Source release 15.2.0

third_party/boringssl/kit/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S

@@ -556,6 +556,13 @@ _aesni_ctr32_6x:
 .align	32
 aesni_gcm_encrypt:
 .cfi_startproc	
+#ifndef NDEBUG
+#ifndef BORINGSSL_FIPS
+.extern	BORINGSSL_function_hit
+.hidden BORINGSSL_function_hit
+	movb	$1,BORINGSSL_function_hit+2(%rip)
+#endif
+#endif
 	xorq	%r10,%r10
 
 

third_party/boringssl/kit/linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S

@@ -0,0 +1,426 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
+#if defined(__has_feature)
+#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
+#define OPENSSL_NO_ASM
+#endif
+#endif
+
+#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM)
+#if defined(BORINGSSL_PREFIX)
+#include <boringssl_prefix_symbols_asm.h>
+#endif
+.text	
+
+
+
+
+
+.type	gcm_gmult_ssse3, @function
+.globl	gcm_gmult_ssse3
+.hidden gcm_gmult_ssse3
+.align	16
+gcm_gmult_ssse3:
+.cfi_startproc	
+.Lgmult_seh_begin:
+	movdqu	(%rdi),%xmm0
+	movdqa	.Lreverse_bytes(%rip),%xmm10
+	movdqa	.Llow4_mask(%rip),%xmm2
+
+
+.byte	102,65,15,56,0,194
+
+
+	movdqa	%xmm2,%xmm1
+	pandn	%xmm0,%xmm1
+	psrld	$4,%xmm1
+	pand	%xmm2,%xmm0
+
+
+
+
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	movq	$5,%rax
+.Loop_row_1:
+	movdqa	(%rsi),%xmm4
+	leaq	16(%rsi),%rsi
+
+
+	movdqa	%xmm2,%xmm6
+.byte	102,15,58,15,243,1
+	movdqa	%xmm6,%xmm3
+	psrldq	$1,%xmm2
+
+
+
+
+	movdqa	%xmm4,%xmm5
+.byte	102,15,56,0,224
+.byte	102,15,56,0,233
+
+
+	pxor	%xmm5,%xmm2
+
+
+
+	movdqa	%xmm4,%xmm5
+	psllq	$60,%xmm5
+	movdqa	%xmm5,%xmm6
+	pslldq	$8,%xmm6
+	pxor	%xmm6,%xmm3
+
+
+	psrldq	$8,%xmm5
+	pxor	%xmm5,%xmm2
+	psrlq	$4,%xmm4
+	pxor	%xmm4,%xmm2
+
+	subq	$1,%rax
+	jnz	.Loop_row_1
+
+
+
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$5,%xmm3
+	pxor	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	movq	$5,%rax
+.Loop_row_2:
+	movdqa	(%rsi),%xmm4
+	leaq	16(%rsi),%rsi
+
+
+	movdqa	%xmm2,%xmm6
+.byte	102,15,58,15,243,1
+	movdqa	%xmm6,%xmm3
+	psrldq	$1,%xmm2
+
+
+
+
+	movdqa	%xmm4,%xmm5
+.byte	102,15,56,0,224
+.byte	102,15,56,0,233
+
+
+	pxor	%xmm5,%xmm2
+
+
+
+	movdqa	%xmm4,%xmm5
+	psllq	$60,%xmm5
+	movdqa	%xmm5,%xmm6
+	pslldq	$8,%xmm6
+	pxor	%xmm6,%xmm3
+
+
+	psrldq	$8,%xmm5
+	pxor	%xmm5,%xmm2
+	psrlq	$4,%xmm4
+	pxor	%xmm4,%xmm2
+
+	subq	$1,%rax
+	jnz	.Loop_row_2
+
+
+
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$5,%xmm3
+	pxor	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	movq	$6,%rax
+.Loop_row_3:
+	movdqa	(%rsi),%xmm4
+	leaq	16(%rsi),%rsi
+
+
+	movdqa	%xmm2,%xmm6
+.byte	102,15,58,15,243,1
+	movdqa	%xmm6,%xmm3
+	psrldq	$1,%xmm2
+
+
+
+
+	movdqa	%xmm4,%xmm5
+.byte	102,15,56,0,224
+.byte	102,15,56,0,233
+
+
+	pxor	%xmm5,%xmm2
+
+
+
+	movdqa	%xmm4,%xmm5
+	psllq	$60,%xmm5
+	movdqa	%xmm5,%xmm6
+	pslldq	$8,%xmm6
+	pxor	%xmm6,%xmm3
+
+
+	psrldq	$8,%xmm5
+	pxor	%xmm5,%xmm2
+	psrlq	$4,%xmm4
+	pxor	%xmm4,%xmm2
+
+	subq	$1,%rax
+	jnz	.Loop_row_3
+
+
+
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$5,%xmm3
+	pxor	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+
