more details.
MFC after: 6 days
MFC with: 1731fc70f7344af08db49b06c63c963fa12ee354
Fixes: 1731fc70f7344af08d ("OpenSSL: update vendor sources to match 3.5.5 content")
---
sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S | 14 +-
sys/crypto/openssl/arm_arch.h | 369 +++--
sys/crypto/openssl/powerpc/aes-gcm-ppc.S | 2118 +++++++++++--------------
sys/crypto/openssl/powerpc64/aes-gcm-ppc.S | 2119 +++++++++++---------------
sys/crypto/openssl/powerpc64le/aes-gcm-ppc.S | 2119 +++++++++++---------------
5 files changed, 2850 insertions(+), 3889 deletions(-)
diff --git a/sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S b/sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S
index 5627d6d1c6b4..b8c728e68683 100644
--- a/sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S
+++ b/sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S
@@ -1,5 +1,5 @@
/* Do not modify. This file is auto-generated from vpsm4_ex-armv8.pl. */
-// Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+// Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
//
// Licensed under the Apache License 2.0 (the "License"). You may not use
// this file except in compliance with the License. You can obtain a copy
@@ -35,13 +35,25 @@ _vpsm4_ex_consts:
.Lshuffles:
.quad 0x0B0A090807060504,0x030201000F0E0D0C
.Lxts_magic:
+#ifndef __AARCH64EB__
.quad 0x0101010101010187,0x0101010101010101
+#else
+.quad 0x0101010101010101,0x0101010101010187
+#endif
.Lsbox_magic:
+#ifndef __AARCH64EB__
.quad 0x0b0e0104070a0d00,0x0306090c0f020508
.quad 0x62185a2042387a00,0x22581a6002783a40
.quad 0x15df62a89e54e923,0xc10bb67c4a803df7
.quad 0xb9aa6b78c1d21300,0x1407c6d56c7fbead
.quad 0x6404462679195b3b,0xe383c1a1fe9edcbc
+#else
+.quad 0x0306090c0f020508,0x0b0e0104070a0d00
+.quad 0x22581a6002783a40,0x62185a2042387a00
+.quad 0xc10bb67c4a803df7,0x15df62a89e54e923
+.quad 0x1407c6d56c7fbead,0xb9aa6b78c1d21300
+.quad 0xe383c1a1fe9edcbc,0x6404462679195b3b
+#endif
.quad 0x0f0f0f0f0f0f0f0f,0x0f0f0f0f0f0f0f0f
.size _vpsm4_ex_consts,.-_vpsm4_ex_consts
diff --git a/sys/crypto/openssl/arm_arch.h b/sys/crypto/openssl/arm_arch.h
index acd8aee4d519..d570d1eba6c1 100644
--- a/sys/crypto/openssl/arm_arch.h
+++ b/sys/crypto/openssl/arm_arch.h
@@ -8,87 +8,80 @@
*/
#ifndef OSSL_CRYPTO_ARM_ARCH_H
-# define OSSL_CRYPTO_ARM_ARCH_H
-
-# if !defined(__ARM_ARCH__)
-# if defined(__CC_ARM)
-# define __ARM_ARCH__ __TARGET_ARCH_ARM
-# if defined(__BIG_ENDIAN)
-# define __ARMEB__
-# else
-# define __ARMEL__
-# endif
-# elif defined(__GNUC__)
-# if defined(__aarch64__)
-# define __ARM_ARCH__ 8
- /*
- * Why doesn't gcc define __ARM_ARCH__? Instead it defines
- * bunch of below macros. See all_architectures[] table in
- * gcc/config/arm/arm.c. On a side note it defines
- * __ARMEL__/__ARMEB__ for little-/big-endian.
