Fix a bug for aarch64 BigEndian

FIXES #10692 #10638
a bug for aarch64 bigendian with instructions 'st1' and 'ld1' on AES-GCM mode.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10751)

diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index f89bba5cfa35685c7f6ac6ac850ed3eabbb09506..6d7cbf09e41283b1accff3fa5b165a982e3b1f4c 100755 (executable)
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -211,7 +211,12 @@ $code.=<<___;
 .Loop192:
        vtbl.8  $key,{$in1},$mask
        vext.8  $tmp,$zero,$in0,#12
+#ifdef __ARMEB__
+       vst1.32 {$in1},[$out],#16
+       sub     $out,$out,#8
+#else
        vst1.32 {$in1},[$out],#8
+#endif
        aese    $key,$zero
        subs    $bits,$bits,#1
 
@@ -1772,8 +1777,11 @@ $code.=<<___;
        ldr             $rounds,[$key,#240]
 
        ldr             $ctr, [$ivp, #12]
+#ifdef __ARMEB__
+       vld1.8          {$dat0},[$ivp]
+#else
        vld1.32         {$dat0},[$ivp]
-
+#endif
        vld1.32         {q8-q9},[$key]          // load key schedule...
        sub             $rounds,$rounds,#4
        mov             $step,#16

diff --git a/include/crypto/modes.h b/include/crypto/modes.h
index 08e4ffae740edc1ad74c54a88e1b1d3b893bd169..edcdab95fa4932c4e5d90ec54728dae2c784076a 100644 (file)
--- a/include/crypto/modes.h
+++ b/include/crypto/modes.h
@@ -56,12 +56,15 @@ typedef unsigned char u8;
                         asm ("bswapl %0"                \
                         : "+r"(ret_));   ret_;          })
 #  elif defined(__aarch64__)
-#   define BSWAP8(x) ({ u64 ret_;                       \
+#   if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+       __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#    define BSWAP8(x) ({ u64 ret_;                       \
                         asm ("rev %0,%1"                \
                         : "=r"(ret_) : "r"(x)); ret_;   })
-#   define BSWAP4(x) ({ u32 ret_;                       \
+#    define BSWAP4(x) ({ u32 ret_;                       \
                         asm ("rev %w0,%w1"              \
                         : "=r"(ret_) : "r"(x)); ret_;   })
+#   endif
 #  elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
 #   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
                         asm ("rev %0,%0; rev %1,%1"     \