Merge pull request #9849 from solardiz/mbedtls-2.28
[Backport 2.28] Specify previously missed register clobbers in AES-NI asm blocks
diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/fix-aesni-asm-clobbers.txt
new file mode 100644
index 0000000..538f0c5
--- /dev/null
+++ b/ChangeLog.d/fix-aesni-asm-clobbers.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix missing constraints on the AES-NI inline assembly which is used on
+ GCC-like compilers when building AES for generic x86_64 targets. This
+ may have resulted in incorrect code with some compilers, depending on
+ optimizations. Fixes #9819.
diff --git a/library/aesni.c b/library/aesni.c
index 74bae91..7491f8d 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -460,7 +460,7 @@
"movdqu %%xmm0, (%4) \n\t" // export output
:
: "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output)
- : "memory", "cc", "xmm0", "xmm1");
+ : "memory", "cc", "xmm0", "xmm1", "0", "1");
return 0;
@@ -648,7 +648,7 @@
AESKEYGENA(xmm0_xmm1, "0x36") "call 1b \n\t"
:
: "r" (rk), "r" (key)
- : "memory", "cc", "0");
+ : "memory", "cc", "xmm0", "xmm1", "0");
}
/*
@@ -705,7 +705,7 @@
:
: "r" (rk), "r" (key)
- : "memory", "cc", "0");
+ : "memory", "cc", "xmm0", "xmm1", "xmm2", "0");
}
/*
@@ -771,7 +771,7 @@
AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t"
:
: "r" (rk), "r" (key)
- : "memory", "cc", "0");
+ : "memory", "cc", "xmm0", "xmm1", "xmm2", "0");
}
#endif /* MBEDTLS_AESNI_HAVE_CODE */