- */
-# elif defined(__ARM_ARCH)
-# define __ARM_ARCH__ __ARM_ARCH
-# elif defined(__ARM_ARCH_8A__)
-# define __ARM_ARCH__ 8
-# elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \
- defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \
- defined(__ARM_ARCH_7EM__)
-# define __ARM_ARCH__ 7
-# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \
- defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \
- defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \
- defined(__ARM_ARCH_6T2__)
-# define __ARM_ARCH__ 6
-# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \
- defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \
- defined(__ARM_ARCH_5TEJ__)
-# define __ARM_ARCH__ 5
-# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__)
-# define __ARM_ARCH__ 4
-# else
-# error "unsupported ARM architecture"
-# endif
-# elif defined(__ARM_ARCH)
-# define __ARM_ARCH__ __ARM_ARCH
-# endif
-# endif
-
-# if !defined(__ARM_MAX_ARCH__)
-# define __ARM_MAX_ARCH__ __ARM_ARCH__
-# endif
-
-# if __ARM_MAX_ARCH__<__ARM_ARCH__
-# error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__"
-# elif __ARM_MAX_ARCH__!=__ARM_ARCH__
-# if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__)
-# error "can't build universal big-endian binary"
-# endif
-# endif
-
-# ifndef __ASSEMBLER__
+#define OSSL_CRYPTO_ARM_ARCH_H
+
+#if !defined(__ARM_ARCH__)
+#if defined(__CC_ARM)
+#define __ARM_ARCH__ __TARGET_ARCH_ARM
+#if defined(__BIG_ENDIAN)
+#define __ARMEB__
+#else
+#define __ARMEL__
+#endif
+#elif defined(__GNUC__)
+#if defined(__aarch64__)
+#define __ARM_ARCH__ 8
+/*
+ * Why doesn't gcc define __ARM_ARCH__? Instead it defines
+ * bunch of below macros. See all_architectures[] table in
+ * gcc/config/arm/arm.c. On a side note it defines
+ * __ARMEL__/__ARMEB__ for little-/big-endian.
+ */
+#elif defined(__ARM_ARCH)
+#define __ARM_ARCH__ __ARM_ARCH
+#elif defined(__ARM_ARCH_8A__)
+#define __ARM_ARCH__ 8
+#elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7EM__)
+#define __ARM_ARCH__ 7
+#elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6M__) || defined(__ARM_ARCH_6Z__) || defined(__ARM_ARCH_6ZK__) || defined(__ARM_ARCH_6T2__)
+#define __ARM_ARCH__ 6
+#elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || defined(__ARM_ARCH_5E__) || defined(__ARM_ARCH_5TE__) || defined(__ARM_ARCH_5TEJ__)
+#define __ARM_ARCH__ 5
+#elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__)
+#define __ARM_ARCH__ 4
+#else
+#error "unsupported ARM architecture"
+#endif
+#elif defined(__ARM_ARCH)
+#define __ARM_ARCH__ __ARM_ARCH
+#endif
+#endif
+
+#if !defined(__ARM_MAX_ARCH__)
+#define __ARM_MAX_ARCH__ __ARM_ARCH__
+#endif
+
+#if __ARM_MAX_ARCH__ < __ARM_ARCH__
+#error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__"
+#elif __ARM_MAX_ARCH__ != __ARM_ARCH__
+#if __ARM_ARCH__ < 7 && __ARM_MAX_ARCH__ >= 7 && defined(__ARMEB__)
+#error "can't build universal big-endian binary"
+#endif
+#endif
+
+#ifndef __ASSEMBLER__
extern unsigned int OPENSSL_armcap_P;
extern unsigned int OPENSSL_arm_midr;
extern unsigned int OPENSSL_armv8_rsa_neonized;
-# endif
-
-# define ARMV7_NEON (1<<0)
-# define ARMV7_TICK (1<<1)
-# define ARMV8_AES (1<<2)
-# define ARMV8_SHA1 (1<<3)
-# define ARMV8_SHA256 (1<<4)
-# define ARMV8_PMULL (1<<5)
-# define ARMV8_SHA512 (1<<6)
-# define ARMV8_CPUID (1<<7)
-# define ARMV8_RNG (1<<8)
-# define ARMV8_SM3 (1<<9)
-# define ARMV8_SM4 (1<<10)
-# define ARMV8_SHA3 (1<<11)
-# define ARMV8_UNROLL8_EOR3 (1<<12)
