yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,672 Commits 2 Branches 0 Tags
Commit Graph

5484 Commits

Author SHA1 Message Date
Ulrich Weigand
079a4faef6 Support big-endian platforms 2023-10-01 14:33:16 -07:00
Brian Smith
7bd536e9df Replicate BoringSSL's test for constant_time_conditional_memxor. 2023-09-30 13:40:06 -07:00
Brian Smith
4581b6fee7 Merge BoringSSL 'bd20800': Add a comment for what compiler_test.cc is about 
Try to support more than what BoringSSL does w.r.t. aliasing pointers.
 2023-09-29 17:59:31 -07:00
Brian Smith
8bc545d482 Take BoringSSL '764e6a3': Stop rewriting ret to repz ret on x86_64 2023-09-29 17:45:57 -07:00
Brian Smith
0d8ff226ea Take BoringSSL '9f4cad2': Fix typo in .size directives for aesni_gcm_encrypt. 2023-09-29 17:39:19 -07:00
Brian Smith
2f9969b9aa Merge BoringSSL '7ce5d41': Select SHA-256 vs SHA-512 explicitly in perlasm. 2023-09-29 17:27:53 -07:00
Brian Smith
58758d3a0d Merge BoringSSL 'd43fef7': Fix aarch64 build with GCC 2023-09-29 17:12:06 -07:00
Brian Smith
78c62f91df Merge BoringSSL '9fc1c33': Add Intel Indirect Branch Tracking support. 2023-09-29 17:08:34 -07:00
Brian Smith
00da1cb1f7 Merge BoringSSL 'a905bbb': Consistently include BTI markers in every assembly file 2023-09-29 14:52:41 -07:00
David Benjamin
bd20800c22 Add a comment for what compiler_test.cc is about 
It's probably worth explaining in a comment that this is about
implementation-defined behavior, and why we consider it okay to make
assumptions like uint8_t == unsigned char.

Change-Id: Ia35248aef7895b0998831b6bac06993e845e6297
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/63285
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
 2023-09-29 19:14:27 +00:00
Brian Smith
b78f7deffb Merge BoringSSL '3f680b0': Remove a layer of indirection from fiat curve25519 assembly 2023-09-29 12:13:26 -07:00
Brian Smith
0a12e31e02 Partial merge of BoringSSL '9d4f833': Use ADX asm for Curve25519 base-point multiplication. 
Add the code but don't plumb it in.
 2023-09-29 12:10:32 -07:00
Brian Smith
e0948076a5 Partial merge of BoringSSL '43f8891': Add saturated X25519 for x86_64+ADX running Linux 
Add the new code but don't plumb it in yet.
 2023-09-29 12:04:04 -07:00
Brian Smith
c274480f40 NFC: Remove more unused constant-time utilities. 2023-09-29 11:54:54 -07:00
Brian Smith
2e6d759e56 NFC: Remove dead code from syncing with BoringSSL. 
*ring* doesn't use the BoringSSL code that uses these constant-time
utilities.
 2023-09-29 10:30:01 -07:00
Brian Smith
7b59320e3e Merge BoringSSL 'd605df5': Use packed representation for large Curve25519 table 2023-09-28 19:58:53 -07:00
Brian Smith
2d8fbe09e9 Import currently-unused utilities in crypto/internal.h 
Bring these in as they were in 4a0393fcf37d7dbd090a5bb2293601a9ec7605da.
The next merge will modify these.
 2023-09-28 18:14:14 -07:00
Brian Smith
2270dc6943 Rename crypto_word back to crypto_word_t. 
Originally I was trying to be pedantic and avoid any use of `_t`-
suffixed names. However, this hasn't really accomplished anything
except annoying me, so just do what BoringSSL does.
 2023-09-28 18:11:05 -07:00
Brian Smith
03de1fa014 Merge BoringSSL '55b069d': Add a value barrier when checking for point doubling. 2023-09-28 17:43:49 -07:00
Brian Smith
30171c0829 Partial merge of BoringSSL 'da757e6': Add constant-time validation for curve25519. 
Don't add the constant-time validation tests since we need to develop the
framework for it first.

Do add the public-from-private test.
 2023-09-28 17:30:25 -07:00
Brian Smith
e17b48df3c Take BoringSSL '5fcd47d': Add prefetch to aes_hw_ctr32_encrypt_blocks. 2023-09-28 17:09:39 -07:00
Brian Smith
14142649d3 Merge BoringSSL '62f9751': Don't make assumptions about GCM128_CONTEXT layout in aesni-gcm-x86_64.pl. 2023-09-28 16:57:34 -07:00
Brian Smith
1d14b3de74 Partial merge of BoringSSL 'a7f83c4': Don't make assumptions about GCM128_CONTEXT layout in aesv8-gcm-armv8.pl. 
This is modifying not-yet-used code.
 2023-09-28 16:18:31 -07:00
Brian Smith
183332021f Merge BoringSSL 'ece1f86': Re-add go:build ignore lines 2023-09-28 14:33:29 -07:00
Brian Smith
6e85944940 Merge BoringSSL 'aa31748': Generate 64-bit Curve25519 and P256 code for MSVC 2023-09-28 14:28:33 -07:00
Brian Smith
88331f0737 Take BoringSSL 'abb9af8': Work around a NASM bug. 2023-09-28 12:42:21 -07:00
Brian Smith
c833ff64f9 Merge BoringSSL 'ebd43ef': Move data from .text to .rodata on x86_64 2023-09-28 12:38:20 -07:00
Brian Smith
7dcdf3cf13 Merge BoringSSL 'e18ba27': Move constants from .text to .rodata on aarch64. 2023-09-28 12:35:08 -07:00
Brian Smith
0671a90267 Partial merge of BoringSSL 'd1b4516': Add bn_add_words and bn_sub_words assembly for aarch64. 
Bring in the new code as we'll likely use it soon, but not now.

