briansmith · briansmith · Jan 14, 2025 · Dec 7, 2023 · Dec 12, 2023 · Dec 12, 2023
diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl
@@ -200,7 +200,7 @@ sub ROUND {
 .extern OPENSSL_armcap_P
 .hidden OPENSSL_armcap_P
 .LOPENSSL_armcap:
-.word   OPENSSL_armcap_P-.LChaCha20_ctr32
+.word   OPENSSL_armcap_P-.Lsigma
 #else
 .word	-1
 #endif
@@ -212,11 +212,7 @@ sub ROUND {
 .LChaCha20_ctr32:
 	ldr	r12,[sp,#0]		@ pull pointer to counter and nonce
 	stmdb	sp!,{r0-r2,r4-r11,lr}
-#if __ARM_ARCH<7 && !defined(__thumb2__)
-	sub	r14,pc,#16		@ ChaCha20_ctr32
-#else
-	adr	r14,.LChaCha20_ctr32
-#endif
+	adr	r14,.Lsigma
 	cmp	r2,#0			@ len==0?
 #ifdef	__thumb2__
 	itt	eq
@@ -226,7 +222,7 @@ sub ROUND {
 #if __ARM_MAX_ARCH__>=7
 	cmp	r2,#192			@ test len
 	bls	.Lshort
-	ldr	r4,[r14,#-32]
+	ldr	r4,[r14,#32]
 	ldr	r4,[r14,r4]
 # ifdef	__APPLE__
 	ldr	r4,[r4]
@@ -237,7 +233,6 @@ sub ROUND {
 #endif
 	ldmia	r12,{r4-r7}		@ load counter and nonce
 	sub	sp,sp,#4*(16)		@ off-load area
-	sub	r14,r14,#64		@ .Lsigma
 	stmdb	sp!,{r4-r7}		@ copy counter and nonce
 	ldmia	r3,{r4-r11}		@ load key
 	ldmia	r14,{r0-r3}		@ load sigma

diff --git a/crypto/fipsmodule/sha/asm/sha256-armv4.pl b/crypto/fipsmodule/sha/asm/sha256-armv4.pl
@@ -229,11 +229,7 @@ sub BODY_16_XX {
 .type	sha256_block_data_order,%function
 sha256_block_data_order:
 .Lsha256_block_data_order:
-#if __ARM_ARCH<7 && !defined(__thumb2__)
-	sub	r3,pc,#8		@ sha256_block_data_order
-#else
 	adr	r3,.Lsha256_block_data_order
-#endif
 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
 	ldr	r12,.LOPENSSL_armcap
 	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
@@ -248,6 +244,8 @@ sub BODY_16_XX {
 	add	$len,$inp,$len,lsl#6	@ len to point at the end of inp
 	stmdb	sp!,{$ctx,$inp,$len,r4-r11,lr}
 	ldmia	$ctx,{$A,$B,$C,$D,$E,$F,$G,$H}
+	@ TODO(davidben): When the OPENSSL_armcap logic above is removed,
+	@ replace this with a simple ADR.
 	sub	$Ktbl,r3,#256+32	@ K256
 	sub	sp,sp,#16*4		@ alloca(X[16])
 .Loop:

diff --git a/crypto/fipsmodule/sha/asm/sha512-armv4.pl b/crypto/fipsmodule/sha/asm/sha512-armv4.pl
@@ -290,11 +290,7 @@ ()
 .type	sha512_block_data_order,%function
 sha512_block_data_order:
 .Lsha512_block_data_order:
-#if __ARM_ARCH<7 && !defined(__thumb2__)
-	sub	r3,pc,#8		@ sha512_block_data_order
-#else
 	adr	r3,.Lsha512_block_data_order
-#endif
 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
 	ldr	r12,.LOPENSSL_armcap
 	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
@@ -306,6 +302,8 @@ ()
 #endif
 	add	$len,$inp,$len,lsl#7	@ len to point at the end of inp
 	stmdb	sp!,{r4-r12,lr}
+	@ TODO(davidben): When the OPENSSL_armcap logic above is removed,
+	@ replace this with a simple ADR.
 	sub	$Ktbl,r3,#672		@ K512
 	sub	sp,sp,#9*8
 

diff --git a/include/ring-core/target.h b/include/ring-core/target.h
@@ -77,6 +77,12 @@
 #endif
 #endif
 
+// Disable 32-bit Arm assembly on Apple platforms. The last iOS version that
+// supported 32-bit Arm was iOS 10.
+#if defined(OPENSSL_APPLE) && defined(OPENSSL_ARM)
+#define OPENSSL_ASM_INCOMPATIBLE
+#endif
+
 #if defined(OPENSSL_ASM_INCOMPATIBLE)
 #undef OPENSSL_ASM_INCOMPATIBLE
 #if !defined(OPENSSL_NO_ASM)