-# define ARMV8_SVE (1<<13)
-# define ARMV8_SVE2 (1<<14)
-# define ARMV8_HAVE_SHA3_AND_WORTH_USING (1<<15)
-# define ARMV8_UNROLL12_EOR3 (1<<16)
+#endif
+
+#define ARMV7_NEON (1 << 0)
+#define ARMV7_TICK (1 << 1)
+#define ARMV8_AES (1 << 2)
+#define ARMV8_SHA1 (1 << 3)
+#define ARMV8_SHA256 (1 << 4)
+#define ARMV8_PMULL (1 << 5)
+#define ARMV8_SHA512 (1 << 6)
+#define ARMV8_CPUID (1 << 7)
+#define ARMV8_RNG (1 << 8)
+#define ARMV8_SM3 (1 << 9)
+#define ARMV8_SM4 (1 << 10)
+#define ARMV8_SHA3 (1 << 11)
+#define ARMV8_UNROLL8_EOR3 (1 << 12)
+#define ARMV8_SVE (1 << 13)
+#define ARMV8_SVE2 (1 << 14)
+#define ARMV8_HAVE_SHA3_AND_WORTH_USING (1 << 15)
+#define ARMV8_UNROLL12_EOR3 (1 << 16)
/*
* MIDR_EL1 system register
@@ -100,120 +93,116 @@ extern unsigned int OPENSSL_armv8_rsa_neonized;
*
*/
-# define ARM_CPU_IMP_ARM 0x41
-# define HISI_CPU_IMP 0x48
-# define ARM_CPU_IMP_APPLE 0x61
-# define ARM_CPU_IMP_MICROSOFT 0x6D
-# define ARM_CPU_IMP_AMPERE 0xC0
-
-# define ARM_CPU_PART_CORTEX_A72 0xD08
-# define ARM_CPU_PART_N1 0xD0C
-# define ARM_CPU_PART_V1 0xD40
-# define ARM_CPU_PART_N2 0xD49
-# define HISI_CPU_PART_KP920 0xD01
-# define ARM_CPU_PART_V2 0xD4F
-
-# define APPLE_CPU_PART_M1_ICESTORM 0x022
-# define APPLE_CPU_PART_M1_FIRESTORM 0x023
-# define APPLE_CPU_PART_M1_ICESTORM_PRO 0x024
-# define APPLE_CPU_PART_M1_FIRESTORM_PRO 0x025
-# define APPLE_CPU_PART_M1_ICESTORM_MAX 0x028
-# define APPLE_CPU_PART_M1_FIRESTORM_MAX 0x029
-# define APPLE_CPU_PART_M2_BLIZZARD 0x032
-# define APPLE_CPU_PART_M2_AVALANCHE 0x033
-# define APPLE_CPU_PART_M2_BLIZZARD_PRO 0x034
-# define APPLE_CPU_PART_M2_AVALANCHE_PRO 0x035
-# define APPLE_CPU_PART_M2_BLIZZARD_MAX 0x038
-# define APPLE_CPU_PART_M2_AVALANCHE_MAX 0x039
-
-# define MICROSOFT_CPU_PART_COBALT_100 0xD49
-
-# define MIDR_PARTNUM_SHIFT 4
-# define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT)
-# define MIDR_PARTNUM(midr) \
- (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT)
-
-# define MIDR_IMPLEMENTER_SHIFT 24
-# define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT)
-# define MIDR_IMPLEMENTER(midr) \
- (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT)
-
-# define MIDR_ARCHITECTURE_SHIFT 16
-# define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT)
-# define MIDR_ARCHITECTURE(midr) \
- (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT)
-
-# define MIDR_CPU_MODEL_MASK \
- (MIDR_IMPLEMENTER_MASK | \
- MIDR_PARTNUM_MASK | \
- MIDR_ARCHITECTURE_MASK)
-
-# define MIDR_CPU_MODEL(imp, partnum) \
- (((imp) << MIDR_IMPLEMENTER_SHIFT) | \
- (0xfU << MIDR_ARCHITECTURE_SHIFT) | \
- ((partnum) << MIDR_PARTNUM_SHIFT))
-
-# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \
- (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum))
+#define ARM_CPU_IMP_ARM 0x41
+#define HISI_CPU_IMP 0x48
+#define ARM_CPU_IMP_APPLE 0x61
+#define ARM_CPU_IMP_MICROSOFT 0x6D
+#define ARM_CPU_IMP_AMPERE 0xC0
+
+#define ARM_CPU_PART_CORTEX_A72 0xD08
+#define ARM_CPU_PART_N1 0xD0C
+#define ARM_CPU_PART_V1 0xD40
+#define ARM_CPU_PART_N2 0xD49
+#define HISI_CPU_PART_KP920 0xD01
+#define ARM_CPU_PART_V2 0xD4F
+
+#define APPLE_CPU_PART_M1_ICESTORM 0x022
+#define APPLE_CPU_PART_M1_FIRESTORM 0x023
+#define APPLE_CPU_PART_M1_ICESTORM_PRO 0x024
+#define APPLE_CPU_PART_M1_FIRESTORM_PRO 0x025
+#define APPLE_CPU_PART_M1_ICESTORM_MAX 0x028
+#define APPLE_CPU_PART_M1_FIRESTORM_MAX 0x029
+#define APPLE_CPU_PART_M2_BLIZZARD 0x032
+#define APPLE_CPU_PART_M2_AVALANCHE 0x033
+#define APPLE_CPU_PART_M2_BLIZZARD_PRO 0x034
