From 0af616bd8e8b2ec1baf350f86a7209951b73a620 Mon Sep 17 00:00:00 2001
From: kettenis <kettenis@openbsd.org>
Date: Mon, 15 May 2023 09:58:06 +0000
Subject: [PATCH] Turn on pointer-authentication on arm64 as well by default. 
 This means we effectively enable -mbranch-protection=standard on arm64 now.

ok deraadt@
---
 gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp b/gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp
index 524c0098bf8..ddc77ec4534 100644
--- a/gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp
+++ b/gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp
@@ -1819,8 +1819,11 @@ void Clang::AddAArch64TargetArgs(const ArgList &Args,
     if (IndirectBranches)
       CmdArgs.push_back("-mbranch-target-enforce");
   } else {
-    if (Triple.isOSOpenBSD())
+    if (Triple.isOSOpenBSD()) {
+      CmdArgs.push_back("-msign-return-address=non-leaf");
+      CmdArgs.push_back("-msign-return-address-key=a_key");
       CmdArgs.push_back("-mbranch-target-enforce");
+    }
   }
 
   // Handle -msve_vector_bits=<bits>
-- 
2.20.1