From 27e3c87fc1b33438a7a17b11e4aa9f1a69cfbc1a Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Sun, 8 Oct 2023 10:29:26 +0100
Subject: [PATCH 01/23] Suppport AESCE on A32 and T32

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aes.c   |  6 ++--
 library/aesce.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++---
 library/aesce.h |  2 +-
 3 files changed, 84 insertions(+), 8 deletions(-)

diff --git a/library/aes.c b/library/aes.c
index b61d089fa6..037a918373 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -35,9 +35,9 @@
 #include "mbedtls/error.h"
 
 #if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
-#if !((defined(MBEDTLS_ARCH_IS_ARM64) && defined(MBEDTLS_AESCE_C)) || \
-    (defined(MBEDTLS_ARCH_IS_X64)   && defined(MBEDTLS_AESNI_C)) || \
-    (defined(MBEDTLS_ARCH_IS_X86)   && defined(MBEDTLS_AESNI_C)))
+#if !((defined(MBEDTLS_ARCH_IS_ARMV8) && defined(MBEDTLS_AESCE_C)) || \
+    (defined(MBEDTLS_ARCH_IS_X64)     && defined(MBEDTLS_AESNI_C)) || \
+    (defined(MBEDTLS_ARCH_IS_X86)     && defined(MBEDTLS_AESNI_C)))
 #error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
 #endif
 #endif
diff --git a/library/aesce.c b/library/aesce.c
index 8b42b034f5..cc0015bc77 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -17,8 +17,17 @@
  *  limitations under the License.
  */
 
-#if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) && \
-    defined(__clang__) && __clang_major__ >= 4
+#if defined(__clang__) &&  (__clang_major__ >= 4)
+
+/* Ideally, we would simply use MBEDTLS_ARCH_IS_ARMV8 in the following #if,
+ * but that is defined by build_info.h, and we need this block to happen first. */
+#if defined(__ARM_ARCH)
+#if __ARM_ARCH >= 8
+#define MBEDTLS_AESCE_ARCH_IS_ARMV8
+#endif
+#endif
+
+#if defined(MBEDTLS_AESCE_ARCH_IS_ARMV8) && !defined(__ARM_FEATURE_CRYPTO)
 /* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
  *
  * The intrinsic declaration are guarded by predefined ACLE macros in clang:
@@ -39,6 +48,8 @@
 #define MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG
 #endif
 
+#endif /* defined(__clang__) &&  (__clang_major__ >= 4) */
+
 #include <string.h>
 #include "common.h"
 
@@ -46,7 +57,7 @@
 
 #include "aesce.h"
 
-#if defined(MBEDTLS_ARCH_IS_ARM64)
+#if defined(MBEDTLS_ARCH_IS_ARMV8)
 
 /* Compiler version checks. */
 #if defined(__clang__)
@@ -68,6 +79,71 @@
 
 #ifdef __ARM_NEON
 #include <arm_neon.h>
+
+#if defined(MBEDTLS_ARCH_IS_ARM32)
+#if defined(__clang__)
+/* On clang for A32/T32, work around some missing intrinsics and types */
+
+#ifndef vreinterpretq_p64_u8
+#define vreinterpretq_p64_u8 (poly64x2_t)
+#endif
+#ifndef vreinterpretq_u8_p128
+#define vreinterpretq_u8_p128 (uint8x16_t)
+#endif
+#ifndef vreinterpretq_u64_p64
+#define vreinterpretq_u64_p64 (uint64x2_t)
+#endif
+
+typedef uint8x16_t poly128_t;
+
+static inline poly128_t vmull_p64(poly64_t a, poly64_t b)
+{
+    poly128_t r;
+    asm ("vmull.p64	%[r], %[a], %[b]": [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :);
+    return r;
+}
+
+static inline poly64x1_t vget_low_p64(poly64x2_t a)
+{
+    return (poly64x1_t) vget_low_u64(vreinterpretq_u64_p64(a));
+}
+
+static inline poly128_t vmull_high_p64(poly64x2_t a, poly64x2_t b)
+{
+    return vmull_p64((poly64_t) (vget_high_u64((uint64x2_t) a)),
+                     (poly64_t) (vget_high_u64((uint64x2_t) b)));
+}
+
+#endif /* defined(__clang__) */
+
+static inline uint8x16_t vrbitq_u8(uint8x16_t x)
+{
+    /* There is no vrbitq_u8 instruction in A32/T32, so provide
+     * an equivalent non-Neon implementation. Reverse bit order in each
+     * byte with 4x rbit, rev. */
+    asm ("ldm  %[p], { r2-r5 } \n\t"
+         "rbit r2, r2          \n\t"
+         "rev  r2, r2          \n\t"
+         "rbit r3, r3          \n\t"
+         "rev  r3, r3          \n\t"
+         "rbit r4, r4          \n\t"
+         "rev  r4, r4          \n\t"
+         "rbit r5, r5          \n\t"
+         "rev  r5, r5          \n\t"
+         "stm  %[p], { r2-r5 } \n\t"
+         :
+         /* Output: 16 bytes of memory pointed to by &x */
+         "+m" (*(uint8_t(*)[16]) &x)
+         :
+         [p] "r" (&x)
+         :
+         "r2", "r3", "r4", "r5"
+         );
+    return x;
+}
+
+#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */
+
 #else
 #error "Target does not support NEON instructions"
 #endif
@@ -510,6 +586,6 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16],
 #undef MBEDTLS_POP_TARGET_PRAGMA
 #endif
 