+.byte	102,65,15,56,0,210
+	movdqu	%xmm2,(%rdi)
+
+
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	.byte	0xf3,0xc3
+.Lgmult_seh_end:
+.cfi_endproc	
+.size	gcm_gmult_ssse3,.-gcm_gmult_ssse3
+
+
+
+
+
+.type	gcm_ghash_ssse3, @function
+.globl	gcm_ghash_ssse3
+.hidden gcm_ghash_ssse3
+.align	16
+gcm_ghash_ssse3:
+.Lghash_seh_begin:
+.cfi_startproc	
+	movdqu	(%rdi),%xmm0
+	movdqa	.Lreverse_bytes(%rip),%xmm10
+	movdqa	.Llow4_mask(%rip),%xmm11
+
+
+	andq	$-16,%rcx
+
+
+
+.byte	102,65,15,56,0,194
+
+
+	pxor	%xmm3,%xmm3
+.Loop_ghash:
+
+	movdqu	(%rdx),%xmm1
+.byte	102,65,15,56,0,202
+	pxor	%xmm1,%xmm0
+
+
+	movdqa	%xmm11,%xmm1
+	pandn	%xmm0,%xmm1
+	psrld	$4,%xmm1
+	pand	%xmm11,%xmm0
+
+
+
+
+	pxor	%xmm2,%xmm2
+
+	movq	$5,%rax
+.Loop_row_4:
+	movdqa	(%rsi),%xmm4
+	leaq	16(%rsi),%rsi
+
+
+	movdqa	%xmm2,%xmm6
+.byte	102,15,58,15,243,1
+	movdqa	%xmm6,%xmm3
+	psrldq	$1,%xmm2
+
+
+
+
+	movdqa	%xmm4,%xmm5
+.byte	102,15,56,0,224
+.byte	102,15,56,0,233
+
+
+	pxor	%xmm5,%xmm2
+
+
+
+	movdqa	%xmm4,%xmm5
+	psllq	$60,%xmm5
+	movdqa	%xmm5,%xmm6
+	pslldq	$8,%xmm6
+	pxor	%xmm6,%xmm3
+
+
+	psrldq	$8,%xmm5
+	pxor	%xmm5,%xmm2
+	psrlq	$4,%xmm4
+	pxor	%xmm4,%xmm2
+
+	subq	$1,%rax
+	jnz	.Loop_row_4
+
+
+
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$5,%xmm3
+	pxor	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	movq	$5,%rax
+.Loop_row_5:
+	movdqa	(%rsi),%xmm4
+	leaq	16(%rsi),%rsi
+
+
+	movdqa	%xmm2,%xmm6
+.byte	102,15,58,15,243,1
+	movdqa	%xmm6,%xmm3
+	psrldq	$1,%xmm2
+
+
+
+
+	movdqa	%xmm4,%xmm5
+.byte	102,15,56,0,224
+.byte	102,15,56,0,233
+
+
+	pxor	%xmm5,%xmm2
+
+
+
+	movdqa	%xmm4,%xmm5
+	psllq	$60,%xmm5
+	movdqa	%xmm5,%xmm6
+	pslldq	$8,%xmm6
+	pxor	%xmm6,%xmm3
+
+
+	psrldq	$8,%xmm5
+	pxor	%xmm5,%xmm2
+	psrlq	$4,%xmm4
+	pxor	%xmm4,%xmm2
+
+	subq	$1,%rax
+	jnz	.Loop_row_5
+
+
+
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$5,%xmm3
+	pxor	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	movq	$6,%rax
+.Loop_row_6:
+	movdqa	(%rsi),%xmm4
+	leaq	16(%rsi),%rsi
+
+
+	movdqa	%xmm2,%xmm6
+.byte	102,15,58,15,243,1
+	movdqa	%xmm6,%xmm3
+	psrldq	$1,%xmm2
+
+
+
+
+	movdqa	%xmm4,%xmm5
+.byte	102,15,56,0,224
+.byte	102,15,56,0,233
+
+
+	pxor	%xmm5,%xmm2
+
+
+
+	movdqa	%xmm4,%xmm5
+	psllq	$60,%xmm5
+	movdqa	%xmm5,%xmm6
+	pslldq	$8,%xmm6
+	pxor	%xmm6,%xmm3
+
+
+	psrldq	$8,%xmm5
+	pxor	%xmm5,%xmm2
+	psrlq	$4,%xmm4
+	pxor	%xmm4,%xmm2
+
+	subq	$1,%rax
+	jnz	.Loop_row_6
+
+
+
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$1,%xmm3
+	pxor	%xmm3,%xmm2
+	psrlq	$5,%xmm3
+	pxor	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	movdqa	%xmm2,%xmm0
+
+
+	leaq	-256(%rsi),%rsi
+
+
+	leaq	16(%rdx),%rdx
+	subq	$16,%rcx
+	jnz	.Loop_ghash
+
+
+.byte	102,65,15,56,0,194
+	movdqu	%xmm0,(%rdi)
+
+
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	.byte	0xf3,0xc3
+.Lghash_seh_end:
+.cfi_endproc	
+.size	gcm_ghash_ssse3,.-gcm_ghash_ssse3
+
+.align	16
+
+
+.Lreverse_bytes:
+.byte	15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0
+
+.Llow4_mask:
+.quad	0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
+#endif

