6279 Commits

Author SHA1 Message Date
Brian Smith
4c4babe6ad Take BoringSSL f3cc7a3: perlasm/x86_64-xlate.pl: fix pair of typo-bugs in the new cfi_directive. 2017-03-27 11:53:54 -10:00
Brian Smith
b9f4d184ca Take BoringSSL 4c40531: perlasm/x86_64-xlate.pl: typo fix in comment. 2017-03-27 11:53:31 -10:00
Brian Smith
60342f5320 Merge BoringSSL cb1b333: x86_64 assembly pack: Win64 SEH face-lift. 2017-03-27 11:53:07 -10:00
Brian Smith
727d05a993 Ignore BoringSSL 5960a90^..dc90e39. 2017-03-27 10:48:28 -10:00
Brian Smith
96699831fa Take BoringSSL 0f28691: Fix a few typos. 2017-03-27 10:48:08 -10:00
Brian Smith
6ddc0aac16 Ignore BoringSSL 83a3212^..26e1ff3. 2017-03-27 10:47:48 -10:00
Brian Smith
a3ef5f1ad8 Merge BoringSSL 004bff3: chacha/asm/chacha-x86_64.pl: add AVX512 path optimized for shorter inputs. 2017-03-27 10:46:53 -10:00
Brian Smith
7a9fc07128 Take BoringSSL cf9a98c: x86 assembly pack: update performance results. 2017-03-27 10:43:55 -10:00
Brian Smith
739c1bd647 Take BoringSSL 51079b4: x86_64 assembly pack: add AVX512 ChaCha20 path. 2017-03-27 10:43:33 -10:00
Brian Smith
42222f722d Take BoringSSL b99dc55: chacha/asm/chacha-x86.pl: improve [backward] portability. 2017-03-27 10:43:10 -10:00
Brian Smith
25c198ec05 Take BoringSSL 5ca18d8: chacha-x86.pl: simplify feature setting. 2017-03-27 10:42:54 -10:00
Brian Smith
399bdf43ea Take BoringSSL 766a6fd: Revert "OpenSSL: make final reduction in Montgomery multiplication constant-time." 2017-03-27 10:42:07 -10:00
Brian Smith
a98860e5ad Merge BoringSSL 0bf9d6d: bn/asm/x86[_64]-mont*.pl: implement slightly alternative page-walking. 2017-03-27 10:40:29 -10:00
Brian Smith
696434c304 Merge BoringSSL ff7fb71: x86_64 assembly pack: add Goldmont performance results. 2017-03-27 10:30:20 -10:00
Brian Smith
138326b33b Merge BoringSSL 952f7bf: Spelling fixes in Perl files. 2017-03-27 10:29:53 -10:00
Brian Smith
a5b1572277 Merge BoringSSL 86c0692: Skylake performance results. 2017-03-27 10:27:53 -10:00
Brian Smith
b06f8b5f4a Merge BoringSSL c948d46: Remove trailing whitespace from Perl files. 2017-03-27 10:27:30 -10:00
Brian Smith
a60d5ed7da Take BoringSSL 073a06d: On Windows, page walking is known as __chkstk. 2017-03-27 10:22:23 -10:00
Brian Smith
7f5b3e2105 Take BoringSSL b834450: Explain *cough*-dows. 2017-03-27 10:22:05 -10:00
Brian Smith
cdbcced0e2 Take BoringSSL edcd8fd: bn/asm/x86[_64]-mont*.pl: complement alloca with page-walking. 2017-03-27 10:21:38 -10:00
Brian Smith
3012942032 Take BoringSSL 689eb3d: x86_64-xlate.pl: import fix(?) from upstream. 2017-03-27 10:21:17 -10:00
Brian Smith
c55ade121f Take BoringSSL 9ad43cb: x86_64-xlate.pl: drop some whitespace. 2017-03-27 10:21:00 -10:00
Brian Smith
e9b19705ca Take BoringSSL 9be3238: perlasm/x86_64-xlate.pl: recognize DWARF CFI directives. 2017-03-27 10:20:44 -10:00
Brian Smith
afad3d9fad Ignore BoringSSL 7d7554b^..16b1b1d. 2017-03-27 10:20:24 -10:00
Brian Smith
12c07951fd Take BoringSSL 949628a: perlasm/x86_64-xlate.pl: remove obsolete .picmeup synthetic directive. 2017-03-27 10:17:30 -10:00
Brian Smith
1a2695b684 Take BoringSSL 2512663: perlasm/x86_64-xlate.pl: minor readability updates. 2017-03-27 10:17:10 -10:00
Brian Smith
19e79e42bf Take BoringSSL 3149979: perlasm/x86_64-xlate.pl: clarify SEH coding guidelines. 2017-03-27 10:16:49 -10:00
Brian Smith
9e34b1b194 Take BoringSSL 4229d26: perlasm/x86_64-xlate.pl: add support for AVX512 OPMASK-ing. 2017-03-27 10:16:31 -10:00
Brian Smith
f98730530c Ignore BoringSSL c68e5b9^..137e2f8. 2017-03-27 10:16:01 -10:00
Brian Smith
069fbf850e Skip BoringSSL 6445391: chacha20_poly1305_x86_64.pl: Suppress Yasm non-local label warnings. 2017-03-27 10:14:43 -10:00
Brian Smith
f53cfad9e5 Ignore BoringSSL 5fa2cdf^..dc8c1d9. 2017-03-27 10:13:52 -10:00
Brian Smith
d4fa5cac26 Take BoringSSL 772a5be: Reorder the X25519 ladderstep stack frame on x86-64. 2017-03-27 10:10:34 -10:00
Brian Smith
dab5883bfb Ignore BoringSSL 6342111^..8671c47. 2017-03-27 10:10:08 -10:00
Brian Smith
3a7773213e Merge BoringSSL 5c9d411: Fix some compact unwind errors.