-#endif /* MBEDTLS_ARCH_IS_ARM64 */
+#endif /* MBEDTLS_ARCH_IS_ARMV8 */
 
 #endif /* MBEDTLS_AESCE_C */
diff --git a/library/aesce.h b/library/aesce.h
index d24c423b81..97e2424167 100644
--- a/library/aesce.h
+++ b/library/aesce.h
@@ -31,7 +31,7 @@
 #include "mbedtls/aes.h"
 
 
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARM64)
+#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8)
 
 #define MBEDTLS_AESCE_HAVE_CODE
 

From 851cf5a325c6c1e3a794009e873cec02b4597b1d Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Sun, 8 Oct 2023 12:26:41 +0100
Subject: [PATCH 02/23] Fix runtime detection on A32/T32

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/library/aesce.c b/library/aesce.c
index cc0015bc77..11a22f6b67 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -190,6 +190,16 @@ int mbedtls_aesce_has_support_impl(void)
      * once, but that is harmless.
      */
     if (mbedtls_aesce_has_support_result == -1) {
+#if defined(MBEDTLS_ARCH_IS_ARM32)
+        unsigned long auxval  = getauxval(AT_HWCAP);
+        unsigned long auxval2 = getauxval(AT_HWCAP2);
+        if (((auxval  & HWCAP_NEON) == HWCAP_NEON) &&
+            ((auxval2 & HWCAP2_AES) == HWCAP2_AES)) {
+            mbedtls_aesce_has_support_result = 1;
+        } else {
+            mbedtls_aesce_has_support_result = 0;
+        }
+#else
         unsigned long auxval = getauxval(AT_HWCAP);
         if ((auxval & (HWCAP_ASIMD | HWCAP_AES)) ==
             (HWCAP_ASIMD | HWCAP_AES)) {
@@ -197,6 +207,7 @@ int mbedtls_aesce_has_support_impl(void)
         } else {
             mbedtls_aesce_has_support_result = 0;
         }
+#endif
     }
     return mbedtls_aesce_has_support_result;
 }

From 0c584039896625b0784519547d03f68a79528439 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Sun, 8 Oct 2023 12:26:54 +0100
Subject: [PATCH 03/23] Add build tests for AESCE on A32/T32

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 tests/scripts/all.sh | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f76edda4e9..6386964689 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -4391,6 +4391,38 @@ component_build_aes_aesce_armcc () {
     armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
 }
 
+support_build_aes_armce() {
+    # clang >= 4 is required to build with AES extensions
+    ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
+    [ "${ver}" -ge 4 ]
+}
+
+component_build_aes_armce () {
+    # Test variations of AES with Armv8 crypto extensions
+    scripts/config.py set MBEDTLS_AESCE_C
+    scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
+
+    msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
+    make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+
+    msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
+    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+
+    msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
+    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+
+    scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+
+    msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
+    make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+
+    msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
+    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+
+    msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
+    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+}
+
 support_build_sha_armce() {
     if command -v clang > /dev/null ; then
         # clang >= 4 is required to build with SHA extensions

From 18838f6c1ac0db987afe6c3036884bd58211963e Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Sun, 8 Oct 2023 12:28:51 +0100
Subject: [PATCH 04/23] Fix docs for MBEDTLS_AESCE_C

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 include/mbedtls/mbedtls_config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 73229ea912..f8811055a8 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2247,7 +2247,7 @@
 /**
  * \def MBEDTLS_AESCE_C
  *
- * Enable AES cryptographic extension support on 64-bit Arm.
+ * Enable AES cryptographic extension support on Armv8.
  *
  * Module:  library/aesce.c
  * Caller:  library/aes.c

From f82e0c470186a6489b182c184a087d3a512f566f Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Sun, 8 Oct 2023 12:30:49 +0100
Subject: [PATCH 05/23] Changelog

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 ChangeLog.d/armv8-aesce.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/armv8-aesce.txt

diff --git a/ChangeLog.d/armv8-aesce.txt b/ChangeLog.d/armv8-aesce.txt
new file mode 100644
index 0000000000..bc26e617a4
--- /dev/null
+++ b/ChangeLog.d/armv8-aesce.txt
@@ -0,0 +1,3 @@
+Features
+   * Support use of Arm Crypto Extensions for hardware acclerated AES on
+     Thumb and Arm targets.

From ece803b0aeb1956d75f1b7fee557d63e45b71bf1 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Sun, 8 Oct 2023 20:24:48 +0100
Subject: [PATCH 06/23] Fix behaviour for Armv8 targets without Neon

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c |  2 +-
 library/aesce.h | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/library/aesce.c b/library/aesce.c
index 11a22f6b67..ba09288fab 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -57,7 +57,7 @@
 
 #include "aesce.h"
 
-#if defined(MBEDTLS_ARCH_IS_ARMV8)
+#if defined(MBEDTLS_ARCH_IS_ARMV8) && defined(__ARM_NEON)
 
