Brian Smith
4c4babe6ad
Take BoringSSL f3cc7a3: perlasm/x86_64-xlate.pl: fix pair of typo-bugs in the new cfi_directive.
2017-03-27 11:53:54 -10:00
Brian Smith
b9f4d184ca
Take BoringSSL 4c40531: perlasm/x86_64-xlate.pl: typo fix in comment.
2017-03-27 11:53:31 -10:00
Brian Smith
60342f5320
Merge BoringSSL cb1b333: x86_64 assembly pack: Win64 SEH face-lift.
2017-03-27 11:53:07 -10:00
Brian Smith
727d05a993
Ignore BoringSSL 5960a90^..dc90e39.
2017-03-27 10:48:28 -10:00
Brian Smith
96699831fa
Take BoringSSL 0f28691: Fix a few typos.
2017-03-27 10:48:08 -10:00
Brian Smith
6ddc0aac16
Ignore BoringSSL 83a3212^..26e1ff3.
2017-03-27 10:47:48 -10:00
Brian Smith
a3ef5f1ad8
Merge BoringSSL 004bff3: chacha/asm/chacha-x86_64.pl: add AVX512 path optimized for shorter inputs.
2017-03-27 10:46:53 -10:00
Brian Smith
7a9fc07128
Take BoringSSL cf9a98c: x86 assembly pack: update performance results.
2017-03-27 10:43:55 -10:00
Brian Smith
739c1bd647
Take BoringSSL 51079b4: x86_64 assembly pack: add AVX512 ChaCha20 path.
2017-03-27 10:43:33 -10:00
Brian Smith
42222f722d
Take BoringSSL b99dc55: chacha/asm/chacha-x86.pl: improve [backward] portability.
2017-03-27 10:43:10 -10:00
Brian Smith
25c198ec05
Take BoringSSL 5ca18d8: chacha-x86.pl: simplify feature setting.
2017-03-27 10:42:54 -10:00
Brian Smith
399bdf43ea
Take BoringSSL 766a6fd: Revert "OpenSSL: make final reduction in Montgomery multiplication constant-time."
2017-03-27 10:42:07 -10:00
Brian Smith
a98860e5ad
Merge BoringSSL 0bf9d6d: bn/asm/x86[_64]-mont*.pl: implement slightly alternative page-walking.
2017-03-27 10:40:29 -10:00
Brian Smith
696434c304
Merge BoringSSL ff7fb71: x86_64 assembly pack: add Goldmont performance results.
2017-03-27 10:30:20 -10:00
Brian Smith
138326b33b
Merge BoringSSL 952f7bf: Spelling fixes in Perl files.
2017-03-27 10:29:53 -10:00
Brian Smith
a5b1572277
Merge BoringSSL 86c0692: Skylake performance results.
2017-03-27 10:27:53 -10:00
Brian Smith
b06f8b5f4a
Merge BoringSSL c948d46: Remove trailing whitespace from Perl files.
2017-03-27 10:27:30 -10:00
Brian Smith
a60d5ed7da
Take BoringSSL 073a06d: On Windows, page walking is known as __chkstk.
2017-03-27 10:22:23 -10:00
Brian Smith
7f5b3e2105
Take BoringSSL b834450: Explain *cough*-dows.
2017-03-27 10:22:05 -10:00
Brian Smith
cdbcced0e2
Take BoringSSL edcd8fd: bn/asm/x86[_64]-mont*.pl: complement alloca with page-walking.
2017-03-27 10:21:38 -10:00
Brian Smith
3012942032
Take BoringSSL 689eb3d: x86_64-xlate.pl: import fix(?) from upstream.
2017-03-27 10:21:17 -10:00
Brian Smith
c55ade121f
Take BoringSSL 9ad43cb: x86_64-xlate.pl: drop some whitespace.
2017-03-27 10:21:00 -10:00
Brian Smith
e9b19705ca
Take BoringSSL 9be3238: perlasm/x86_64-xlate.pl: recognize DWARF CFI directives.
2017-03-27 10:20:44 -10:00
Brian Smith
afad3d9fad
Ignore BoringSSL 7d7554b^..16b1b1d.
2017-03-27 10:20:24 -10:00
Brian Smith
12c07951fd
Take BoringSSL 949628a: perlasm/x86_64-xlate.pl: remove obsolete .picmeup synthetic directive.
2017-03-27 10:17:30 -10:00
Brian Smith
1a2695b684
Take BoringSSL 2512663: perlasm/x86_64-xlate.pl: minor readability updates.
2017-03-27 10:17:10 -10:00
Brian Smith
19e79e42bf
Take BoringSSL 3149979: perlasm/x86_64-xlate.pl: clarify SEH coding guidelines.
2017-03-27 10:16:49 -10:00
Brian Smith
9e34b1b194
Take BoringSSL 4229d26: perlasm/x86_64-xlate.pl: add support for AVX512 OPMASK-ing.
2017-03-27 10:16:31 -10:00
Brian Smith
f98730530c
Ignore BoringSSL c68e5b9^..137e2f8.