+#define APPLE_CPU_PART_M2_AVALANCHE_PRO 0x035
+#define APPLE_CPU_PART_M2_BLIZZARD_MAX 0x038
+#define APPLE_CPU_PART_M2_AVALANCHE_MAX 0x039
+
+#define MICROSOFT_CPU_PART_COBALT_100 0xD49
+
+#define MIDR_PARTNUM_SHIFT 4
+#define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT)
+#define MIDR_PARTNUM(midr) \
+ (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT)
+
+#define MIDR_IMPLEMENTER_SHIFT 24
+#define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT)
+#define MIDR_IMPLEMENTER(midr) \
+ (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT)
+
+#define MIDR_ARCHITECTURE_SHIFT 16
+#define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT)
+#define MIDR_ARCHITECTURE(midr) \
+ (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT)
+
+#define MIDR_CPU_MODEL_MASK \
+ (MIDR_IMPLEMENTER_MASK | MIDR_PARTNUM_MASK | MIDR_ARCHITECTURE_MASK)
+
+#define MIDR_CPU_MODEL(imp, partnum) \
+ (((imp) << MIDR_IMPLEMENTER_SHIFT) | (0xfU << MIDR_ARCHITECTURE_SHIFT) | ((partnum) << MIDR_PARTNUM_SHIFT))
+
+#define MIDR_IS_CPU_MODEL(midr, imp, partnum) \
+ (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum))
#if defined(__ASSEMBLER__)
- /*
- * Support macros for
- * - Armv8.3-A Pointer Authentication and
- * - Armv8.5-A Branch Target Identification
- * features which require emitting a .note.gnu.property section with the
- * appropriate architecture-dependent feature bits set.
- * Read more: "ELF for the ArmĀ® 64-bit Architecture"
- */
-
-# if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
-# define GNU_PROPERTY_AARCH64_BTI (1 << 0) /* Has Branch Target Identification */
-# define AARCH64_VALID_CALL_TARGET hint #34 /* BTI 'c' */
-# else
-# define GNU_PROPERTY_AARCH64_BTI 0 /* No Branch Target Identification */
-# define AARCH64_VALID_CALL_TARGET
-# endif
-
-# if defined(__ARM_FEATURE_PAC_DEFAULT) && \
- (__ARM_FEATURE_PAC_DEFAULT & 1) == 1 /* Signed with A-key */
-# define GNU_PROPERTY_AARCH64_POINTER_AUTH \
- (1 << 1) /* Has Pointer Authentication */
-# define AARCH64_SIGN_LINK_REGISTER hint #25 /* PACIASP */
-# define AARCH64_VALIDATE_LINK_REGISTER hint #29 /* AUTIASP */
-# elif defined(__ARM_FEATURE_PAC_DEFAULT) && \
- (__ARM_FEATURE_PAC_DEFAULT & 2) == 2 /* Signed with B-key */
-# define GNU_PROPERTY_AARCH64_POINTER_AUTH \
- (1 << 1) /* Has Pointer Authentication */
-# define AARCH64_SIGN_LINK_REGISTER hint #27 /* PACIBSP */
-# define AARCH64_VALIDATE_LINK_REGISTER hint #31 /* AUTIBSP */
-# else
-# define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 /* No Pointer Authentication */
-# if GNU_PROPERTY_AARCH64_BTI != 0
-# define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET
-# else
-# define AARCH64_SIGN_LINK_REGISTER
-# endif
-# define AARCH64_VALIDATE_LINK_REGISTER
-# endif
-
-# if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0
- .pushsection .note.gnu.property, "a";
- .balign 8;
- .long 4;
- .long 0x10;
- .long 0x5;
- .asciz "GNU";
- .long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
- .long 4;
- .long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
- .long 0;
- .popsection;
-# endif
-
-# endif /* defined __ASSEMBLER__ */
-
-# define IS_CPU_SUPPORT_UNROLL8_EOR3() \
- (OPENSSL_armcap_P & ARMV8_UNROLL8_EOR3)
+/*
+ * Support macros for
+ * - Armv8.3-A Pointer Authentication and
+ * - Armv8.5-A Branch Target Identification
+ * features which require emitting a .note.gnu.property section with the
+ * appropriate architecture-dependent feature bits set.