 /* Compiler version checks. */
 #if defined(__clang__)
diff --git a/library/aesce.h b/library/aesce.h
index 97e2424167..2cec2f3a15 100644
--- a/library/aesce.h
+++ b/library/aesce.h
@@ -2,7 +2,7 @@
  * \file aesce.h
  *
  * \brief Support hardware AES acceleration on Armv8-A processors with
- *        the Armv8-A Cryptographic Extension in AArch64 execution state.
+ *        the Armv8-A Cryptographic Extension.
  *
  * \warning These functions are only for internal use by other library
  *          functions; you must not call them directly.
@@ -31,7 +31,7 @@
 #include "mbedtls/aes.h"
 
 
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8)
+#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8) && defined(__ARM_NEON)
 
 #define MBEDTLS_AESCE_HAVE_CODE
 
@@ -128,6 +128,12 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk,
 }
 #endif
 
-#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARM64 */
+#else
+
+#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+#error "AES hardware acceleration not supported on this platform"
+#endif
+
+#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8 && __ARM_NEON */
 
 #endif /* MBEDTLS_AESCE_H */

From 4b8e8dc04304241e97378a562a2bb6901e086395 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Sun, 8 Oct 2023 21:41:40 +0100
Subject: [PATCH 07/23] Improve compiler version checking + docs + testing for
 armclang

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 include/mbedtls/mbedtls_config.h |  7 ++++---
 library/aesce.c                  |  9 +++++++++
 library/aesce.h                  |  2 +-
 tests/scripts/all.sh             | 13 ++++++++++---
 4 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index f8811055a8..4be2a21a06 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2258,13 +2258,14 @@
  *          system, Armv8-A Cryptographic Extensions must be supported by
  *          the CPU when this option is enabled.
  *
- * \note    Minimum compiler versions for this feature are Clang 4.0,
- *          armclang 6.6, GCC 6.0 or MSVC 2019 version 16.11.2.
+ * \note    Minimum compiler versions for this feature are Clang 4.0;
+ *          armclang 6.6 when targeting aarch64, or 6.20 when targeting
+ *          Thumb or 32-bit Arm; GCC 6.0; or MSVC 2019 version 16.11.2.
  *
  * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
  * armclang <= 6.9
  *
- * This module adds support for the AES Armv8-A Cryptographic Extensions on Aarch64 systems.
+ * This module adds support for the AES Armv8-A Cryptographic Extensions on Armv8 systems.
  */
 #define MBEDTLS_AESCE_C
 
diff --git a/library/aesce.c b/library/aesce.c
index ba09288fab..2b45a9f999 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -75,6 +75,15 @@
 #   if _MSC_VER < 1929
 #       error "Minimum version of MSVC for MBEDTLS_AESCE_C is 2019 version 16.11.2."
 #   endif
+#elif defined(__ARMCC_VERSION)
+#    if defined(MBEDTLS_ARCH_IS_ARM32) && (__ARMCC_VERSION < 6200002)
+/* TODO: We haven't verified armclang for 32-bit Arm/Thumb prior to 6.20.
+ * If someone verified that, please update this and document of
+ * `MBEDTLS_AESCE_C` in `mbedtls_config.h`. */
+#         error "Minimum version of armclang for MBEDTLS_AESCE_C on 32-bit Arm is 6.20."
+#    elif defined(MBEDTLS_ARCH_IS_ARM64) && (__ARMCC_VERSION < 6060000)
+#         error "Minimum version of armclang for MBEDTLS_AESCE_C on aarch64 is 6.6."
+#    endif
 #endif
 
 #ifdef __ARM_NEON
diff --git a/library/aesce.h b/library/aesce.h
index 2cec2f3a15..149845976e 100644
--- a/library/aesce.h
+++ b/library/aesce.h
@@ -130,7 +130,7 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk,
 
 #else
 
-#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && defined(MBEDTLS_ARCH_IS_ARMV8)
 #error "AES hardware acceleration not supported on this platform"
 #endif
 
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6386964689..9f2952d2a9 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -5044,6 +5044,9 @@ component_build_armcc () {
     # armc[56] don't support SHA-512 intrinsics
     scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
 
+    # older versions of armcc/armclang don't support AESCE_C on 32-bit Arm
+    scripts/config.py unset MBEDTLS_AESCE_C
+
     # Stop armclang warning about feature detection for A64_CRYPTO.
     # With this enabled, the library does build correctly under armclang,
     # but in baremetal builds (as tested here), feature detection is
@@ -5078,14 +5081,18 @@ component_build_armcc () {
     # ARM Compiler 6 - Target ARMv8-M
     armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
 
-    # ARM Compiler 6 - Target ARMv8.2-A - AArch64
-    armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
-
     # ARM Compiler 6 - Target Cortex-M0 - no optimisation
     armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
 
     # ARM Compiler 6 - Target Cortex-M0
     armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
+
+    # ARM Compiler 6 - Target ARMv8.2-A - AArch64
+    #
+    # Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang
+    # that we have in our CI
+    scripts/config.py set MBEDTLS_AESCE_C
+    armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
 }
 
 support_build_armcc () {

From 472a1906d5d37a2a17cbac5e91b5ae74e929b4b6 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Sun, 8 Oct 2023 22:14:41 +0100
Subject: [PATCH 08/23] fix tabs

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/aesce.c b/library/aesce.c
index 2b45a9f999..3ba6a60594 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -108,7 +108,7 @@ typedef uint8x16_t poly128_t;
 static inline poly128_t vmull_p64(poly64_t a, poly64_t b)
 {
     poly128_t r;
-    asm ("vmull.p64	%[r], %[a], %[b]": [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :);
+    asm ("vmull.p64 %[r], %[a], %[b]": [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :);
     return r;
 }
 