third_party/boringssl/kit/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S

@@ -722,6 +722,7 @@ gcm_ghash_4bit:
 .type	gcm_init_clmul,@function
 .align	16
 gcm_init_clmul:
+.cfi_startproc	
 .L_init_clmul:
 	movdqu	(%rsi),%xmm2
 	pshufd	$78,%xmm2,%xmm2
@@ -873,12 +874,14 @@ gcm_init_clmul:
 .byte	102,15,58,15,227,8
 	movdqu	%xmm4,80(%rdi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	gcm_init_clmul,.-gcm_init_clmul
 .globl	gcm_gmult_clmul
 .hidden gcm_gmult_clmul
 .type	gcm_gmult_clmul,@function
 .align	16
 gcm_gmult_clmul:
+.cfi_startproc	
 .L_gmult_clmul:
 	movdqu	(%rdi),%xmm0
 	movdqa	.Lbswap_mask(%rip),%xmm5
@@ -925,12 +928,14 @@ gcm_gmult_clmul:
 .byte	102,15,56,0,197
 	movdqu	%xmm0,(%rdi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	gcm_gmult_clmul,.-gcm_gmult_clmul
 .globl	gcm_ghash_clmul
 .hidden gcm_ghash_clmul
 .type	gcm_ghash_clmul,@function
 .align	32
 gcm_ghash_clmul:
+.cfi_startproc	
 .L_ghash_clmul:
 	movdqa	.Lbswap_mask(%rip),%xmm10
 
@@ -1310,12 +1315,14 @@ gcm_ghash_clmul:
 .byte	102,65,15,56,0,194
 	movdqu	%xmm0,(%rdi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	gcm_ghash_clmul,.-gcm_ghash_clmul
 .globl	gcm_init_avx
 .hidden gcm_init_avx
 .type	gcm_init_avx,@function
 .align	32
 gcm_init_avx:
+.cfi_startproc	
 	vzeroupper
 
 	vmovdqu	(%rsi),%xmm2
@@ -1418,19 +1425,23 @@ gcm_init_avx:
 
 	vzeroupper
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	gcm_init_avx,.-gcm_init_avx
 .globl	gcm_gmult_avx
 .hidden gcm_gmult_avx
 .type	gcm_gmult_avx,@function
 .align	32
 gcm_gmult_avx:
+.cfi_startproc	
 	jmp	.L_gmult_clmul
+.cfi_endproc	
 .size	gcm_gmult_avx,.-gcm_gmult_avx
 .globl	gcm_ghash_avx
 .hidden gcm_ghash_avx
 .type	gcm_ghash_avx,@function
 .align	32
 gcm_ghash_avx:
+.cfi_startproc	
 	vzeroupper
 
 	vmovdqu	(%rdi),%xmm10
@@ -1802,6 +1813,7 @@ gcm_ghash_avx:
 	vmovdqu	%xmm10,(%rdi)
 	vzeroupper
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	gcm_ghash_avx,.-gcm_ghash_avx
 .align	64
 .Lbswap_mask:

third_party/boringssl/kit/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S

@@ -23,14 +23,13 @@
 CRYPTO_rdrand:
 .cfi_startproc	
 	xorq	%rax,%rax
-
-
-.byte	0x48, 0x0f, 0xc7, 0xf1
+.byte	72,15,199,242
 
 	adcq	%rax,%rax
-	movq	%rcx,0(%rdi)
+	movq	%rdx,0(%rdi)
 	.byte	0xf3,0xc3
 .cfi_endproc	
+.size	CRYPTO_rdrand,.-CRYPTO_rdrand
 
 
 
