2015-08-25 02:03:17 +01:00
|
|
|
include_directories(../include)
|
2014-06-20 20:00:00 +01:00
|
|
|
|
2017-06-06 16:25:35 +01:00
|
|
|
if(NOT OPENSSL_NO_ASM)
|
|
|
|
if(UNIX)
|
2018-08-10 16:30:55 +01:00
|
|
|
if(${ARCH} STREQUAL "aarch64")
|
2017-06-06 16:25:35 +01:00
|
|
|
# The "armx" Perl scripts look for "64" in the style argument
|
|
|
|
# in order to decide whether to generate 32- or 64-bit asm.
|
2018-08-10 16:30:55 +01:00
|
|
|
if(APPLE)
|
2017-06-06 16:25:35 +01:00
|
|
|
set(PERLASM_STYLE ios64)
|
|
|
|
else()
|
|
|
|
set(PERLASM_STYLE linux64)
|
|
|
|
endif()
|
2018-08-10 16:30:55 +01:00
|
|
|
elseif(${ARCH} STREQUAL "arm")
|
|
|
|
if(APPLE)
|
2017-06-06 16:25:35 +01:00
|
|
|
set(PERLASM_STYLE ios32)
|
|
|
|
else()
|
|
|
|
set(PERLASM_STYLE linux32)
|
|
|
|
endif()
|
2018-08-10 16:30:55 +01:00
|
|
|
elseif(${ARCH} STREQUAL "ppc64le")
|
2017-06-06 16:25:35 +01:00
|
|
|
set(PERLASM_STYLE linux64le)
|
2017-04-07 04:26:04 +01:00
|
|
|
else()
|
2018-08-10 16:30:55 +01:00
|
|
|
if(${ARCH} STREQUAL "x86")
|
2017-06-06 16:25:35 +01:00
|
|
|
set(PERLASM_FLAGS "-fPIC -DOPENSSL_IA32_SSE2")
|
|
|
|
endif()
|
2018-08-10 16:30:55 +01:00
|
|
|
if(APPLE)
|
2017-06-06 16:25:35 +01:00
|
|
|
set(PERLASM_STYLE macosx)
|
|
|
|
else()
|
|
|
|
set(PERLASM_STYLE elf)
|
|
|
|
endif()
|
|
|
|
endif()
|
|
|
|
set(ASM_EXT S)
|
|
|
|
enable_language(ASM)
|
|
|
|
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
|
|
|
|
|
|
|
|
# Clang's integerated assembler does not support debug symbols.
|
|
|
|
if(NOT CMAKE_ASM_COMPILER_ID MATCHES "Clang")
|
|
|
|
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,-g")
|
2017-04-07 04:26:04 +01:00
|
|
|
endif()
|
2017-06-06 16:25:35 +01:00
|
|
|
|
|
|
|
# CMake does not add -isysroot and -arch flags to assembly.
|
2018-08-10 16:30:55 +01:00
|
|
|
if(APPLE)
|
|
|
|
if(CMAKE_OSX_SYSROOT)
|
2017-10-02 20:09:04 +01:00
|
|
|
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -isysroot \"${CMAKE_OSX_SYSROOT}\"")
|
2017-06-06 16:25:35 +01:00
|
|
|
endif()
|
|
|
|
foreach(arch ${CMAKE_OSX_ARCHITECTURES})
|
|
|
|
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -arch ${arch}")
|
|
|
|
endforeach()
|
2017-04-07 04:26:04 +01:00
|
|
|
endif()
|
2015-01-29 00:37:10 +00:00
|
|
|
else()
|
2018-08-10 16:30:55 +01:00
|
|
|
if(${ARCH} STREQUAL "x86_64")
|
2017-06-06 16:25:35 +01:00
|
|
|
set(PERLASM_STYLE nasm)
|
2017-04-07 04:26:04 +01:00
|
|
|
else()
|
2017-06-06 16:25:35 +01:00
|
|
|
set(PERLASM_STYLE win32n)
|
|
|
|
set(PERLASM_FLAGS "-DOPENSSL_IA32_SSE2")
|
2017-04-07 04:26:04 +01:00
|
|
|
endif()
|
2018-11-25 21:58:02 +00:00
|
|
|
set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -gcv8")
|
2017-05-10 16:52:23 +01:00
|
|
|
|
2017-06-06 16:25:35 +01:00
|
|
|
# On Windows, we use the NASM output, specifically built with Yasm.
|
|
|
|
set(ASM_EXT asm)
|
|
|
|
enable_language(ASM_NASM)
|
2017-04-07 04:26:04 +01:00
|
|
|
endif()
|
2014-06-20 20:00:00 +01:00
|
|
|
endif()
|
|
|
|
|
|
|
|
function(perlasm dest src)
|
2018-09-06 16:36:13 +01:00
|
|
|
get_filename_component(dir ${dest} DIRECTORY)
|
|
|
|
if ("${dir}" STREQUAL "")
|
|
|
|
set(dir ".")