From b622ff8ac0586ea85706df4c8f390461a5427011 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Sun, 8 Oct 2023 22:25:16 +0100
Subject: [PATCH 09/23] Fix tests for older versions of clang

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 tests/scripts/all.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 9f2952d2a9..91d0a255ef 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -4403,7 +4403,7 @@ component_build_aes_armce () {
     scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
 
     msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
-    make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+    make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
 
     msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
     make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
@@ -4414,7 +4414,7 @@ component_build_aes_armce () {
     scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
 
     msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
-    make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+    make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
 
     msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
     make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"

From 48b965d9413515a6dedd60c2bc7e09dd5bcb1485 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 9 Oct 2023 12:19:44 +0100
Subject: [PATCH 10/23] Update clang version requirements

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 include/mbedtls/mbedtls_config.h | 7 ++++---
 library/aesce.c                  | 6 ++++--
 tests/scripts/all.sh             | 2 +-
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 4be2a21a06..cbcffa4c36 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2258,9 +2258,10 @@
  *          system, Armv8-A Cryptographic Extensions must be supported by
  *          the CPU when this option is enabled.
  *
- * \note    Minimum compiler versions for this feature are Clang 4.0;
- *          armclang 6.6 when targeting aarch64, or 6.20 when targeting
- *          Thumb or 32-bit Arm; GCC 6.0; or MSVC 2019 version 16.11.2.
+ * \note    Minimum compiler versions for this feature when targeting aarch64
+ *          are Clang 4.0; armclang 6.6; GCC 6.0; or MSVC 2019 version 16.11.2.
+ *          Minimum compiler versions for this feature when targeting 32-bit
+ *          Arm or Thumb are Clang 11.0; armclang 6.20; or GCC 6.0.
  *
  * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
  * armclang <= 6.9
diff --git a/library/aesce.c b/library/aesce.c
index 3ba6a60594..caf9560cda 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -61,8 +61,10 @@
 
 /* Compiler version checks. */
 #if defined(__clang__)
-#   if __clang_major__ < 4
-#       error "Minimum version of Clang for MBEDTLS_AESCE_C is 4.0."
+#   if defined(MBEDTLS_ARCH_IS_ARM32) && (__clang_major__ < 11)
+#       error "Minimum version of Clang for MBEDTLS_AESCE_C on 32-bit Arm or Thumb is 111.0."
+#   elif defined(MBEDTLS_ARCH_IS_ARM64) && (__clang_major__ < 4)
+#       error "Minimum version of Clang for MBEDTLS_AESCE_C on aarch64 is 4.0."
 #   endif
 #elif defined(__GNUC__)
 #   if __GNUC__ < 6
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 91d0a255ef..d84bdb7bd3 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -4394,7 +4394,7 @@ component_build_aes_aesce_armcc () {
 support_build_aes_armce() {
     # clang >= 4 is required to build with AES extensions
     ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
-    [ "${ver}" -ge 4 ]
+    [ "${ver}" -ge 11 ]
 }
 
 component_build_aes_armce () {

From f60e44d0633d2585cc2a0b2336dd565c6076ed08 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 9 Oct 2023 13:40:36 +0100
Subject: [PATCH 11/23] Add link to ACLE docs in comment

Co-authored-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/aesce.c b/library/aesce.c
index caf9560cda..6a65043316 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -93,7 +93,7 @@
 
 #if defined(MBEDTLS_ARCH_IS_ARM32)
 #if defined(__clang__)
-/* On clang for A32/T32, work around some missing intrinsics and types */
+/* On clang for A32/T32, work around some missing intrinsics and types which are listed in [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1) */
 
 #ifndef vreinterpretq_p64_u8
 #define vreinterpretq_p64_u8 (poly64x2_t)

From 2c25bdb7cfbb74b69cda03e8e60ebabaeb987c92 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 9 Oct 2023 13:41:51 +0100
Subject: [PATCH 12/23] Don't use #ifdef on vreinterpretq_xxx

Co-authored-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/library/aesce.c b/library/aesce.c
index 6a65043316..8c1db91fc8 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -95,15 +95,9 @@
 #if defined(__clang__)
 /* On clang for A32/T32, work around some missing intrinsics and types which are listed in [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1) */
 
-#ifndef vreinterpretq_p64_u8
 #define vreinterpretq_p64_u8 (poly64x2_t)
-#endif
-#ifndef vreinterpretq_u8_p128
 #define vreinterpretq_u8_p128 (uint8x16_t)
-#endif
-#ifndef vreinterpretq_u64_p64
 #define vreinterpretq_u64_p64 (uint64x2_t)
-#endif
 
 typedef uint8x16_t poly128_t;
 

From f4ee5d4c94d834e3814ecafeac4ff1bde22ae047 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 9 Oct 2023 13:42:38 +0100
Subject: [PATCH 13/23] Code style

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/aesce.c b/library/aesce.c
index 8c1db91fc8..4c85941b2a 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -104,7 +104,7 @@ typedef uint8x16_t poly128_t;
 static inline poly128_t vmull_p64(poly64_t a, poly64_t b)
 {
     poly128_t r;
-    asm ("vmull.p64 %[r], %[a], %[b]": [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :);
+    asm ("vmull.p64 %[r], %[a], %[b]" : [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :);
     return r;
 }
 