+ * Read more: "ELF for the ArmĀ® 64-bit Architecture"
+ */
+
+#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
+#define GNU_PROPERTY_AARCH64_BTI (1 << 0) /* Has Branch Target Identification */
+#define AARCH64_VALID_CALL_TARGET hint #34 /* BTI 'c' */
+#else
+#define GNU_PROPERTY_AARCH64_BTI 0 /* No Branch Target Identification */
+#define AARCH64_VALID_CALL_TARGET
+#endif
+
+#if defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT & 1) == 1 /* Signed with A-key */
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
+ (1 << 1) /* Has Pointer Authentication */
+#define AARCH64_SIGN_LINK_REGISTER hint #25 /* PACIASP */
+#define AARCH64_VALIDATE_LINK_REGISTER hint #29 /* AUTIASP */
+#elif defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT & 2) == 2 /* Signed with B-key */
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
+ (1 << 1) /* Has Pointer Authentication */
+#define AARCH64_SIGN_LINK_REGISTER hint #27 /* PACIBSP */
+#define AARCH64_VALIDATE_LINK_REGISTER hint #31 /* AUTIBSP */
+#else
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 /* No Pointer Authentication */
+#if GNU_PROPERTY_AARCH64_BTI != 0
+#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET
+#else
+#define AARCH64_SIGN_LINK_REGISTER
+#endif
+#define AARCH64_VALIDATE_LINK_REGISTER
+#endif
+
+#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0
+/* clang-format off */
+.pushsection .note.gnu.property, "a";
+/* clang-format on */
+.balign 8;
+.long 4;
+.long 0x10;
+.long 0x5;
+.asciz "GNU";
+.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
+.long 4;
+.long(GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
+.long 0;
+.popsection;
+#endif
+
+#endif /* defined __ASSEMBLER__ */
+
+#define IS_CPU_SUPPORT_UNROLL8_EOR3() \
+ (OPENSSL_armcap_P & ARMV8_UNROLL8_EOR3)
#endif
diff --git a/sys/crypto/openssl/powerpc/aes-gcm-ppc.S b/sys/crypto/openssl/powerpc/aes-gcm-ppc.S
index 23a8feb24745..51cfac7e45fc 100644
--- a/sys/crypto/openssl/powerpc/aes-gcm-ppc.S
+++ b/sys/crypto/openssl/powerpc/aes-gcm-ppc.S
@@ -1,531 +1,587 @@
/* Do not modify. This file is auto-generated from aes-gcm-ppc.pl. */
-.machine "any"
+.machine "any"
.text
-
-
-
-
-.macro .Loop_aes_middle4x
- xxlor 19+32, 1, 1
- xxlor 20+32, 2, 2
- xxlor 21+32, 3, 3
- xxlor 22+32, 4, 4
-
- .long 0x11EF9D08
- .long 0x12109D08
- .long 0x12319D08
- .long 0x12529D08
-
- .long 0x11EFA508
- .long 0x1210A508
- .long 0x1231A508
- .long 0x1252A508
-
- .long 0x11EFAD08
- .long 0x1210AD08
- .long 0x1231AD08
- .long 0x1252AD08
-
- .long 0x11EFB508
- .long 0x1210B508
- .long 0x1231B508
- .long 0x1252B508
-
- xxlor 19+32, 5, 5
- xxlor 20+32, 6, 6