|
|
|
|
endif()
|
|
|
|
|
2015-01-29 00:37:10 +00:00
|
|
|
add_custom_command(
|
|
|
|
OUTPUT ${dest}
|
2018-09-06 16:36:13 +01:00
|
|
|
COMMAND ${CMAKE_COMMAND} -E make_directory ${dir}
|
2016-06-26 18:18:50 +01:00
|
|
|
COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/${src} ${PERLASM_STYLE} ${PERLASM_FLAGS} ${ARGN} ${dest}
|
2015-01-29 00:37:10 +00:00
|
|
|
DEPENDS
|
|
|
|
${src}
|
2015-04-20 18:25:46 +01:00
|
|
|
${PROJECT_SOURCE_DIR}/crypto/perlasm/arm-xlate.pl
|
2016-09-23 20:47:24 +01:00
|
|
|
${PROJECT_SOURCE_DIR}/crypto/perlasm/ppc-xlate.pl
|
2015-01-29 00:37:10 +00:00
|
|
|
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86_64-xlate.pl
|
|
|
|
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86asm.pl
|
|
|
|
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86gas.pl
|
|
|
|
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86masm.pl
|
|
|
|
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86nasm.pl
|
|
|
|
WORKING_DIRECTORY .
|
|
|
|
)
|
2014-06-20 20:00:00 +01:00
|
|
|
endfunction()
|
|
|
|
|
2017-04-04 22:21:43 +01:00
|
|
|
add_subdirectory(fipsmodule)
|
2018-09-05 22:40:13 +01:00
|
|
|
add_subdirectory(test)
|
2017-04-04 22:21:43 +01:00
|
|
|
|
2017-05-17 21:05:50 +01:00
|
|
|
if(FIPS_DELOCATE)
|
2017-04-04 22:21:43 +01:00
|
|
|
SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES EXTERNAL_OBJECT true)
|
|
|
|
SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES GENERATED true)
|
|
|
|
|
|
|
|
set(
|
|
|
|
CRYPTO_FIPS_OBJECTS
|
|
|
|
|
|
|
|
fipsmodule/bcm.o
|
|
|
|
)
|
|
|
|
endif()
|
|
|
|
|
2018-09-05 21:31:48 +01:00
|
|
|
if(${ARCH} STREQUAL "arm")
|
|
|
|
set(
|
|
|
|
CRYPTO_ARCH_SOURCES
|
|
|
|
|
|
|
|
chacha/chacha-armv4.${ASM_EXT}
|
|
|
|
curve25519/asm/x25519-asm-arm.S
|
|
|
|
poly1305/poly1305_arm_asm.S
|
2019-01-07 20:29:48 +00:00
|
|
|
test/trampoline-armv4.${ASM_EXT}
|
2018-09-05 21:31:48 +01:00
|
|
|
)
|
|
|
|
endif()
|
|
|
|
|
|
|
|
if(${ARCH} STREQUAL "aarch64")
|
|
|
|
set(
|
|
|
|
CRYPTO_ARCH_SOURCES
|
|
|
|
|
|
|
|
chacha/chacha-armv8.${ASM_EXT}
|
2019-02-02 00:25:07 +00:00
|
|
|
test/trampoline-armv8.${ASM_EXT}
|
Add support for SIKE/p503 post-quantum KEM
Based on Microsoft's implementation available on github:
Source: https://github.com/Microsoft/PQCrypto-SIDH
Commit: 77044b76181eb61c744ac8eb7ddc7a8fe72f6919
Following changes has been applied
* In intel assembly, use MOV instead of MOVQ:
Intel instruction reference in the Intel Software Developer's Manual
volume 2A, the MOVQ has 4 forms. None of them mentions moving
literal to GPR, hence "movq $rax, 0x0" is wrong. Instead, on 64bit
system, MOV can be used.
* Some variables were wrongly zero-initialized (as per C99 spec)
* Move constant values to .RODATA segment, as keeping them in .TEXT
segment is not compatible with XOM.