From 46267f6a2d80902aaea2c7468e0849d1cfc1d273 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 9 Oct 2023 14:47:50 +0100
Subject: [PATCH 14/23] Tidy-up: move GCM code into one place

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c | 131 +++++++++++++++++++++++++-----------------------
 1 file changed, 68 insertions(+), 63 deletions(-)

diff --git a/library/aesce.c b/library/aesce.c
index 4c85941b2a..ffebbfd27a 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -90,65 +90,6 @@
 
 #ifdef __ARM_NEON
 #include <arm_neon.h>
-
-#if defined(MBEDTLS_ARCH_IS_ARM32)
-#if defined(__clang__)
-/* On clang for A32/T32, work around some missing intrinsics and types which are listed in [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1) */
-
-#define vreinterpretq_p64_u8 (poly64x2_t)
-#define vreinterpretq_u8_p128 (uint8x16_t)
-#define vreinterpretq_u64_p64 (uint64x2_t)
-
-typedef uint8x16_t poly128_t;
-
-static inline poly128_t vmull_p64(poly64_t a, poly64_t b)
-{
-    poly128_t r;
-    asm ("vmull.p64 %[r], %[a], %[b]" : [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :);
-    return r;
-}
-
-static inline poly64x1_t vget_low_p64(poly64x2_t a)
-{
-    return (poly64x1_t) vget_low_u64(vreinterpretq_u64_p64(a));
-}
-
-static inline poly128_t vmull_high_p64(poly64x2_t a, poly64x2_t b)
-{
-    return vmull_p64((poly64_t) (vget_high_u64((uint64x2_t) a)),
-                     (poly64_t) (vget_high_u64((uint64x2_t) b)));
-}
-
-#endif /* defined(__clang__) */
-
-static inline uint8x16_t vrbitq_u8(uint8x16_t x)
-{
-    /* There is no vrbitq_u8 instruction in A32/T32, so provide
-     * an equivalent non-Neon implementation. Reverse bit order in each
-     * byte with 4x rbit, rev. */
-    asm ("ldm  %[p], { r2-r5 } \n\t"
-         "rbit r2, r2          \n\t"
-         "rev  r2, r2          \n\t"
-         "rbit r3, r3          \n\t"
-         "rev  r3, r3          \n\t"
-         "rbit r4, r4          \n\t"
-         "rev  r4, r4          \n\t"
-         "rbit r5, r5          \n\t"
-         "rev  r5, r5          \n\t"
-         "stm  %[p], { r2-r5 } \n\t"
-         :
-         /* Output: 16 bytes of memory pointed to by &x */
-         "+m" (*(uint8_t(*)[16]) &x)
-         :
-         [p] "r" (&x)
-         :
-         "r2", "r3", "r4", "r5"
-         );
-    return x;
-}
-
-#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */
-
 #else
 #error "Target does not support NEON instructions"
 #endif
@@ -457,24 +398,87 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk,
 
 #if defined(MBEDTLS_GCM_C)
 
-#if !defined(__clang__) && defined(__GNUC__) && __GNUC__ == 5
+#if defined(MBEDTLS_ARCH_IS_ARM32)
+
+#if defined(__clang__)
+/* On clang for A32/T32, work around some missing intrinsics and types which are listed in
+ * [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1)
+ * These are only required for GCM.
+ */
+#define vreinterpretq_p64_u8(a)  ((poly64x2_t) a)
+#define vreinterpretq_u8_p128(a) ((uint8x16_t) a)
+#define vreinterpretq_u64_p64(a) ((uint64x2_t) a)
+
+typedef uint8x16_t poly128_t;
+
+static inline poly128_t vmull_p64(poly64_t a, poly64_t b)
+{
+    poly128_t r;
+    asm ("vmull.p64 %[r], %[a], %[b]" : [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :);
+    return r;
+}
+
+static inline poly64x1_t vget_low_p64(poly64x2_t a)
+{
+    uint64x1_t r = vget_low_u64(vreinterpretq_u64_p64(a));
+    return (poly64x1_t) r;
+}
+
+static inline poly128_t vmull_high_p64(poly64x2_t a, poly64x2_t b)
+{
+    return vmull_p64((poly64_t) (vget_high_u64((uint64x2_t) a)),
+                     (poly64_t) (vget_high_u64((uint64x2_t) b)));
+}
+
+#endif /* defined(__clang__) */
+
+static inline uint8x16_t vrbitq_u8(uint8x16_t x)
+{
+    /* There is no vrbitq_u8 instruction in A32/T32, so provide
+     * an equivalent non-Neon implementation. Reverse bit order in each
+     * byte with 4x rbit, rev. */
+    asm ("ldm  %[p], { r2-r5 } \n\t"
+         "rbit r2, r2          \n\t"
+         "rev  r2, r2          \n\t"
+         "rbit r3, r3          \n\t"
+         "rev  r3, r3          \n\t"
+         "rbit r4, r4          \n\t"
+         "rev  r4, r4          \n\t"
+         "rbit r5, r5          \n\t"
+         "rev  r5, r5          \n\t"
+         "stm  %[p], { r2-r5 } \n\t"
+         :
+         /* Output: 16 bytes of memory pointed to by &x */
+         "+m" (*(uint8_t(*)[16]) &x)
+         :
+         [p] "r" (&x)
+         :
+         "r2", "r3", "r4", "r5"
+         );
+    return x;
+}
+#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */
+
+
+#if defined(MBEDTLS_COMPILER_IS_GCC) && __GNUC__ == 5
 /* Some intrinsics are not available for GCC 5.X. */
 #define vreinterpretq_p64_u8(a) ((poly64x2_t) a)
 #define vreinterpretq_u8_p128(a) ((uint8x16_t) a)
+
 static inline poly64_t vget_low_p64(poly64x2_t __a)
 {
     uint64x2_t tmp = (uint64x2_t) (__a);
     uint64x1_t lo = vcreate_u64(vgetq_lane_u64(tmp, 0));
     return (poly64_t) (lo);
 }
-#endif /* !__clang__ && __GNUC__ && __GNUC__ == 5*/
+#endif /* MBEDTLS_COMPILER_IS_GCC && __GNUC__ == 5 */
 
