Created attachment 162344 [details]
ARM AES code generated by OpenSSL perl script.
Whilst experimenting with the OpenSSL ARM assembler code, I discovered that clang is incorrectly handling immediate operands.
This is using:
% cc -c aes_arm.s
% objdump -d aes_arm.o | less
% cc -v
FreeBSD clang version 3.6.1 (tags/RELEASE_361/final 237755) 20150525
Thread model: posix
The source code (attached) includes:
sub r3,pc,#8 @ AES_encrypt
mov r12,r0 @ inp
sub r10,r3,#AES_encrypt-AES_Te @ Te
#AES_encrypt-AES_Te is 1344 or 0x540. clang compiles this subtraction to 0xe243a540 - which decompiles to:
e243a540 sub sl, r3, #268435456 ; 0x10000000
because the 12-bit immediate field is not a direct binary number but is a 4-bit rotation followed by a 8-bit binary value. A correct value for this field would be (eg) 0xe54. Note that as(1) gets compiles the instruction to:
e243ad15 sub sl, r3, #1344 ; 0x540
Created attachment 162367 [details]
perl script to generate ARM immediate constants
Some experimenting with the attached script shows that the C compiler correctly handles constants in the C to object and C to asm cases but not the asm to object case.