2017-03-27 10:16:01 -10:00
Brian Smith
069fbf850e
Skip BoringSSL 6445391: chacha20_poly1305_x86_64.pl: Suppress Yasm non-local label warnings.
2017-03-27 10:14:43 -10:00
Brian Smith
f53cfad9e5
Ignore BoringSSL 5fa2cdf^..dc8c1d9.
2017-03-27 10:13:52 -10:00
Brian Smith
d4fa5cac26
Take BoringSSL 772a5be: Reorder the X25519 ladderstep stack frame on x86-64.
2017-03-27 10:10:34 -10:00
Brian Smith
dab5883bfb
Ignore BoringSSL 6342111^..8671c47.
2017-03-27 10:10:08 -10:00
Brian Smith
3a7773213e
Merge BoringSSL 5c9d411: Fix some compact unwind errors.
...
*ring* doesn't have chacha20_poly1305_x86_64.pl, so just merge the
change to x25519-asm-x86_64.S.
2017-03-27 10:09:28 -10:00
Brian Smith
f44e1a4fa8
Ignore BoringSSL 7cd0a97^..17b3083.
2017-03-27 10:01:17 -10:00
Brian Smith
32e6052252
Add note about GFp_x25519_x86_64()
incompatibility with Windows.
2017-03-27 10:00:35 -10:00
Brian Smith
580b802e14
Merge BoringSSL 3f38d80: Add CFI information to the x86-64 X25519 asm.
...
See important follow-ups.
2017-03-27 09:58:58 -10:00
Brian Smith
13eb0a7846
Ignore BoringSSL '8c2480f'.
2017-03-27 09:41:52 -10:00
Brian Smith
3919cd7f1f
Skip test_large_digest_sha1
test on ARM Android to prevent timeouts.
...
The test is too slow and causes timeouts on Travis CI. The test is
testing cross-platform logic that rarely changes, so it should be OK to
rely on the results of running this test on other targets.
2017-03-27 09:25:57 -10:00
Brian Smith
82784ad5db
Automatically determine encodings of products in ring::ec::suite_b
.
2017-03-26 21:08:39 -10:00
Brian Smith
ea6d63b5c7
Use Encoding
, not ReductionEncoding
, as E
bound in ring::ec::suite_b
.
...
Not every encoding is a `ReductionEncoding`, though it happens that
every encoding actually in `ring::ec::suite_b` is one. This doesn't
have any semantic effect.
2017-03-26 21:06:29 -10:00
Brian Smith
e3c0e990da
Abstract calculation of an unary op from a binary op in ring::ec::suite_b
.
2017-03-26 19:30:53 -10:00
Brian Smith
eae407d33f
Factor out Elem
construction in ring::ec::suite_b
.
...
Previously the functions `rab()` and friends operated on limb slices
so they could be polymorphic over `Scalar`, `ScalarMont`, `Elem`, and
`ElemDecoded` when those types were unrelated. Now those types are all
defined in terms of `ring::ec::suite_b::ops::elem::Elem` so we can
improve this.
Replace the short mnemonic names with longer more descriptive names.
2017-03-26 19:30:02 -10:00
Brian Smith
40eb673645
Clarify unreduced Elems
are only used in one place in ring::ec::suite_b
.
...
Now that all the (paranoia-driven) confusion regarding partial
reductions has been resolved, there's only one place where we
actually have to deal with partially-reduced inputs in
`ring::ec::suite_b`: When converting a (truncated) digest to a
scalar in ECDSA. Make that clearer by moving the logic to the function
that does the digest to scalar conversion.
2017-03-26 17:58:02 -10:00
Brian Smith
f3df7e3722
Avoid unnecessary reduction in ring::ec::suite_b
's elem_mul_mixed()
.
...
This one remaining unnecessary reduction was due to the fact that
`elem_mul_mixed()` wasn't implemented in terms of `elem_reduced()`.
2017-03-26 17:57:19 -10:00
Brian Smith
785111edd9
Remove now-unnecessary elem_reduced()
in ring::ec::suite_b
.
...
These reductions aren't necessary because all field element arithmetic
is now fully reduced.
2017-03-26 17:17:15 -10:00
Brian Smith
90589ca082
Replace ScalarMont
with Scalar<R> = Elem<N, R>
in ring::ec::suite_b.
2017-03-26 15:36:55 -10:00
Brian Smith
6e015c6356
Simplify ECC scalar multiplication code.
...
Originally there was a concern that nistz256 scalar multiplication
didn't fully reduce its output, but that concern turned out to be
a misunderstanding. Simplify the code accordingly.
2017-03-26 15:36:54 -10:00
Brian Smith
94d9b0eec7
Add P-256 scalar Montgomery squaring tests.
2017-03-26 15:36:53 -10:00
Brian Smith
1c42454155
Automatically test inverse of ECC element negation.
...
This makes the “elem_neg” tests similar in structure to the other
related tests, and makes the input file shorter.
2017-03-26 15:36:53 -10:00