 /* vmull_p64/vmull_high_p64 wrappers.
  *
  * Older compilers miss some intrinsic functions for `poly*_t`. We use
  * uint8x16_t and uint8x16x3_t as input/output parameters.
  */
-#if defined(__GNUC__) && !defined(__clang__)
+#if defined(MBEDTLS_COMPILER_IS_GCC)
 /* GCC reports incompatible type error without cast. GCC think poly64_t and
  * poly64x1_t are different, that is different with MSVC and Clang. */
 #define MBEDTLS_VMULL_P64(a, b) vmull_p64((poly64_t) a, (poly64_t) b)
@@ -483,7 +487,8 @@ static inline poly64_t vget_low_p64(poly64x2_t __a)
  * error with/without cast. And I think poly64_t and poly64x1_t are same, no
  * cast for clang also. */
 #define MBEDTLS_VMULL_P64(a, b) vmull_p64(a, b)
-#endif
+#endif /* MBEDTLS_COMPILER_IS_GCC */
+
 static inline uint8x16_t pmull_low(uint8x16_t a, uint8x16_t b)
 {
 

From 7057c08d10a3772e78ba2c456b1242d8602885e4 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 9 Oct 2023 17:54:29 +0100
Subject: [PATCH 15/23] Don't fail tests if hwcap.h not present

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 tests/scripts/all.sh | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d84bdb7bd3..53810014cc 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -4411,16 +4411,21 @@ component_build_aes_armce () {
     msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
     make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
 
-    scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+    # we need asm/hwcap.h available for runtime detection
+    if (echo '#include <asm/hwcap.h>' | clang -E - >/dev/null 2>&1); then
+        scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
 
-    msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
-    make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+        msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
+        make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
 
-    msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
-    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+        msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
+        make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
 
-    msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
-    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+        msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
+        make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+    else
+        msg "can't include <asm/hwcap.h> - skipping runtime detection tests"
+    fi
 }
 
 support_build_sha_armce() {

From 90291dfe3354bf7084e0e97b6212ed8a53fffee8 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 10 Oct 2023 09:51:16 +0100
Subject: [PATCH 16/23] Share some definitions that are common for clang and
 GCC 5

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/library/aesce.c b/library/aesce.c
index ffebbfd27a..8ce8fe29cd 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -405,8 +405,6 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk,
  * [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1)
  * These are only required for GCM.
  */
-#define vreinterpretq_p64_u8(a)  ((poly64x2_t) a)
-#define vreinterpretq_u8_p128(a) ((uint8x16_t) a)
 #define vreinterpretq_u64_p64(a) ((uint64x2_t) a)
 
 typedef uint8x16_t poly128_t;
@@ -418,11 +416,8 @@ static inline poly128_t vmull_p64(poly64_t a, poly64_t b)
     return r;
 }
 
-static inline poly64x1_t vget_low_p64(poly64x2_t a)
-{
-    uint64x1_t r = vget_low_u64(vreinterpretq_u64_p64(a));
-    return (poly64x1_t) r;
-}
+/* This is set to cause some more missing intrinsics to be defined below */
+#define COMMON_MISSING_INTRINSICS
 
 static inline poly128_t vmull_high_p64(poly64x2_t a, poly64x2_t b)
 {
@@ -457,21 +452,30 @@ static inline uint8x16_t vrbitq_u8(uint8x16_t x)
          );
     return x;
 }
-#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */
 
+#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */
 
 #if defined(MBEDTLS_COMPILER_IS_GCC) && __GNUC__ == 5
 /* Some intrinsics are not available for GCC 5.X. */
-#define vreinterpretq_p64_u8(a) ((poly64x2_t) a)
+#define COMMON_MISSING_INTRINSICS
+#endif /* MBEDTLS_COMPILER_IS_GCC && __GNUC__ == 5 */
+
+
+#if defined(COMMON_MISSING_INTRINSICS)
+
+/* Missing intrinsics common to both GCC 5, and Clang on 32-bit */
+
+#define vreinterpretq_p64_u8(a)  ((poly64x2_t) a)
 #define vreinterpretq_u8_p128(a) ((uint8x16_t) a)
 