*ring* doesn't have chacha20_poly1305_x86_64.pl, so just merge the
change to x25519-asm-x86_64.S.
2017-03-27 10:09:28 -10:00
Brian Smith
f44e1a4fa8 Ignore BoringSSL 7cd0a97^..17b3083. 2017-03-27 10:01:17 -10:00
Brian Smith
32e6052252 Add note about GFp_x25519_x86_64() incompatibility with Windows. 2017-03-27 10:00:35 -10:00
Brian Smith
580b802e14 Merge BoringSSL 3f38d80: Add CFI information to the x86-64 X25519 asm.
See important follow-ups.
2017-03-27 09:58:58 -10:00
Brian Smith
13eb0a7846 Ignore BoringSSL '8c2480f'. 2017-03-27 09:41:52 -10:00
Brian Smith
3919cd7f1f Skip test_large_digest_sha1 test on ARM Android to prevent timeouts.
The test is too slow and causes timeouts on Travis CI. The test is
testing cross-platform logic that rarely changes, so it should be OK to
rely on the results of running this test on other targets.
2017-03-27 09:25:57 -10:00
Brian Smith
82784ad5db Automatically determine encodings of products in ring::ec::suite_b. 2017-03-26 21:08:39 -10:00
Brian Smith
ea6d63b5c7 Use Encoding, not ReductionEncoding, as E bound in ring::ec::suite_b.
Not every encoding is a `ReductionEncoding`, though it happens that
every encoding actually in `ring::ec::suite_b` is one. This doesn't
have any semantic effect.
2017-03-26 21:06:29 -10:00
Brian Smith
e3c0e990da Abstract calculation of an unary op from a binary op in ring::ec::suite_b. 2017-03-26 19:30:53 -10:00
Brian Smith
eae407d33f Factor out Elem construction in ring::ec::suite_b.
Previously the functions `rab()` and friends operated on limb slices
so they could be polymorphic over `Scalar`, `ScalarMont`, `Elem`, and
`ElemDecoded` when those types were unrelated. Now those types are all
defined in terms of `ring::ec::suite_b::ops::elem::Elem` so we can
improve this.

Replace the short mnemonic names with longer more descriptive names.
2017-03-26 19:30:02 -10:00
Brian Smith
40eb673645 Clarify unreduced Elems are only used in one place in ring::ec::suite_b.
Now that all the (paranoia-driven) confusion regarding partial
reductions has been resolved, there's only one place where we
actually have to deal with partially-reduced inputs in
`ring::ec::suite_b`: When converting a (truncated) digest to a
scalar in ECDSA. Make that clearer by moving the logic to the function
that does the digest to scalar conversion.
2017-03-26 17:58:02 -10:00
Brian Smith
f3df7e3722 Avoid unnecessary reduction in ring::ec::suite_b's elem_mul_mixed().
This one remaining unnecessary reduction was due to the fact that
`elem_mul_mixed()` wasn't implemented in terms of `elem_reduced()`.
2017-03-26 17:57:19 -10:00
Brian Smith
785111edd9 Remove now-unnecessary elem_reduced() in ring::ec::suite_b.
These reductions aren't necessary because all field element arithmetic
is now fully reduced.
2017-03-26 17:17:15 -10:00
Brian Smith
90589ca082 Replace ScalarMont with Scalar<R> = Elem<N, R> in ring::ec::suite_b. 2017-03-26 15:36:55 -10:00
Brian Smith
6e015c6356 Simplify ECC scalar multiplication code.
Originally there was a concern that nistz256 scalar multiplication
didn't fully reduce its output, but that concern turned out to be
a misunderstanding. Simplify the code accordingly.
2017-03-26 15:36:54 -10:00
Brian Smith
94d9b0eec7 Add P-256 scalar Montgomery squaring tests. 2017-03-26 15:36:53 -10:00
Brian Smith
1c42454155 Automatically test inverse of ECC element negation.
This makes the “elem_neg” tests similar in structure to the other
related tests, and makes the input file shorter.
2017-03-26 15:36:53 -10:00