@@ -46,9 +45,7 @@ CRYPTO_rdrand_multiple8_buf:
 	jz	.Lout
 	movq	$8,%rdx
 .Lloop:
-
-
-.byte	0x48, 0x0f, 0xc7, 0xf1
+.byte	72,15,199,241
 	jnc	.Lerr
 	movq	%rcx,0(%rdi)
 	addq	%rdx,%rdi
@@ -61,4 +58,5 @@ CRYPTO_rdrand_multiple8_buf:
 	xorq	%rax,%rax
 	.byte	0xf3,0xc3
 .cfi_endproc	
+.size	CRYPTO_rdrand_multiple8_buf,.-CRYPTO_rdrand_multiple8_buf
 #endif

third_party/boringssl/kit/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S

@@ -1228,6 +1228,7 @@ rsaz_1024_mul_avx2:
 .type	rsaz_1024_red2norm_avx2,@function
 .align	32
 rsaz_1024_red2norm_avx2:
+.cfi_startproc	
 	subq	$-128,%rsi
 	xorq	%rax,%rax
 	movq	-128(%rsi),%r8
@@ -1419,6 +1420,7 @@ rsaz_1024_red2norm_avx2:
 	movq	%rax,120(%rdi)
 	movq	%r11,%rax
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2
 
 .globl	rsaz_1024_norm2red_avx2
@@ -1426,6 +1428,7 @@ rsaz_1024_red2norm_avx2:
 .type	rsaz_1024_norm2red_avx2,@function
 .align	32
 rsaz_1024_norm2red_avx2:
+.cfi_startproc	
 	subq	$-128,%rdi
 	movq	(%rsi),%r8
 	movl	$0x1fffffff,%eax
@@ -1578,12 +1581,14 @@ rsaz_1024_norm2red_avx2:
 	movq	%r8,176(%rdi)
 	movq	%r8,184(%rdi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2
 .globl	rsaz_1024_scatter5_avx2
 .hidden rsaz_1024_scatter5_avx2
 .type	rsaz_1024_scatter5_avx2,@function
 .align	32
 rsaz_1024_scatter5_avx2:
+.cfi_startproc	
 	vzeroupper
 	vmovdqu	.Lscatter_permd(%rip),%ymm5
 	shll	$4,%edx
@@ -1603,6 +1608,7 @@ rsaz_1024_scatter5_avx2:
 
 	vzeroupper
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2
 
 .globl	rsaz_1024_gather5_avx2
@@ -1727,25 +1733,6 @@ rsaz_1024_gather5_avx2:
 .cfi_endproc	
 .LSEH_end_rsaz_1024_gather5:
 .size	rsaz_1024_gather5_avx2,.-rsaz_1024_gather5_avx2
-.extern	OPENSSL_ia32cap_P
-.hidden OPENSSL_ia32cap_P
-.globl	rsaz_avx2_eligible
-.hidden rsaz_avx2_eligible
-.type	rsaz_avx2_eligible,@function
-.align	32
-rsaz_avx2_eligible:
-	leaq	OPENSSL_ia32cap_P(%rip),%rax
-	movl	8(%rax),%eax
-	movl	$524544,%ecx
-	movl	$0,%edx
-	andl	%eax,%ecx
-	cmpl	$524544,%ecx
-	cmovel	%edx,%eax
-	andl	$32,%eax
-	shrl	$5,%eax
-	.byte	0xf3,0xc3
-.size	rsaz_avx2_eligible,.-rsaz_avx2_eligible
-
 .align	64
 .Land_mask:
 .quad	0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff

third_party/boringssl/kit/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S

@@ -120,6 +120,181 @@ _vpaes_encrypt_core:
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.type	_vpaes_encrypt_core_2x,@function
+.align	16
+_vpaes_encrypt_core_2x:
+.cfi_startproc	
+	movq	%rdx,%r9
+	movq	$16,%r11
+	movl	240(%rdx),%eax
+	movdqa	%xmm9,%xmm1
+	movdqa	%xmm9,%xmm7
+	movdqa	.Lk_ipt(%rip),%xmm2
+	movdqa	%xmm2,%xmm8
+	pandn	%xmm0,%xmm1
+	pandn	%xmm6,%xmm7
+	movdqu	(%r9),%xmm5
+
+	psrld	$4,%xmm1
+	psrld	$4,%xmm7
+	pand	%xmm9,%xmm0
+	pand	%xmm9,%xmm6
+.byte	102,15,56,0,208
+.byte	102,68,15,56,0,198
+	movdqa	.Lk_ipt+16(%rip),%xmm0
+	movdqa	%xmm0,%xmm6
+.byte	102,15,56,0,193
+.byte	102,15,56,0,247
+	pxor	%xmm5,%xmm2
+	pxor	%xmm5,%xmm8
+	addq	$16,%r9
+	pxor	%xmm2,%xmm0
+	pxor	%xmm8,%xmm6
+	leaq	.Lk_mc_backward(%rip),%r10
+	jmp	.Lenc2x_entry
+
+.align	16
+.Lenc2x_loop:
+
+	movdqa	.Lk_sb1(%rip),%xmm4
+	movdqa	.Lk_sb1+16(%rip),%xmm0
+	movdqa	%xmm4,%xmm12
+	movdqa	%xmm0,%xmm6
+.byte	102,15,56,0,226
+.byte	102,69,15,56,0,224
+.byte	102,15,56,0,195
+.byte	102,65,15,56,0,243
+	pxor	%xmm5,%xmm4
+	pxor	%xmm5,%xmm12
+	movdqa	.Lk_sb2(%rip),%xmm5
+	movdqa	%xmm5,%xmm13
+	pxor	%xmm4,%xmm0
+	pxor	%xmm12,%xmm6
+	movdqa	-64(%r11,%r10,1),%xmm1
+
+.byte	102,15,56,0,234
+.byte	102,69,15,56,0,232
+	movdqa	(%r11,%r10,1),%xmm4
+
+	movdqa	.Lk_sb2+16(%rip),%xmm2
+	movdqa	%xmm2,%xmm8
+.byte	102,15,56,0,211
+.byte	102,69,15,56,0,195
+	movdqa	%xmm0,%xmm3
+	movdqa	%xmm6,%xmm11
+	pxor	%xmm5,%xmm2
+	pxor	%xmm13,%xmm8
+.byte	102,15,56,0,193
+.byte	102,15,56,0,241
+	addq	$16,%r9
+	pxor	%xmm2,%xmm0
+	pxor	%xmm8,%xmm6
+.byte	102,15,56,0,220
+.byte	102,68,15,56,0,220
+	addq	$16,%r11
+	pxor	%xmm0,%xmm3
+	pxor	%xmm6,%xmm11
+.byte	102,15,56,0,193
+.byte	102,15,56,0,241
+	andq	$0x30,%r11
+	subq	$1,%rax
+	pxor	%xmm3,%xmm0
+	pxor	%xmm11,%xmm6
+
+.Lenc2x_entry:
+
+	movdqa	%xmm9,%xmm1
+	movdqa	%xmm9,%xmm7
+	movdqa	.Lk_inv+16(%rip),%xmm5
+	movdqa	%xmm5,%xmm13
+	pandn	%xmm0,%xmm1
+	pandn	%xmm6,%xmm7
+	psrld	$4,%xmm1
+	psrld	$4,%xmm7
+	pand	%xmm9,%xmm0
+	pand	%xmm9,%xmm6
+.byte	102,15,56,0,232
+.byte	102,68,15,56,0,238
+	movdqa	%xmm10,%xmm3
+	movdqa	%xmm10,%xmm11
+	pxor	%xmm1,%xmm0
+	pxor	%xmm7,%xmm6
+.byte	102,15,56,0,217
+.byte	102,68,15,56,0,223
+	movdqa	%xmm10,%xmm4
+	movdqa	%xmm10,%xmm12
+	pxor	%xmm5,%xmm3
+	pxor	%xmm13,%xmm11
+.byte	102,15,56,0,224
+.byte	102,68,15,56,0,230
+	movdqa	%xmm10,%xmm2
+	movdqa	%xmm10,%xmm8
+	pxor	%xmm5,%xmm4
+	pxor	%xmm13,%xmm12
+.byte	102,15,56,0,211
+.byte	102,69,15,56,0,195
+	movdqa	%xmm10,%xmm3
+	movdqa	%xmm10,%xmm11
+	pxor	%xmm0,%xmm2
+	pxor	%xmm6,%xmm8
+.byte	102,15,56,0,220
+.byte	102,69,15,56,0,220