-static inline poly64_t vget_low_p64(poly64x2_t __a)
+static inline poly64x1_t vget_low_p64(poly64x2_t a)
 {
-    uint64x2_t tmp = (uint64x2_t) (__a);
-    uint64x1_t lo = vcreate_u64(vgetq_lane_u64(tmp, 0));
-    return (poly64_t) (lo);
+    uint64x1_t r = vget_low_u64(vreinterpretq_u64_p64(a));
+    return (poly64x1_t) r;
+
 }
-#endif /* MBEDTLS_COMPILER_IS_GCC && __GNUC__ == 5 */
+
+#endif /* COMMON_MISSING_INTRINSICS */
 
 /* vmull_p64/vmull_high_p64 wrappers.
  *

From b34fe8b88b9f4c0bfa55c5699a635aa11b0a8ec2 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 10 Oct 2023 09:52:46 +0100
Subject: [PATCH 17/23] Fix #error typo

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/aesce.c b/library/aesce.c
index 8ce8fe29cd..752e00822f 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -62,7 +62,7 @@
 /* Compiler version checks. */
 #if defined(__clang__)
 #   if defined(MBEDTLS_ARCH_IS_ARM32) && (__clang_major__ < 11)
-#       error "Minimum version of Clang for MBEDTLS_AESCE_C on 32-bit Arm or Thumb is 111.0."
+#       error "Minimum version of Clang for MBEDTLS_AESCE_C on 32-bit Arm or Thumb is 11.0."
 #   elif defined(MBEDTLS_ARCH_IS_ARM64) && (__clang_major__ < 4)
 #       error "Minimum version of Clang for MBEDTLS_AESCE_C on aarch64 is 4.0."
 #   endif

From cb5c9fb0c23a3ecf3e69a5be0e3dc11f1bed148f Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 10 Oct 2023 10:06:02 +0100
Subject: [PATCH 18/23] Add volatile to prevent asm being optimised out

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/aesce.c b/library/aesce.c
index 752e00822f..e36c6d42d8 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -568,7 +568,7 @@ static inline uint8x16_t poly_mult_reduce(uint8x16x3_t input)
     /* use 'asm' as an optimisation barrier to prevent loading MODULO from
      * memory. It is for GNUC compatible compilers.
      */
-    asm ("" : "+w" (r));
+    asm volatile ("" : "+w" (r));
 #endif
     uint8x16_t const MODULO = vreinterpretq_u8_u64(vshrq_n_u64(r, 64 - 8));
     uint8x16_t h, m, l; /* input high/middle/low 128b */

From 9fd1b526c332d314b3cb235e28cd1fc12a1ace19 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 10 Oct 2023 15:23:44 +0100
Subject: [PATCH 19/23] Use MBEDTLS_ARCH_IS_ARMV8_A not MBEDTLS_ARCH_IS_ARMV8

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aes.c   |  6 +++---
 library/aesce.c | 10 +++++-----
 library/aesce.h |  6 +++---
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/library/aes.c b/library/aes.c
index 037a918373..4972fba1a8 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -35,9 +35,9 @@
 #include "mbedtls/error.h"
 
 #if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
-#if !((defined(MBEDTLS_ARCH_IS_ARMV8) && defined(MBEDTLS_AESCE_C)) || \
-    (defined(MBEDTLS_ARCH_IS_X64)     && defined(MBEDTLS_AESNI_C)) || \
-    (defined(MBEDTLS_ARCH_IS_X86)     && defined(MBEDTLS_AESNI_C)))
+#if !((defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(MBEDTLS_AESCE_C)) || \
+    (defined(MBEDTLS_ARCH_IS_X64)       && defined(MBEDTLS_AESNI_C)) || \
+    (defined(MBEDTLS_ARCH_IS_X86)       && defined(MBEDTLS_AESNI_C)))
 #error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
 #endif
 #endif
diff --git a/library/aesce.c b/library/aesce.c
index e36c6d42d8..2f9ccb5418 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -19,15 +19,15 @@
 
 #if defined(__clang__) &&  (__clang_major__ >= 4)
 
-/* Ideally, we would simply use MBEDTLS_ARCH_IS_ARMV8 in the following #if,
+/* Ideally, we would simply use MBEDTLS_ARCH_IS_ARMV8_A in the following #if,
  * but that is defined by build_info.h, and we need this block to happen first. */
 #if defined(__ARM_ARCH)
 #if __ARM_ARCH >= 8
-#define MBEDTLS_AESCE_ARCH_IS_ARMV8
+#define MBEDTLS_AESCE_ARCH_IS_ARMV8_A
 #endif
 #endif
 
-#if defined(MBEDTLS_AESCE_ARCH_IS_ARMV8) && !defined(__ARM_FEATURE_CRYPTO)
+#if defined(MBEDTLS_AESCE_ARCH_IS_ARMV8_A) && !defined(__ARM_FEATURE_CRYPTO)
 /* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
  *
  * The intrinsic declaration are guarded by predefined ACLE macros in clang:
@@ -57,7 +57,7 @@
 
 #include "aesce.h"
 
-#if defined(MBEDTLS_ARCH_IS_ARMV8) && defined(__ARM_NEON)
+#if defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(__ARM_NEON)
 
 /* Compiler version checks. */
 #if defined(__clang__)
@@ -611,6 +611,6 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16],
 #undef MBEDTLS_POP_TARGET_PRAGMA
 #endif
 