* Fixes issue in arm64 code related to the fact that compiler doesn't
reserve enough space for the linker to relocate address of a global
variable when used by 'ldr' instructions. Solution is to use 'adrp'
followed by 'add' instruction. Relocations for 'adrp' and 'add'
instructions is generated by prefixing the label with :pg_hi21:
and :lo12: respectively.
* Enable MULX and ADX. Code from MS doesn't support PIC. MULX can't
reference global variable directly. Instead RIP-relative addressing
can be used. This improves performance around 10%-13% on SkyLake
* Check if CPU supports BMI2 and ADOX instruction at runtime. On AMD64
optimized implementation of montgomery multiplication and reduction
have 2 implementations - faster one takes advantage of BMI2
instruction set introduced in Haswell and ADOX introduced in
Broadwell. Thanks to OPENSSL_ia32cap_P it can be decided at runtime
which implementation to choose. As CPU configuration is static by
nature, branch predictor will be correct most of the time and hence
this check very often has no cost.
* Reuse some utilities from boringssl instead of reimplementing them.
This includes things like:
* definition of a limb size (use crypto_word_t instead of digit_t)
* use functions for checking in constant time if value is 0 and/or
less then
* #define's used for conditional compilation
* Use SSE2 for conditional swap on vector registers. Improves
performance a little bit.
* Fix f2elm_t definition. Code imported from MSR defines f2elm_t type as
a array of arrays. This decays to a pointer to an array (when passing
as an argument). In C, one can't assign const pointer to an array with
non-const pointer to an array. Seems it violates 6.7.3/8 from C99
(same for C11). This problem occures in GCC 6, only when -pedantic
flag is specified and it occures always in GCC 4.9 (debian jessie).
* Fix definition of eval_3_isog. Second argument in eval_3_isog mustn't be
const. Similar reason as above.
* Use HMAC-SHA256 instead of cSHAKE-256 to avoid upstreaming cSHAKE
and SHA3 code.
* Add speed and unit tests for SIKE.
Change-Id: I22f0bb1f9edff314a35cd74b48e8c4962568e330
2019-03-06 18:19:25 +00:00
|
|
|
../third_party/sike/asm/fp_arm64_asm.${ASM_EXT}
|
2018-09-05 21:31:48 +01:00
|
|
|
)
|
|
|
|
endif()
|
|
|
|
|
|
|
|
if(${ARCH} STREQUAL "x86")
|
|
|
|
set(
|
|
|
|
CRYPTO_ARCH_SOURCES
|
|
|
|
|
|
|
|
chacha/chacha-x86.${ASM_EXT}
|
2019-01-26 17:29:08 +00:00
|
|
|
test/trampoline-x86.${ASM_EXT}
|
2018-09-05 21:31:48 +01:00
|
|
|
)
|
|
|
|
endif()
|
|
|
|
|
|
|
|
if(${ARCH} STREQUAL "x86_64")
|
|
|
|
set(
|
|
|
|
CRYPTO_ARCH_SOURCES
|
|
|
|
|
|
|
|
chacha/chacha-x86_64.${ASM_EXT}
|
|
|
|
cipher_extra/aes128gcmsiv-x86_64.${ASM_EXT}
|
|
|
|
cipher_extra/chacha20_poly1305_x86_64.${ASM_EXT}
|
2018-11-12 21:53:42 +00:00
|
|
|
hrss/asm/poly_rq_mul.S
|
Add an ABI testing framework.
Dear reader, I must apologize in advance. This CL contains the following:
- A new 256-line perlasm file with non-trivial perl bits and a dual-ABI
variadic function caller.
- C preprocessor gymnastics, with variadic macros and fun facts about
__VA_ARGS__'s behavior on empty argument lists.
- C++ template gymnastics, including variadic arguments, template
specialization, std::enable_if, and machinery to control template argument
deduction.
Enjoy.
This tests that our assembly functions correctly honor platform ABI
conventions. Right now this only tests callee-saved registers, but it should be
extendable to SEH/CFI unwind testing with single-step debugging APIs.
Register-checking does not involve anything funny and should be compatible with
SDE. (The future unwind testing is unlikely to be compatible.)
This CL adds support for x86_64 SysV and Win64 ABIs. ARM, AArch64, and x86 can
be added in the future. The testing is injected in two places. First, all the
assembly tests in p256-x86_64-test.cc are now instrumented. This is the
intended workflow and should capture all registers.
However, we currently do not unit-test our assembly much directly. We should do
that as follow-up work[0] but, in the meantime, I've also wrapped all of the GTest
main function in an ABI test. This is imperfect as ABI failures may be masked
by other stack frames, but it costs nothing[1] and is pretty reliable at
catching Win64 xmm register failures.