- xxlor 21+32, 7, 7
- xxlor 22+32, 8, 8
-
- .long 0x11EF9D08
- .long 0x12109D08
- .long 0x12319D08
- .long 0x12529D08
-
- .long 0x11EFA508
- .long 0x1210A508
- .long 0x1231A508
- .long 0x1252A508
-
- .long 0x11EFAD08
- .long 0x1210AD08
- .long 0x1231AD08
- .long 0x1252AD08
-
- .long 0x11EFB508
- .long 0x1210B508
- .long 0x1231B508
- .long 0x1252B508
-
- xxlor 23+32, 9, 9
- .long 0x11EFBD08
- .long 0x1210BD08
- .long 0x1231BD08
- .long 0x1252BD08
-.endm
-
-
-
-
-
-.macro .Loop_aes_middle8x
- xxlor 23+32, 1, 1
- xxlor 24+32, 2, 2
- xxlor 25+32, 3, 3
- xxlor 26+32, 4, 4
-
- .long 0x11EFBD08
- .long 0x1210BD08
- .long 0x1231BD08
- .long 0x1252BD08
- .long 0x1273BD08
- .long 0x1294BD08
- .long 0x12B5BD08
- .long 0x12D6BD08
-
- .long 0x11EFC508
- .long 0x1210C508
- .long 0x1231C508
- .long 0x1252C508
- .long 0x1273C508
- .long 0x1294C508
- .long 0x12B5C508
- .long 0x12D6C508
-
- .long 0x11EFCD08
- .long 0x1210CD08
- .long 0x1231CD08
- .long 0x1252CD08
- .long 0x1273CD08
- .long 0x1294CD08
- .long 0x12B5CD08
- .long 0x12D6CD08
-
- .long 0x11EFD508
- .long 0x1210D508
- .long 0x1231D508
- .long 0x1252D508
- .long 0x1273D508
- .long 0x1294D508
- .long 0x12B5D508
- .long 0x12D6D508
-
- xxlor 23+32, 5, 5
- xxlor 24+32, 6, 6
- xxlor 25+32, 7, 7
- xxlor 26+32, 8, 8
-
- .long 0x11EFBD08
- .long 0x1210BD08
- .long 0x1231BD08
- .long 0x1252BD08
- .long 0x1273BD08
- .long 0x1294BD08
- .long 0x12B5BD08
- .long 0x12D6BD08
-
- .long 0x11EFC508
- .long 0x1210C508
- .long 0x1231C508
- .long 0x1252C508
- .long 0x1273C508
- .long 0x1294C508
- .long 0x12B5C508
- .long 0x12D6C508
-
- .long 0x11EFCD08
- .long 0x1210CD08
- .long 0x1231CD08
- .long 0x1252CD08
- .long 0x1273CD08
- .long 0x1294CD08
- .long 0x12B5CD08
- .long 0x12D6CD08
-
- .long 0x11EFD508
- .long 0x1210D508
- .long 0x1231D508
- .long 0x1252D508
- .long 0x1273D508
- .long 0x1294D508
- .long 0x12B5D508
- .long 0x12D6D508
-
- xxlor 23+32, 9, 9
- .long 0x11EFBD08
- .long 0x1210BD08
- .long 0x1231BD08
- .long 0x1252BD08
- .long 0x1273BD08
- .long 0x1294BD08
- .long 0x12B5BD08
- .long 0x12D6BD08
-.endm
-
-
-
-
-ppc_aes_gcm_ghash:
- vxor 15, 15, 0
-
- xxlxor 29, 29, 29
-
- .long 0x12EC7CC8
- .long 0x130984C8
- .long 0x13268CC8
- .long 0x134394C8
-
- vxor 23, 23, 24
- vxor 23, 23, 25
- vxor 23, 23, 26
-
- .long 0x130D7CC8
- .long 0x132A84C8
- .long 0x13478CC8
- .long 0x136494C8
-
- vxor 24, 24, 25
- vxor 24, 24, 26
- vxor 24, 24, 27
-
-
- .long 0x139714C8
-
- xxlor 29+32, 29, 29
- vsldoi 26, 24, 29, 8
- vsldoi 29, 29, 24, 8
- vxor 23, 23, 26
-
- vsldoi 23, 23, 23, 8
- vxor 23, 23, 28
-
- .long 0x130E7CC8
- .long 0x132B84C8
- .long 0x13488CC8