+	movdqu	(%r9),%xmm5
+
+	pxor	%xmm1,%xmm3
+	pxor	%xmm7,%xmm11
+	jnz	.Lenc2x_loop
+
+
+	movdqa	-96(%r10),%xmm4
+	movdqa	-80(%r10),%xmm0
+	movdqa	%xmm4,%xmm12
+	movdqa	%xmm0,%xmm6
+.byte	102,15,56,0,226
+.byte	102,69,15,56,0,224
+	pxor	%xmm5,%xmm4
+	pxor	%xmm5,%xmm12
+.byte	102,15,56,0,195
+.byte	102,65,15,56,0,243
+	movdqa	64(%r11,%r10,1),%xmm1
+
+	pxor	%xmm4,%xmm0
+	pxor	%xmm12,%xmm6
+.byte	102,15,56,0,193
+.byte	102,15,56,0,241
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_vpaes_encrypt_core_2x,.-_vpaes_encrypt_core_2x
+
+
+
+
+
+
 .type	_vpaes_decrypt_core,@function
 .align	16
 _vpaes_decrypt_core:
@@ -637,6 +812,14 @@ _vpaes_schedule_mangle:
 .align	16
 vpaes_set_encrypt_key:
 .cfi_startproc	
+#ifndef NDEBUG
+#ifndef BORINGSSL_FIPS
+.extern	BORINGSSL_function_hit
+.hidden BORINGSSL_function_hit
+	movb	$1,BORINGSSL_function_hit+5(%rip)
+#endif
+#endif
+
 	movl	%esi,%eax
 	shrl	$5,%eax
 	addl	$5,%eax
@@ -680,6 +863,13 @@ vpaes_set_decrypt_key:
 .align	16
 vpaes_encrypt:
 .cfi_startproc	
+#ifndef NDEBUG
+#ifndef BORINGSSL_FIPS
+.extern	BORINGSSL_function_hit
+.hidden BORINGSSL_function_hit
+	movb	$1,BORINGSSL_function_hit+4(%rip)
+#endif
+#endif
 	movdqu	(%rdi),%xmm0
 	call	_vpaes_preheat
 	call	_vpaes_encrypt_core
@@ -744,6 +934,69 @@ vpaes_cbc_encrypt:
 	.byte	0xf3,0xc3
 .cfi_endproc	
 .size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
+.globl	vpaes_ctr32_encrypt_blocks
+.hidden vpaes_ctr32_encrypt_blocks
+.type	vpaes_ctr32_encrypt_blocks,@function
+.align	16
+vpaes_ctr32_encrypt_blocks:
+.cfi_startproc	
+
+	xchgq	%rcx,%rdx
+	testq	%rcx,%rcx
+	jz	.Lctr32_abort
+	movdqu	(%r8),%xmm0
+	movdqa	.Lctr_add_one(%rip),%xmm8
+	subq	%rdi,%rsi
+	call	_vpaes_preheat
+	movdqa	%xmm0,%xmm6
+	pshufb	.Lrev_ctr(%rip),%xmm6
+
+	testq	$1,%rcx
+	jz	.Lctr32_prep_loop
+
+
+
+	movdqu	(%rdi),%xmm7
+	call	_vpaes_encrypt_core
+	pxor	%xmm7,%xmm0
+	paddd	%xmm8,%xmm6
+	movdqu	%xmm0,(%rsi,%rdi,1)
+	subq	$1,%rcx
+	leaq	16(%rdi),%rdi
+	jz	.Lctr32_done
+
+.Lctr32_prep_loop:
+
+
+	movdqa	%xmm6,%xmm14
+	movdqa	%xmm6,%xmm15
+	paddd	%xmm8,%xmm15
+
+.Lctr32_loop:
+	movdqa	.Lrev_ctr(%rip),%xmm1
+	movdqa	%xmm14,%xmm0
+	movdqa	%xmm15,%xmm6
+.byte	102,15,56,0,193
+.byte	102,15,56,0,241
+	call	_vpaes_encrypt_core_2x
+	movdqu	(%rdi),%xmm1
+	movdqu	16(%rdi),%xmm2
+	movdqa	.Lctr_add_two(%rip),%xmm3
+	pxor	%xmm1,%xmm0
+	pxor	%xmm2,%xmm6
+	paddd	%xmm3,%xmm14
+	paddd	%xmm3,%xmm15
+	movdqu	%xmm0,(%rsi,%rdi,1)
+	movdqu	%xmm6,16(%rsi,%rdi,1)
+	subq	$2,%rcx
+	leaq	32(%rdi),%rdi
+	jnz	.Lctr32_loop
+
+.Lctr32_done:
+.Lctr32_abort:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	vpaes_ctr32_encrypt_blocks,.-vpaes_ctr32_encrypt_blocks
 
