Use SEH directives for aes_hw_set_encrypt_key and aes_hw_set_decrypt_key
These functions don't use the calling convention conversion, so we can
use the automatic things. This will make it a little easier, in the
commit, to split these into a few functions.
Note this only works because aes_hw_set_encrypt_key and
aes_hw_set_decrypt_key are the last two functions in this file. We
cannot interleave automatic and handwritten SEH tables.
This also lets us remove some hand-encoded instructions. When OpenSSL
handwrites SEH tables, they had to hand-encode instructions just in case
the assembler picked a different length encoding. The synthesized tables
fill in computed offsets.
Bug: 259
Change-Id: Ic94cdceeab1378ef7afb217de7643a6bb75ae1a2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68687
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/crypto/fipsmodule/aes/aes_test.cc b/crypto/fipsmodule/aes/aes_test.cc
index 75a5aed..d4a458b 100644
--- a/crypto/fipsmodule/aes/aes_test.cc
+++ b/crypto/fipsmodule/aes/aes_test.cc
@@ -333,7 +333,7 @@
}
if (hwaes_capable()) {
- ASSERT_EQ(CHECK_ABI(aes_hw_set_encrypt_key, kKey, bits, &key), 0);
+ ASSERT_EQ(CHECK_ABI_SEH(aes_hw_set_encrypt_key, kKey, bits, &key), 0);
CHECK_ABI(aes_hw_encrypt, block, block, &key);
for (size_t blocks : block_counts) {
SCOPED_TRACE(blocks);
@@ -346,7 +346,7 @@
#endif
}
- ASSERT_EQ(CHECK_ABI(aes_hw_set_decrypt_key, kKey, bits, &key), 0);
+ ASSERT_EQ(CHECK_ABI_SEH(aes_hw_set_decrypt_key, kKey, bits, &key), 0);
CHECK_ABI(aes_hw_decrypt, block, block, &key);
for (size_t blocks : block_counts) {
SCOPED_TRACE(blocks);
diff --git a/crypto/fipsmodule/aes/asm/aesni-x86_64.pl b/crypto/fipsmodule/aes/asm/aesni-x86_64.pl
index a8abb4d..6a85862 100644
--- a/crypto/fipsmodule/aes/asm/aesni-x86_64.pl
+++ b/crypto/fipsmodule/aes/asm/aesni-x86_64.pl
@@ -3190,9 +3190,12 @@
.align 16
${PREFIX}_set_decrypt_key:
.cfi_startproc
+.seh_startproc
_CET_ENDBR
- .byte 0x48,0x83,0xEC,0x08 # sub rsp,8
+ sub \$8,%rsp
.cfi_adjust_cfa_offset 8
+.seh_stackalloc 8
+.seh_endprologue
call __aesni_set_encrypt_key
shl \$4,$bits # rounds-1 after _aesni_set_encrypt_key
test %eax,%eax
@@ -3228,7 +3231,7 @@
.cfi_adjust_cfa_offset -8
ret
.cfi_endproc
-.LSEH_end_set_decrypt_key:
+.seh_endproc
.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
___
�
@@ -3263,12 +3266,15 @@
${PREFIX}_set_encrypt_key:
__aesni_set_encrypt_key:
.cfi_startproc
+.seh_startproc
_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
movb \$1,BORINGSSL_function_hit+3(%rip)
#endif
- .byte 0x48,0x83,0xEC,0x08 # sub rsp,8
+ sub \$8,%rsp
.cfi_adjust_cfa_offset 8