- .long 0x136594C8
-
- vxor 24, 24, 25
- vxor 24, 24, 26
- vxor 24, 24, 27
-
- vxor 24, 24, 29
-
-
- vsldoi 27, 23, 23, 8
- .long 0x12F714C8
- vxor 27, 27, 24
- vxor 23, 23, 27
-
- xxlor 32, 23+32, 23+32
-
- blr
-
-
-
-
-
-.macro ppc_aes_gcm_ghash2_4x
-
- vxor 15, 15, 0
-
- xxlxor 29, 29, 29
-
- .long 0x12EC7CC8
- .long 0x130984C8
- .long 0x13268CC8
- .long 0x134394C8
+.macro SAVE_REGS
+ mflr 0
+ std 0, 16(1)
+ stdu 1,-512(1)
+
+ std 14, 112(1)
+ std 15, 120(1)
+ std 16, 128(1)
+ std 17, 136(1)
+ std 18, 144(1)
+ std 19, 152(1)
+ std 20, 160(1)
+ std 21, 168(1)
+ std 22, 176(1)
+ std 23, 184(1)
+ std 24, 192(1)
+
+ stxv 32+20, 256(1)
+ stxv 32+21, 256+16(1)
+ stxv 32+22, 256+32(1)
+ stxv 32+23, 256+48(1)
+ stxv 32+24, 256+64(1)
+ stxv 32+25, 256+80(1)
+ stxv 32+26, 256+96(1)
+ stxv 32+27, 256+112(1)
+ stxv 32+28, 256+128(1)
+ stxv 32+29, 256+144(1)
+ stxv 32+30, 256+160(1)
+ stxv 32+31, 256+176(1)
+.endm # SAVE_REGS
+
+.macro RESTORE_REGS
+ lxv 32+20, 256(1)
+ lxv 32+21, 256+16(1)
+ lxv 32+22, 256+32(1)
+ lxv 32+23, 256+48(1)
+ lxv 32+24, 256+64(1)
+ lxv 32+25, 256+80(1)
+ lxv 32+26, 256+96(1)
+ lxv 32+27, 256+112(1)
+ lxv 32+28, 256+128(1)
+ lxv 32+29, 256+144(1)
+ lxv 32+30, 256+160(1)
+ lxv 32+31, 256+176(1)
+
+ ld 14, 112(1)
+ ld 15, 120(1)
+ ld 16, 128(1)
+ ld 17, 136(1)
+ ld 18, 144(1)
+ ld 19, 152(1)
+ ld 20, 160(1)
+ ld 21, 168(1)
+ ld 22, 176(1)
+ ld 23, 184(1)
+ ld 24, 192(1)
+
+ addi 1, 1, 512
+ ld 0, 16(1)
+ mtlr 0
+.endm # RESTORE_REGS
+
+# 4x loops
+.macro AES_CIPHER_4x r
+ vcipher 15, 15, \r
+ vcipher 16, 16, \r
+ vcipher 17, 17, \r
+ vcipher 18, 18, \r
+.endm
+
+# 8x loops
+.macro AES_CIPHER_8x r
+ vcipher 15, 15, \r
+ vcipher 16, 16, \r
+ vcipher 17, 17, \r
+ vcipher 18, 18, \r
+ vcipher 19, 19, \r
+ vcipher 20, 20, \r
+ vcipher 21, 21, \r
+ vcipher 22, 22, \r
+.endm
+
+.macro LOOP_8AES_STATE
+ AES_CIPHER_8x 23
+ AES_CIPHER_8x 24
+ AES_CIPHER_8x 25
+ AES_CIPHER_8x 26
+ AES_CIPHER_8x 27
+ AES_CIPHER_8x 28
+ AES_CIPHER_8x 29
+ AES_CIPHER_8x 1
+.endm
+
+#
+# PPC_GFMUL128_8x: Compute hash values of 8 blocks based on Karatsuba method.
+#
+# S1 should xor with the previous digest
+#
+# Xi = v0
+# H Poly = v2
+# Hash keys = v3 - v14
+# vs10: vpermxor vector
+# Scratch: v23 - v29
+#
+.macro PPC_GFMUL128_8x
+
+ vpmsumd 23, 12, 15 # H4.L * X.L
+ vpmsumd 24, 9, 16
+ vpmsumd 25, 6, 17
+ vpmsumd 26, 3, 18
vxor 23, 23, 24
vxor 23, 23, 25
- vxor 23, 23, 26
-
- .long 0x130D7CC8
- .long 0x132A84C8
- .long 0x13478CC8
- .long 0x136494C8
-
- vxor 24, 24, 25
- vxor 24, 24, 26
-
-
- .long 0x139714C8
-
- xxlor 29+32, 29, 29
-
- vxor 24, 24, 27
- vsldoi 26, 24, 29, 8
- vsldoi 29, 29, 24, 8
- vxor 23, 23, 26
-
- vsldoi 23, 23, 23, 8
- vxor 23, 23, 28
+ vxor 23, 23, 26 # L
- .long 0x130E7CC8
- .long 0x132B84C8
- .long 0x13488CC8
- .long 0x136594C8
+ vpmsumd 27, 13, 15 # H4.L * X.H + H4.H * X.L
+ vpmsumd 28, 10, 16 # H3.L * X1.H + H3.H * X1.L
+ vpmsumd 25, 7, 17
+ vpmsumd 26, 4, 18
+ vxor 24, 27, 28
vxor 24, 24, 25
- vxor 24, 24, 26
- vxor 24, 24, 27
-
- vxor 24, 24, 29
-
-
- vsldoi 27, 23, 23, 8
- .long 0x12F714C8
- vxor 27, 27, 24
- vxor 27, 23, 27
-
-
- .long 0x1309A4C8
- .long 0x1326ACC8
- .long 0x1343B4C8
- vxor 19, 19, 27
- .long 0x12EC9CC8
+ vxor 24, 24, 26 # M
+
+ vpmsumd 26, 14, 15 # H4.H * X.H
+ vpmsumd 27, 11, 16
+ vpmsumd 28, 8, 17
+ vpmsumd 29, 5, 18
+
+ vxor 26, 26, 27
+ vxor 26, 26, 28
+ vxor 26, 26, 29
+
+ # sum hash and reduction with H Poly
+ vpmsumd 28, 23, 2 # reduction
+
+ vxor 1, 1, 1
+ vsldoi 25, 24, 1, 8 # mL
+ vsldoi 1, 1, 24, 8 # mH
+ vxor 23, 23, 25 # mL + L
+
+ # This performs swap and xor like,
+ # vsldoi 23, 23, 23, 8 # swap
+ # vxor 23, 23, 28
+ xxlor 32+29, 10, 10
+ vpermxor 23, 23, 28, 29
+
+ vxor 24, 26, 1 # H
+
+ # sum hash and reduction with H Poly
+ #
+ # vsldoi 25, 23, 23, 8 # swap
+ # vpmsumd 23, 23, 2
+ # vxor 27, 25, 24
+ #
+ vpermxor 27, 23, 24, 29
+ vpmsumd 23, 23, 2
+ vxor 0, 23, 27 # Digest of 4 blocks
+
+ vxor 19, 19, 0
+
+ # Compute digest for the next 4 blocks
+ vpmsumd 24, 9, 20
+ vpmsumd 25, 6, 21
+ vpmsumd 26, 3, 22
+ vpmsumd 23, 12, 19 # H4.L * X.L
vxor 23, 23, 24
vxor 23, 23, 25
- vxor 23, 23, 26
+ vxor 23, 23, 26 # L
- .long 0x130D9CC8
- .long 0x132AA4C8
- .long 0x1347ACC8
- .long 0x1364B4C8
+ vpmsumd 27, 13, 19 # H4.L * X.H + H4.H * X.L
+ vpmsumd 28, 10, 20 # H3.L * X1.H + H3.H * X1.L
+ vpmsumd 25, 7, 21
+ vpmsumd 26, 4, 22
+ vxor 24, 27, 28
vxor 24, 24, 25
- vxor 24, 24, 26
-
-
- .long 0x139714C8
-
- xxlor 29+32, 29, 29
-
- vxor 24, 24, 27
- vsldoi 26, 24, 29, 8
- vsldoi 29, 29, 24, 8
- vxor 23, 23, 26
-
- vsldoi 23, 23, 23, 8
- vxor 23, 23, 28
-
- .long 0x130E9CC8
- .long 0x132BA4C8
- .long 0x1348ACC8
- .long 0x1365B4C8
-
- vxor 24, 24, 25
- vxor 24, 24, 26
- vxor 24, 24, 27
-
- vxor 24, 24, 29
-
-
- vsldoi 27, 23, 23, 8
- .long 0x12F714C8
- vxor 27, 27, 24
- vxor 23, 23, 27
-
- xxlor 32, 23+32, 23+32
-
-.endm
-
-
-
-
-.macro ppc_update_hash_1x
- vxor 28, 28, 0
-
- vxor 19, 19, 19
-
- .long 0x12C3E4C8
- .long 0x12E4E4C8
- .long 0x1305E4C8
-
- .long 0x137614C8
-
- vsldoi 25, 23, 19, 8
- vsldoi 26, 19, 23, 8
- vxor 22, 22, 25
- vxor 24, 24, 26
-
- vsldoi 22, 22, 22, 8
- vxor 22, 22, 27
-
- vsldoi 20, 22, 22, 8
- .long 0x12D614C8
- vxor 20, 20, 24
- vxor 22, 22, 20
-
*** 6149 LINES SKIPPED ***