-#endif /* MBEDTLS_ARCH_IS_ARMV8 */
+#endif /* MBEDTLS_ARCH_IS_ARMV8_A */
 
 #endif /* MBEDTLS_AESCE_C */
diff --git a/library/aesce.h b/library/aesce.h
index 149845976e..819413bea8 100644
--- a/library/aesce.h
+++ b/library/aesce.h
@@ -31,7 +31,7 @@
 #include "mbedtls/aes.h"
 
 
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8) && defined(__ARM_NEON)
+#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(__ARM_NEON)
 
 #define MBEDTLS_AESCE_HAVE_CODE
 
@@ -130,10 +130,10 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk,
 
 #else
 
-#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && defined(MBEDTLS_ARCH_IS_ARMV8)
+#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && defined(MBEDTLS_ARCH_IS_ARMV8_A)
 #error "AES hardware acceleration not supported on this platform"
 #endif
 
-#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8 && __ARM_NEON */
+#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8_A && __ARM_NEON */
 
 #endif /* MBEDTLS_AESCE_H */

From 2fe5b8563741441a1fc18c0de4485b1c94dfa58b Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 10 Oct 2023 15:26:45 +0100
Subject: [PATCH 20/23] Update Changelog to specify Armv8-A

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 ChangeLog.d/armv8-aesce.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog.d/armv8-aesce.txt b/ChangeLog.d/armv8-aesce.txt
index bc26e617a4..999d439ed8 100644
--- a/ChangeLog.d/armv8-aesce.txt
+++ b/ChangeLog.d/armv8-aesce.txt
@@ -1,3 +1,3 @@
 Features
-   * Support use of Arm Crypto Extensions for hardware acclerated AES on
+   * Support use of Armv8-A Crypto Extensions for hardware acclerated AES on
      Thumb and Arm targets.

From f3501b454fe9cf6f3a45dcb5c34e07b84d168e13 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Wed, 11 Oct 2023 16:21:25 +0100
Subject: [PATCH 21/23] Test for presence/absence of AES instructions

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 tests/scripts/all.sh | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 53810014cc..3c2c632b03 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -4426,6 +4426,31 @@ component_build_aes_armce () {
     else
         msg "can't include <asm/hwcap.h> - skipping runtime detection tests"
     fi
+
+    # test for presence of AES instructions
+    scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
+    msg "clang, test A32 crypto instructions built"
+    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+    grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+    msg "clang, test T32 crypto instructions built"
+    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+    grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+    msg "clang, test aarch64 crypto instructions built"
+    make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+    grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
+
+    # test for absence of AES instructions
+    scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+    scripts/config.py unset MBEDTLS_AESCE_C
+    msg "clang, test A32 crypto instructions not built"
+    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+    not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+    msg "clang, test T32 crypto instructions not built"
+    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+    not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+    msg "clang, test aarch64 crypto instructions not built"
+    make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+    not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
 }
 
 support_build_sha_armce() {

From c61990634cb26da933f3e882ab3fe46dae37fe74 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Thu, 12 Oct 2023 11:59:04 +0100
Subject: [PATCH 22/23] Clarify changelog

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 ChangeLog.d/armv8-aesce.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.d/armv8-aesce.txt b/ChangeLog.d/armv8-aesce.txt
index 999d439ed8..ec5889c1ba 100644
--- a/ChangeLog.d/armv8-aesce.txt
+++ b/ChangeLog.d/armv8-aesce.txt
@@ -1,3 +1,3 @@
 Features
-   * Support use of Armv8-A Crypto Extensions for hardware acclerated AES on
-     Thumb and Arm targets.
+   * Support use of Armv8-A Cryptographic Extensions for hardware acclerated
+     AES when compiling for Thumb (T32) or 32-bit Arm (A32).

From 5e41937eba275522033cdc4235644d28570189a6 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 23 Oct 2023 15:30:20 +0100
Subject: [PATCH 23/23] Remove dependency on asm/hwcap.h

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aesce.c      | 13 ++++++++++++-
 tests/scripts/all.sh | 19 +++++++------------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/library/aesce.c b/library/aesce.c
index 2f9ccb5418..f547eaa93a 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -118,8 +118,19 @@
 
 #if defined(__linux__) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
 
-#include <asm/hwcap.h>
 #include <sys/auxv.h>
+#if !defined(HWCAP_NEON)
+#define HWCAP_NEON  (1 << 12)
+#endif
+#if !defined(HWCAP2_AES)
+#define HWCAP2_AES  (1 << 0)
+#endif
+#if !defined(HWCAP_AES)
+#define HWCAP_AES   (1 << 3)
+#endif
+#if !defined(HWCAP_ASIMD)
+#define HWCAP_ASIMD (1 << 1)
+#endif
 
 signed char mbedtls_aesce_has_support_result = -1;
 
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 3c2c632b03..73bcc856d9 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -4411,21 +4411,16 @@ component_build_aes_armce () {
     msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
     make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
 
-    # we need asm/hwcap.h available for runtime detection
-    if (echo '#include <asm/hwcap.h>' | clang -E - >/dev/null 2>&1); then
-        scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+    scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
 
-        msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
-        make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+    msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
+    make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
 
-        msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
-        make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+    msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
+    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
 
-        msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
-        make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
-    else
-        msg "can't include <asm/hwcap.h> - skipping runtime detection tests"
-    fi
+    msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
+    make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
 
     # test for presence of AES instructions
     scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY