summaryrefslogtreecommitdiffstats
path: root/crypto/chacha (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Ignore vendor name in Clang version number.Jung-uk Kim2020-08-282-2/+2
| | | | | | | | | | | | | | | | | | For example, FreeBSD prepends "FreeBSD" to version string, e.g., FreeBSD clang version 11.0.0 (git@github.com:llvm/llvm-project.git llvmorg-11.0.0-rc2-0-g414f32a9e86) Target: x86_64-unknown-freebsd13.0 Thread model: posix InstalledDir: /usr/bin This prevented us from properly detecting AVX support, etc. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12725)
* Update copyright yearRichard Levitte2020-07-161-1/+1
| | | | | Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12463)
* Add and use internal header that implements endianness checkRichard Levitte2020-07-111-5/+3
| | | | | | | | | This moves test/ossl_test_endian.h to include/internal/endian.h and thereby makes the macros in there our standard way to check endianness in run-time. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12390)
* Update copyright yearMatt Caswell2020-04-236-6/+6
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
* Also check for errors in x86_64-xlate.pl.David Benjamin2020-02-177-7/+7
| | | | | | | | | | | | | | In https://github.com/openssl/openssl/pull/10883, I'd meant to exclude the perlasm drivers since they aren't opening pipes and do not particularly need it, but I only noticed x86_64-xlate.pl, so arm-xlate.pl and ppc-xlate.pl got the change. That seems to have been fine, so be consistent and also apply the change to x86_64-xlate.pl. Checking for errors is generally a good idea. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/10930)
* Do not silently truncate files on perlasm errorsDavid Benjamin2020-01-227-7/+7
| | | | | | | | | | | | | | | If one of the perlasm xlate drivers crashes, OpenSSL's build will currently swallow the error and silently truncate the output to however far the driver got. This will hopefully fail to build, but better to check such things. Handle this by checking for errors when closing STDOUT (which is a pipe to the xlate driver). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10883)
* For all assembler scripts where it matters, recognise clang > 9.xRichard Levitte2020-01-172-2/+2
| | | | | | | Fixes #10853 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10855)
* chacha/asm/chacha-armv8.pl: preserve FP registers d8 and d9 correctlyArd Biesheuvel2019-11-281-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | Depending on the size of the input, we may take different paths through the accelerated arm64 ChaCha20 routines, each of which use a different subset of the FP registers, some of which need to be preserved and restored, as required by the AArch64 calling convention (AAPCS64) In some cases, (e.g., when the input size is 640 bytes), we call the 512 byte NEON path followed directly by the scalar path, and in this case, we preserve and restore d8 and d9, only to clobber them again immediately before handing over to the scalar path which does not touch the FP registers at all, and hence does not restore them either. Fix this by moving the restoration of d8 and d9 to a later stage in the 512 byte routine, either before calling the scalar path, or when exiting the function. Fixes #10470 CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10497)
* chacha_enc.c: fix for EBCDIC platformsJoerg Schmidbauer2019-11-131-4/+13
| | | | | | | | Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10417)
* s390x assembly pack: perlasm module updatePatrick Steuer2019-11-051-1/+1
| | | | | | | | | | | - add instructions: clfi, stck, stckf, kdsa - clfi and clgfi belong to extended-immediate (not long-displacement) - some cleanup Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10346)
* Reorganize private crypto header filesDr. Matthias St. Pierre2019-09-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
* Unify all assembler file generatorsRichard Levitte2019-09-168-24/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | They now generally conform to the following argument sequence: script.pl "$(PERLASM_SCHEME)" [ C preprocessor arguments ... ] \ $(PROCESSOR) <output file> However, in the spirit of being able to use these scripts manually, they also allow for no argument, or for only the flavour, or for only the output file. This is done by only using the last argument as output file if it's a file (it has an extension), and only using the first argument as flavour if it isn't a file (it doesn't have an extension). While we're at it, we make all $xlate calls the same, i.e. the $output argument is always quoted, and we always die on error when trying to start $xlate. There's a perl lesson in this, regarding operator priority... This will always succeed, even when it fails: open FOO, "something" || die "ERR: $!"; The reason is that '||' has higher priority than list operators (a function is essentially a list operator and gobbles up everything following it that isn't lower priority), and since a non-empty string is always true, so that ends up being exactly the same as: open FOO, "something"; This, however, will fail if "something" can't be opened: open FOO, "something" or die "ERR: $!"; The reason is that 'or' has lower priority that list operators, i.e. it's performed after the 'open' call. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9884)
* build.info: For all assembler generators, remove all argumentsRichard Levitte2019-09-161-9/+8
| | | | | | | | Since the arguments are now generated in the build file templates, they should be removed from the build.info files. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9884)
* Move chacha_asm_src file information to build.info filesRichard Levitte2019-06-171-1/+26
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9166)
* s390x assembly pack: remove chacha20 dependency on non-base memnonicsPatrick Steuer2019-04-251-1/+1
| | | | | | | | Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8181)
* chacha/asm/chacha-armv8.pl: replace 3+1 code paths with 4+1.Andy Polyakov2019-04-171-201/+353
| | | | | | | | | The change is triggered by ThunderX2 where 3+1 was slower than scalar code path, but it helps all processors [to handle <512 inputs]. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8776)
* ARM64 assembly pack: add ThunderX2 results.Andy Polyakov2019-04-171-0/+1
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8776)
* IA64 assembly pack: add {chacha|poly1305}-ia64 modules.Andy Polyakov2019-03-292-0/+293
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8540)
* s390x assembly pack: import chacha from cryptogams repoPatrick Steuer2019-03-111-287/+719
| | | | | | | | | | | featuring 6x"horizontal" code path which is up to 25% faster than present 4x"vertical" for larger blocks. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8287)
* ARM64 assembly pack: make it Windows-friendly.Andy Polyakov2019-02-161-14/+5
| | | | | | | | | | | "Windows friendliness" means a) unified PIC-ification, unified across all platforms; b) unified commantary delimiter; c) explicit ldur/stur, as Visual Studio assembler can't automatically encode ldr/str as ldur/stur when needed. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8256)
* ARM assembly pack: make it Windows-friendly.Andy Polyakov2019-02-161-2/+9
| | | | | | | | | | | | | | | "Windows friendliness" means a) flipping .thumb and .text directives, b) always generate Thumb-2 code when asked(*); c) Windows-specific references to external OPENSSL_armcap_P. (*) so far *some* modules were compiled as .code 32 even if Thumb-2 was targeted. It works at hardware level because processor can alternate between the modes with no overhead. But clang --target=arm-windows's builtin assembler just refuses to compile .code 32... Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8252)
* s390x assembly pack: fix formal interface bug in chacha modulePatrick Steuer2019-02-161-1/+1
| | | | | | | | Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8257)
* AArch64 assembly pack: authenticate return addresses.Andy Polyakov2019-02-121-0/+8
| | | | | | | | | | | | ARMv8.3 adds pointer authentication extension, which in this case allows to ensure that, when offloaded to stack, return address is same at return as at entry to the subroutine. The new instructions are nops on processors that don't implement the extension, so that the vetification is backward compatible. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8205)
* Build: Remove BEGINRAW / ENDRAW / OVERRIDERichard Levitte2019-01-311-7/+2
| | | | | | | | | | It was an ugly hack to avoid certain problems that are no more. Also added GENERATE lines for perlasm scripts that didn't have that explicitly. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8125)
* crypto/chacha/asm/chacha-s390x.pl: add vx code path.Patrick Steuer2019-01-052-259/+558
| | | | | | | | Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6919)
* Following the license change, modify the boilerplates in crypto/chacha/Richard Levitte2018-12-068-8/+8
| | | | | | | [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7781)
* chacha/asm/chacha-x86_64.pl: add dedicated path for 128-byte inputs.Andy Polyakov2018-07-031-74/+221
| | | | | | | | The 128-byte vectors are extensively used in chacha20_poly1305_tls_cipher and dedicated code path is ~30-50% faster on most platforms. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6626)
* Update copyright yearMatt Caswell2018-06-201-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6538)
* {chacha|poly1305}/asm/*-x64.pl: harmonize clang version detection.Andy Polyakov2018-06-181-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6499)
* chacha/asm/chacha-ppc.pl: fix big-endian build.Andy Polyakov2018-06-081-5/+6
| | | | | | | | | It's kind of a "brown-bag" bug, as I did recognize the problem and verified an ad-hoc solution, but failed to follow up with cross-checks prior filing previous merge request. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6435)
* chacha/asm/chacha-ppc.pl: improve performance by 40/80% on POWER8/9.Andy Polyakov2018-06-061-8/+407
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6419)
* chacha/asm/chacha-ppc.pl: improve POWER8 performance by 15%.Andy Polyakov2018-06-031-33/+41
| | | | | | | | This comes at cost of minor 2.5% regression on G4, which is reasonable trade-off. [Further improve compliance with ABI requirements.] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6406)
* PPC assembly pack: correct POWER9 results.Andy Polyakov2018-06-031-1/+1
| | | | | | | | | | As it turns out originally published results were skewed by "turbo" mode. VM apparently remains oblivious to dynamic frequency scaling, and reports that processor operates at "base" frequency at all times. While actual frequency gets increased under load. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6406)
* chacha/asm/chacha-ppc.pl: optimize AltiVec/VMX code path.Andy Polyakov2018-05-301-49/+35
| | | | | | | | | 32-bit vector rotate instruction was defined from beginning, it not being used from the start must be a brain-slip... Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6363)
* Update copyright yearMatt Caswell2018-05-291-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6371)
* PPC assembly pack: add POWER9 results.Andy Polyakov2018-05-101-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Harmonize the make variables across all known platforms familiesRichard Levitte2018-02-141-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | The make variables LIB_CFLAGS, DSO_CFLAGS and so on were used in addition to CFLAGS and so on. This works without problem on Unix and Windows, where options with different purposes (such as -D and -I) can appear anywhere on the command line and get accumulated as they come. This is not necessarely so on VMS. For example, macros must all be collected and given through one /DEFINE, and the same goes for inclusion directories (/INCLUDE). So, to harmonize all platforms, we repurpose make variables starting with LIB_, DSO_ and BIN_ to be all encompassing variables that collects the corresponding values from CFLAGS, CPPFLAGS, DEFINES, INCLUDES and so on together with possible config target values specific for libraries DSOs and programs, and use them instead of the general ones everywhere. This will, for example, allow VMS to use the exact same generators for generated files that go through cpp as all other platforms, something that has been impossible to do safely before now. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5357)
* Processing GNU-style "make variables" - separate CPP flags from C flagsRichard Levitte2018-01-281-1/+3
| | | | | | | | | | | | C preprocessor flags get separated from C flags, which has the advantage that we don't get loads of macro definitions and inclusion directory specs when linking shared libraries, DSOs and programs. This is a step to add support for "make variables" when configuring. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5177)
* chacha/asm/chacha-x86_64.pl: add AVX512VL code path.Andy Polyakov2017-12-081-4/+588
| | | | | | | | 256-bit AVX512VL was estimated to deliver ~50% improvement over AVX2 and it did live up to the expectations. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4838)
* Fix chacha-armv4.pl with clang -fno-integrated-as.David Benjamin2017-11-281-1/+3
| | | | | | | | | | | The __clang__-guarded #defines cause gas to complain if clang is passed -fno-integrated-as. Emitting .syntax unified when those are used fixes this. This matches the change made to ghash-armv4.pl in 6cf412c473d8145562b76219ce3da73b201b3255. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/3694)
* chacha/asm/chacha-x86_64.pl: fix sporadic crash in AVX512 code path.Andy Polyakov2017-11-251-1/+1
| | | | | | | | Only chacha_internal_test is affected, since this path is not used from EVP. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4758)
* ARMv8 assembly pack: add Qualcomm Kryo results.Andy Polyakov2017-11-131-0/+1
| | | | | | [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org>
* Many spelling fixes/typo's corrected.Josh Soref2017-11-121-1/+1
| | | | | | | | | Around 138 distinct errors found and fixed; thanks! Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3459)
* x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results.Andy Polyakov2017-07-211-2/+4
| | | | | | | | | | | | | | | | | | "Optimize" is in quotes because it's rather a "salvage operation" for now. Idea is to identify processor capability flags that drive Knights Landing to suboptimial code paths and mask them. Two flags were identified, XSAVE and ADCX/ADOX. Former affects choice of AES-NI code path specific for Silvermont (Knights Landing is of Silvermont "ancestry"). And 64-bit ADCX/ADOX instructions are effectively mishandled at decode time. In both cases we are looking at ~2x improvement. AVX-512 results cover even Skylake-X :-) Hardware used for benchmarking courtesy of Atos, experiments run by Romain Dolbeau <romain.dolbeau@atos.net>. Kudos! Reviewed-by: Rich Salz <rsalz@openssl.org>
* x86_64 assembly pack: fill some blanks in Ryzen results.Andy Polyakov2017-07-031-1/+1
| | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
* Remove filename argument to x86 asm_init.David Benjamin2017-05-111-1/+1
| | | | | | | | | | | | | | | The assembler already knows the actual path to the generated file and, in other perlasm architectures, is left to manage debug symbols itself. Notably, in OpenSSL 1.1.x's new build system, which allows a separate build directory, converting .pl to .s as the scripts currently do result in the wrong paths. This also avoids inconsistencies from some of the files using $0 and some passing in the filename. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3431)
* x86_64 assembly pack: add some Ryzen performance results.Andy Polyakov2017-03-221-0/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* chacha/asm/chacha-x86_64.pl: add CFI annotations.Andy Polyakov2017-02-261-0/+41
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* x86_64 assembly pack: Win64 SEH face-lift.Andy Polyakov2017-02-061-135/+380
| | | | | | | | - harmonize handlers with guidelines and themselves; - fix some bugs in handlers; - add missing handlers in chacha and ecp_nistz256 modules; Reviewed-by: Rich Salz <rsalz@openssl.org>
* chacha/asm/chacha-x86_64.pl: add AVX512 path optimized for shorter inputs.Andy Polyakov2016-12-251-26/+249
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>