+.seh_stackalloc 8
+.seh_endprologue
mov \$-1,%rax
test $inp,$inp
jz .Lenc_key_ret
@@ -3565,7 +3571,7 @@
.cfi_adjust_cfa_offset -8
ret
.cfi_endproc
-.LSEH_end_set_encrypt_key:
+.seh_endproc
�
.align 16
.Lkey_expansion_128:
@@ -3926,14 +3932,6 @@
.rva .LSEH_begin_${PREFIX}_cbc_encrypt
.rva .LSEH_end_${PREFIX}_cbc_encrypt
.rva .LSEH_info_cbc
-
- .rva ${PREFIX}_set_decrypt_key
- .rva .LSEH_end_set_decrypt_key
- .rva .LSEH_info_key
-
- .rva ${PREFIX}_set_encrypt_key
- .rva .LSEH_end_set_encrypt_key
- .rva .LSEH_info_key
.section .xdata
.align 8
___
@@ -3951,9 +3949,6 @@
.LSEH_info_cbc:
.byte 9,0,0,0
.rva cbc_se_handler
-.LSEH_info_key:
- .byte 0x01,0x04,0x01,0x00
- .byte 0x04,0x02,0x00,0x00 # sub rsp,8
___
}
diff --git a/gen/bcm/aesni-x86_64-apple.S b/gen/bcm/aesni-x86_64-apple.S
index f3505b9..c5c862d 100644
--- a/gen/bcm/aesni-x86_64-apple.S
+++ b/gen/bcm/aesni-x86_64-apple.S
@@ -1911,8 +1911,11 @@
.p2align 4
_aes_hw_set_decrypt_key:
+
_CET_ENDBR
-.byte 0x48,0x83,0xEC,0x08
+ subq $8,%rsp
+
+
call __aesni_set_encrypt_key
shll $4,%esi
@@ -1949,7 +1952,7 @@
ret
-L$SEH_end_set_decrypt_key:
+
.globl _aes_hw_set_encrypt_key
.private_extern _aes_hw_set_encrypt_key
@@ -1958,11 +1961,14 @@
_aes_hw_set_encrypt_key:
__aesni_set_encrypt_key:
+
_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
movb $1,_BORINGSSL_function_hit+3(%rip)
#endif
-.byte 0x48,0x83,0xEC,0x08
+ subq $8,%rsp
+
+
movq $-1,%rax
testq %rdi,%rdi
@@ -2260,7 +2266,7 @@
ret
-L$SEH_end_set_encrypt_key:
+
.p2align 4
L$key_expansion_128:
diff --git a/gen/bcm/aesni-x86_64-linux.S b/gen/bcm/aesni-x86_64-linux.S
index 68742fb..87c1a13 100644
--- a/gen/bcm/aesni-x86_64-linux.S
+++ b/gen/bcm/aesni-x86_64-linux.S
@@ -1913,9 +1913,12 @@
.align 16
aes_hw_set_decrypt_key:
.cfi_startproc
+
_CET_ENDBR
-.byte 0x48,0x83,0xEC,0x08
+ subq $8,%rsp
.cfi_adjust_cfa_offset 8
+
+
call __aesni_set_encrypt_key
shll $4,%esi
testl %eax,%eax
@@ -1951,7 +1954,7 @@
.cfi_adjust_cfa_offset -8
ret
.cfi_endproc
-.LSEH_end_set_decrypt_key:
+
.size aes_hw_set_decrypt_key,.-aes_hw_set_decrypt_key
.globl aes_hw_set_encrypt_key
.hidden aes_hw_set_encrypt_key
@@ -1960,12 +1963,15 @@
aes_hw_set_encrypt_key:
__aesni_set_encrypt_key:
.cfi_startproc
+
_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
movb $1,BORINGSSL_function_hit+3(%rip)
#endif
-.byte 0x48,0x83,0xEC,0x08
+ subq $8,%rsp
.cfi_adjust_cfa_offset 8
+
+
movq $-1,%rax
testq %rdi,%rdi
jz .Lenc_key_ret
@@ -2262,7 +2268,7 @@
.cfi_adjust_cfa_offset -8
ret
.cfi_endproc
-.LSEH_end_set_encrypt_key:
+
.align 16
.Lkey_expansion_128:
diff --git a/gen/bcm/aesni-x86_64-win.asm b/gen/bcm/aesni-x86_64-win.asm