 
 
@@ -866,6 +1119,17 @@ _vpaes_consts:
 .Lk_dsbo:
 .quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
 .quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
+
+
+.Lrev_ctr:
+.quad	0x0706050403020100, 0x0c0d0e0f0b0a0908
+
+
+.Lctr_add_one:
+.quad	0x0000000000000000, 0x0000000100000000
+.Lctr_add_two:
+.quad	0x0000000000000000, 0x0000000200000000
+
 .byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
 .align	64
 .size	_vpaes_consts,.-_vpaes_consts

third_party/boringssl/kit/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S

@@ -566,6 +566,7 @@ bn_mul4x_mont_gather5:
 .type	mul4x_internal,@function
 .align	32
 mul4x_internal:
+.cfi_startproc	
 	shlq	$5,%r9
 	movd	8(%rax),%xmm5
 	leaq	.Linc(%rip),%rax
@@ -1087,6 +1088,7 @@ mul4x_internal:
 	movq	16(%rbp),%r14
 	movq	24(%rbp),%r15
 	jmp	.Lsqr4x_sub_entry
+.cfi_endproc	
 .size	mul4x_internal,.-mul4x_internal
 .globl	bn_power5
 .hidden bn_power5
@@ -1232,6 +1234,7 @@ bn_power5:
 .align	32
 bn_sqr8x_internal:
 __bn_sqr8x_internal:
+.cfi_startproc	
 
 
 
@@ -2006,10 +2009,12 @@ __bn_sqr8x_reduction:
 	cmpq	%rdx,%rdi
 	jb	.L8x_reduction_loop
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	bn_sqr8x_internal,.-bn_sqr8x_internal
 .type	__bn_post4x_internal,@function
 .align	32
 __bn_post4x_internal:
+.cfi_startproc	
 	movq	0(%rbp),%r12
 	leaq	(%rdi,%r9,1),%rbx
 	movq	%r9,%rcx
@@ -2060,16 +2065,19 @@ __bn_post4x_internal:
 	movq	%r9,%r10
 	negq	%r9
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__bn_post4x_internal,.-__bn_post4x_internal
 .globl	bn_from_montgomery
 .hidden bn_from_montgomery
 .type	bn_from_montgomery,@function
 .align	32
 bn_from_montgomery:
+.cfi_startproc	
 	testl	$7,%r9d
 	jz	bn_from_mont8x
 	xorl	%eax,%eax
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	bn_from_montgomery,.-bn_from_montgomery
 
 .type	bn_from_mont8x,@function
@@ -2354,6 +2362,7 @@ bn_mulx4x_mont_gather5:
 .type	mulx4x_internal,@function
 .align	32
 mulx4x_internal:
+.cfi_startproc	
 	movq	%r9,8(%rsp)
 	movq	%r9,%r10
 	negq	%r9
@@ -2772,6 +2781,7 @@ mulx4x_internal:
 	movq	16(%rbp),%r14
 	movq	24(%rbp),%r15
 	jmp	.Lsqrx4x_sub_entry
+.cfi_endproc	
 .size	mulx4x_internal,.-mulx4x_internal
 .type	bn_powerx5,@function
 .align	32
@@ -3530,7 +3540,9 @@ __bn_sqrx8x_reduction:
 .cfi_endproc	
 .size	bn_sqrx8x_internal,.-bn_sqrx8x_internal
 .align	32
+.type	__bn_postx4x_internal,@function
 __bn_postx4x_internal:
+.cfi_startproc	
 	movq	0(%rbp),%r12
 	movq	%rcx,%r10
 	movq	%rcx,%r9
@@ -3578,12 +3590,14 @@ __bn_postx4x_internal:
 	negq	%r9
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__bn_postx4x_internal,.-__bn_postx4x_internal
 .globl	bn_scatter5
 .hidden bn_scatter5
 .type	bn_scatter5,@function
 .align	16
 bn_scatter5:
+.cfi_startproc	
 	cmpl	$0,%esi
 	jz	.Lscatter_epilogue
 	leaq	(%rdx,%rcx,8),%rdx
@@ -3596,6 +3610,7 @@ bn_scatter5:
 	jnz	.Lscatter
 .Lscatter_epilogue:
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	bn_scatter5,.-bn_scatter5
 
 .globl	bn_gather5
@@ -3603,9 +3618,11 @@ bn_scatter5:
 .type	bn_gather5,@function
 .align	32
 bn_gather5:
+.cfi_startproc	
 .LSEH_begin_bn_gather5:
 
 .byte	0x4c,0x8d,0x14,0x24
+.cfi_def_cfa_register	%r10
 .byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00
 	leaq	.Linc(%rip),%rax
 	andq	$-16,%rsp
@@ -3759,8 +3776,10 @@ bn_gather5:
 	jnz	.Lgather
 
 	leaq	(%r10),%rsp
+.cfi_def_cfa_register	%rsp
 	.byte	0xf3,0xc3
 .LSEH_end_bn_gather5:
+.cfi_endproc	
 .size	bn_gather5,.-bn_gather5
 .align	64
 .Linc:

third_party/boringssl/kit/linux-x86_64/crypto/test/trampoline-x86_64.S

@@ -25,7 +25,7 @@
 .hidden abi_test_trampoline
 .align	16
 abi_test_trampoline:
-.Labi_test_trampoline_begin:
+.Labi_test_trampoline_seh_begin:
 .cfi_startproc	
 