Merged as-is except with the "arm_arch.h" include changed to what we need.
 2023-09-28 12:05:52 -07:00
Brian Smith
8166b6855f Merge BoringSSL '53b876a'. 
The *ring* counterpart to `copy_from_prebuf` is `LIMBS_select_512_32`
which is already written very (too?) conservatively w.r.t. compiler-
introduced side channels. I inspected the generated code before/after
adding additional `value_barrier_w` and it made no difference.
 2023-09-28 11:47:45 -07:00
Brian Smith
a02e49b0b0 Use ring-core/arm_arch.h in aesv8-gcm-armv8.pl. 
The code isn't used yet but we should avoid the openssl/ include before
we forget it is there.
 2023-09-28 10:44:07 -07:00
Brian Smith
78b0af8531 Take BoringSSL 'a43c76d': Work around nasm bug with empty assembly files 2023-09-27 22:48:05 -07:00
Brian Smith
f1668276c8 Merge BoringSSL '0d5b608': Maintain a frame pointer in aesni-gcm-x86_64.pl and add SEH unwind codes 2023-09-27 22:46:28 -07:00
Brian Smith
2653466c80 Take BoringSSL 'ae1546b': Convert ghash-x86_64.pl to new directives. 2023-09-27 22:43:45 -07:00
Brian Smith
2eccbdf001 Merge BoringSSL 'c556ee9': Add initial support for SEH directives in x86_64 perlasm. 2023-09-27 22:43:26 -07:00
Brian Smith
29ae0f1806 Merge BoringSSL 'aa18fe2': Indent DB lines in x86_64 NASM output. 2023-09-27 22:41:37 -07:00
Brian Smith
b0afb00eb8 Partial merge of BoringSSL 'c6e3780': Add optimised Aarch64 GCM. 
Bring in the new assembly language code but do not start using it yet.
The changes to enable it will be done later.
 2023-09-27 22:40:18 -07:00
Brian Smith
a6ff12be89 Take BoringSSL '90e3b6e': Add prefetch to aesni_ctr32_ghash_6x. 2023-09-27 21:17:23 -07:00
Brian Smith
c82566dea0 Merge BoringSSL 'cdccbe1': Fully condition all assembly files. 2023-09-27 21:15:24 -07:00
Brian Smith
8020c1b634 Tests: Move bigint tests to where BoringSSL puts them. 
BoringSSL split up there bn_tests.txt into multiple files, which we had
done previously. Prepare to merge that BoringSSL change by putting the
test input files in the same places.
 2023-09-26 19:39:52 -07:00
David Benjamin
764e6a319b Stop rewriting ret to repz ret on x86_64 
This is an old workaround from the AMD K8 days. GCC stopped doing it for
their generic output in 2017.
https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=4ca47ced33cc0d6f9e336930d628a6fdbf22f6e2

b/65150507#comment2 says LLVM has never done it.

We can retire this now and recover a small handful of bytes.

Change-Id: I37ef47038b6b3a1a7500bcea8cbd1beefc83121c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/63205
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
 2023-09-26 19:51:28 +00:00
Brian Smith
9e93637357 Merge BoringSSL 'e0bb21b': Update x86_64-mont5.pl and RSAZ comments a bit. 2023-09-24 15:49:52 -07:00
Brian Smith
6678808009 Merge BoringSSL '7ac94aa': More -Wshorten-64-to-32 fixes. 2023-09-24 15:43:35 -07:00
Brian Smith
20b1810a3b Merge BoringSSL '0faffc7': Fix the comment in ecp_nistz256_ord_sqr_mont to match code and prototype. 2023-09-24 15:40:07 -07:00
Brian Smith
97a526c010 Merge BoringSSL '1b2b7b2': Various -Wshorten-64-to-32 fixes. 2023-09-24 15:31:41 -07:00
Brian Smith
75d34bc1a8 Merge BoringSSL 7b2795a: Replace even more ad-hoc bytes/integer conversions. 2023-09-24 15:26:51 -07:00
Brian Smith
5233928eb9 Take BoringSSL '0378578': Dedup a few more load/store implementations. 2023-09-23 15:48:18 -07:00
Brian Smith
6ccdf7bd12 Merge BoringSSL '6c2af68': Remove a few more unions. 2023-09-23 15:12:24 -07:00
David Benjamin
584f1e1016 Cherry-pick BoringSSL ca45987: Move load/store helpers to crypto/internal.h. 
These are needed for the next merge from BoringSSL.
 2023-09-23 15:03:59 -07:00
Brian Smith
f812f37aba Merge commit '0f2c55cb748651833af247bbed43e' into b/merge-boringssl-9. 
Take the changes from BoringSSL, except use `limbs_copy` and `limbs_zero`.
 2023-09-18 17:53:44 -07:00