index 6c5d9ad..9e12312 100644
--- a/gen/bcm/aesni-x86_64-win.asm
+++ b/gen/bcm/aesni-x86_64-win.asm
@@ -2017,9 +2017,12 @@
ALIGN 16
aes_hw_set_decrypt_key:
+$L$SEH_begin_aes_hw_set_decrypt_key_1:
_CET_ENDBR
- DB 0x48,0x83,0xEC,0x08
+ sub rsp,8
+$L$SEH_prologue_aes_hw_set_decrypt_key_2:
+$L$SEH_endprologue_aes_hw_set_decrypt_key_3:
call __aesni_set_encrypt_key
shl edx,4
test eax,eax
@@ -2055,7 +2058,7 @@
ret
-$L$SEH_end_set_decrypt_key:
+$L$SEH_end_aes_hw_set_decrypt_key_4:
global aes_hw_set_encrypt_key
@@ -2063,12 +2066,15 @@
aes_hw_set_encrypt_key:
__aesni_set_encrypt_key:
+$L$SEH_begin_aes_hw_set_encrypt_key_1:
_CET_ENDBR
%ifdef BORINGSSL_DISPATCH_TEST
mov BYTE[((BORINGSSL_function_hit+3))],1
%endif
- DB 0x48,0x83,0xEC,0x08
+ sub rsp,8
+$L$SEH_prologue_aes_hw_set_encrypt_key_2:
+$L$SEH_endprologue_aes_hw_set_encrypt_key_3:
mov rax,-1
test rcx,rcx
jz NEAR $L$enc_key_ret
@@ -2365,7 +2371,7 @@
ret
-$L$SEH_end_set_encrypt_key:
+$L$SEH_end_aes_hw_set_encrypt_key_4:
ALIGN 16
$L$key_expansion_128:
@@ -2646,14 +2652,6 @@
DD $L$SEH_begin_aes_hw_cbc_encrypt wrt ..imagebase
DD $L$SEH_end_aes_hw_cbc_encrypt wrt ..imagebase
DD $L$SEH_info_cbc wrt ..imagebase
-
- DD aes_hw_set_decrypt_key wrt ..imagebase
- DD $L$SEH_end_set_decrypt_key wrt ..imagebase
- DD $L$SEH_info_key wrt ..imagebase
-
- DD aes_hw_set_encrypt_key wrt ..imagebase
- DD $L$SEH_end_set_encrypt_key wrt ..imagebase
- DD $L$SEH_info_key wrt ..imagebase
section .xdata rdata align=8
ALIGN 8
$L$SEH_info_ecb:
@@ -2667,9 +2665,37 @@
$L$SEH_info_cbc:
DB 9,0,0,0
DD cbc_se_handler wrt ..imagebase
-$L$SEH_info_key:
- DB 0x01,0x04,0x01,0x00
- DB 0x04,0x02,0x00,0x00
+section .pdata
+ALIGN 4
+ DD $L$SEH_begin_aes_hw_set_decrypt_key_1 wrt ..imagebase
+ DD $L$SEH_end_aes_hw_set_decrypt_key_4 wrt ..imagebase
+ DD $L$SEH_info_aes_hw_set_decrypt_key_0 wrt ..imagebase
+
+ DD $L$SEH_begin_aes_hw_set_encrypt_key_1 wrt ..imagebase
+ DD $L$SEH_end_aes_hw_set_encrypt_key_4 wrt ..imagebase
+ DD $L$SEH_info_aes_hw_set_encrypt_key_0 wrt ..imagebase
+
+
+section .xdata
+ALIGN 4
+$L$SEH_info_aes_hw_set_decrypt_key_0:
+ DB 1
+ DB $L$SEH_endprologue_aes_hw_set_decrypt_key_3-$L$SEH_begin_aes_hw_set_decrypt_key_1
+ DB 1
+ DB 0
+ DB $L$SEH_prologue_aes_hw_set_decrypt_key_2-$L$SEH_begin_aes_hw_set_decrypt_key_1
+ DB 2
+
+ DW 0
+$L$SEH_info_aes_hw_set_encrypt_key_0:
+ DB 1
+ DB $L$SEH_endprologue_aes_hw_set_encrypt_key_3-$L$SEH_begin_aes_hw_set_encrypt_key_1
+ DB 1
+ DB 0
+ DB $L$SEH_prologue_aes_hw_set_encrypt_key_2-$L$SEH_begin_aes_hw_set_encrypt_key_1
+ DB 2
+
+ DW 0
%else
; Work around https://bugzilla.nasm.us/show_bug.cgi?id=3392738
ret