 
@@ -38,27 +38,27 @@ abi_test_trampoline:
 
 	subq	$120,%rsp
 .cfi_adjust_cfa_offset	120
-.Labi_test_trampoline_prolog_alloc:
+.Labi_test_trampoline_seh_prolog_alloc:
 	movq	%r8,48(%rsp)
 	movq	%rbx,64(%rsp)
 .cfi_offset	rbx, -64
-.Labi_test_trampoline_prolog_rbx:
+.Labi_test_trampoline_seh_prolog_rbx:
 	movq	%rbp,72(%rsp)
 .cfi_offset	rbp, -56
-.Labi_test_trampoline_prolog_rbp:
+.Labi_test_trampoline_seh_prolog_rbp:
 	movq	%r12,80(%rsp)
 .cfi_offset	r12, -48
-.Labi_test_trampoline_prolog_r12:
+.Labi_test_trampoline_seh_prolog_r12:
 	movq	%r13,88(%rsp)
 .cfi_offset	r13, -40
-.Labi_test_trampoline_prolog_r13:
+.Labi_test_trampoline_seh_prolog_r13:
 	movq	%r14,96(%rsp)
 .cfi_offset	r14, -32
-.Labi_test_trampoline_prolog_r14:
+.Labi_test_trampoline_seh_prolog_r14:
 	movq	%r15,104(%rsp)
 .cfi_offset	r15, -24
-.Labi_test_trampoline_prolog_r15:
-.Labi_test_trampoline_prolog_end:
+.Labi_test_trampoline_seh_prolog_r15:
+.Labi_test_trampoline_seh_prolog_end:
 	movq	0(%rsi),%rbx
 	movq	8(%rsi),%rbp
 	movq	16(%rsi),%r12
@@ -182,7 +182,7 @@ abi_test_unwind_stop:
 
 	.byte	0xf3,0xc3
 .cfi_endproc	
-.Labi_test_trampoline_end:
+.Labi_test_trampoline_seh_end:
 .size	abi_test_trampoline,.-abi_test_trampoline
 .type	abi_test_clobber_rax, @function
 .globl	abi_test_clobber_rax
@@ -441,13 +441,20 @@ abi_test_clobber_xmm15:
 .align	16
 abi_test_bad_unwind_wrong_register:
 .cfi_startproc	
+.Labi_test_bad_unwind_wrong_register_seh_begin:
 	pushq	%r12
 .cfi_adjust_cfa_offset	8
 .cfi_offset	%r13,-16
+.Labi_test_bad_unwind_wrong_register_seh_push_r13:
+
+
+
+	nop
 	popq	%r12
 .cfi_adjust_cfa_offset	-8
 .cfi_restore	%r12
 	.byte	0xf3,0xc3
+.Labi_test_bad_unwind_wrong_register_seh_end:
 .cfi_endproc	
 .size	abi_test_bad_unwind_wrong_register,.-abi_test_bad_unwind_wrong_register
 
@@ -460,15 +467,18 @@ abi_test_bad_unwind_wrong_register:
 .align	16
 abi_test_bad_unwind_temporary:
 .cfi_startproc	
+.Labi_test_bad_unwind_temporary_seh_begin:
 	pushq	%r12
 .cfi_adjust_cfa_offset	8
 .cfi_offset	%r12,-16
+.Labi_test_bad_unwind_temporary_seh_push_r12:
+
+	movq	%r12,%rax
+	incq	%rax
+	movq	%rax,(%rsp)
 
-	incq	%r12
-	movq	%r12,(%rsp)
 
 
-	decq	%r12
 	movq	%r12,(%rsp)
 
 
@@ -476,6 +486,7 @@ abi_test_bad_unwind_temporary:
 .cfi_adjust_cfa_offset	-8
 .cfi_restore	%r12
 	.byte	0xf3,0xc3
+.Labi_test_bad_unwind_temporary_seh_end:
 .cfi_endproc	
 .size	abi_test_bad_unwind_temporary,.-abi_test_bad_unwind_temporary
 
@@ -489,7 +500,7 @@ abi_test_get_and_clear_direction_flag:
 	pushfq
 	popq	%rax
 	andq	$0x400,%rax
-	shlq	$10,%rax
+	shrq	$10,%rax
 	cld
 	.byte	0xf3,0xc3
 .size	abi_test_get_and_clear_direction_flag,.-abi_test_get_and_clear_direction_flag