Comment 2 for bug 1880332

This is a compiler bug affecting (at least) libcrypto.so.1.1:

  179d90: d503233f paciasp
  179d94: a9bb7bfd stp x29, x30, [sp, #-80]!
...
  17a400: d50323bf autiasp
  17a404: f84507fd ldr x29, [sp], #80
  17a408: d65f03c0 ret

The PAC happens with the initial sp:

  X30=0000005501de55fc SP=00000055018477a0

while the AUTH happens with the decremented sp:

  X30=0011005501de55fc SP=0000005501847750

Since the salt (sp) is different for the two operations, the
authorization should and does fail:

  X30=0020005501de55fc

Note bit 53 is now set in x30, which is the error indication.

The compiler must move the authiasp down below the ldr pop.