aarch64: Add missing LR validation in 'vpaes_cbc_encrypt' There is an obvious bug there: upon entry to 'vpaes_cbc_encrypt' LR may get signed. However, on the 'cbc_abort' path the LR is not going to be unsigned before 'ret' is executed. Found by manual code inspection. Co-authored-by: Russ Butler <russ.butler@arm.com> Change-Id: I646cdfaee28db59aafbbd412d4bb6ba022eff15b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49605 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>

commit: dedd23e59237922d4e21673cd8044b59c48fe28e [log] [tgz]
author: Tamas Petz <tamas.petz@arm.com> Fri Sep 17 10:38:37 2021 +0200
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Sep 23 15:17:27 2021 +0000
tree: 90c1d9e13bccd9829e7350820d2835e433c954dc
parent: 66e61c577d39e757bf491468f651461fa79fd5e1 [diff]
diff --git a/crypto/fipsmodule/aes/asm/vpaes-armv8.pl b/crypto/fipsmodule/aes/asm/vpaes-armv8.pl
index 8b01fed..a39c1e4 100755
--- a/crypto/fipsmodule/aes/asm/vpaes-armv8.pl
+++ b/crypto/fipsmodule/aes/asm/vpaes-armv8.pl

@@ -1153,8 +1153,8 @@
 	st1	{v0.16b}, [$ivec]	// write ivec
 
 	ldp	x29,x30,[sp],#16
-	AARCH64_VALIDATE_LINK_REGISTER
 .Lcbc_abort:
+	AARCH64_VALIDATE_LINK_REGISTER
 	ret
 .size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
commit	dedd23e59237922d4e21673cd8044b59c48fe28e	[log] [tgz]
author	Tamas Petz <tamas.petz@arm.com>	Fri Sep 17 10:38:37 2021 +0200
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Thu Sep 23 15:17:27 2021 +0000
tree	90c1d9e13bccd9829e7350820d2835e433c954dc
parent	66e61c577d39e757bf491468f651461fa79fd5e1 [diff]