[0] An alternate strategy would be, in debug builds, unconditionally instrument
every assembly call in libcrypto. But the CHECK_ABI macro would be difficult to
replicate in pure C, and unwind testing may be too invasive for this. Still,
something to consider when we C++ libcrypto.
[1] When single-stepped unwind testing exists, it won't cost nothing. The
gtest_main.cc call will turn unwind testing off.
Change-Id: I6643b26445891fd46abfacac52bc024024c8d7f6
Reviewed-on: https://boringssl-review.googlesource.com/c/33764
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
2018-12-16 00:58:43 +00:00
|
|
|
test/trampoline-x86_64.${ASM_EXT}
|
Add support for SIKE/p503 post-quantum KEM
Based on Microsoft's implementation available on github:
Source: https://github.com/Microsoft/PQCrypto-SIDH
Commit: 77044b76181eb61c744ac8eb7ddc7a8fe72f6919
Following changes has been applied
* In intel assembly, use MOV instead of MOVQ:
Intel instruction reference in the Intel Software Developer's Manual
volume 2A, the MOVQ has 4 forms. None of them mentions moving
literal to GPR, hence "movq $rax, 0x0" is wrong. Instead, on 64bit
system, MOV can be used.
* Some variables were wrongly zero-initialized (as per C99 spec)
* Move constant values to .RODATA segment, as keeping them in .TEXT
segment is not compatible with XOM.
* Fixes issue in arm64 code related to the fact that compiler doesn't
reserve enough space for the linker to relocate address of a global
variable when used by 'ldr' instructions. Solution is to use 'adrp'
followed by 'add' instruction. Relocations for 'adrp' and 'add'
instructions is generated by prefixing the label with :pg_hi21:
and :lo12: respectively.
* Enable MULX and ADX. Code from MS doesn't support PIC. MULX can't
reference global variable directly. Instead RIP-relative addressing
can be used. This improves performance around 10%-13% on SkyLake
* Check if CPU supports BMI2 and ADOX instruction at runtime. On AMD64
optimized implementation of montgomery multiplication and reduction
have 2 implementations - faster one takes advantage of BMI2
instruction set introduced in Haswell and ADOX introduced in
Broadwell. Thanks to OPENSSL_ia32cap_P it can be decided at runtime
which implementation to choose. As CPU configuration is static by
nature, branch predictor will be correct most of the time and hence
this check very often has no cost.
* Reuse some utilities from boringssl instead of reimplementing them.
This includes things like:
* definition of a limb size (use crypto_word_t instead of digit_t)
* use functions for checking in constant time if value is 0 and/or
less then
* #define's used for conditional compilation
* Use SSE2 for conditional swap on vector registers. Improves
performance a little bit.
* Fix f2elm_t definition. Code imported from MSR defines f2elm_t type as
a array of arrays. This decays to a pointer to an array (when passing
as an argument). In C, one can't assign const pointer to an array with
non-const pointer to an array. Seems it violates 6.7.3/8 from C99
(same for C11). This problem occures in GCC 6, only when -pedantic
flag is specified and it occures always in GCC 4.9 (debian jessie).
* Fix definition of eval_3_isog. Second argument in eval_3_isog mustn't be
const. Similar reason as above.
* Use HMAC-SHA256 instead of cSHAKE-256 to avoid upstreaming cSHAKE
and SHA3 code.
* Add speed and unit tests for SIKE.
Change-Id: I22f0bb1f9edff314a35cd74b48e8c4962568e330
2019-03-06 18:19:25 +00:00
|
|
|
../third_party/sike/asm/fp_x64_asm.${ASM_EXT}
|
2018-09-05 21:31:48 +01:00
|
|
|
)
|
|
|
|
endif()
|
|
|
|
|
|
|
|
perlasm(chacha/chacha-armv4.${ASM_EXT} chacha/asm/chacha-armv4.pl)
|
|
|
|
perlasm(chacha/chacha-armv8.${ASM_EXT} chacha/asm/chacha-armv8.pl)
|
|
|
|
perlasm(chacha/chacha-x86.${ASM_EXT} chacha/asm/chacha-x86.pl)
|
|
|
|
perlasm(chacha/chacha-x86_64.${ASM_EXT} chacha/asm/chacha-x86_64.pl)
|
|
|
|
perlasm(cipher_extra/aes128gcmsiv-x86_64.${ASM_EXT} cipher_extra/asm/aes128gcmsiv-x86_64.pl)
|
|
|
|
perlasm(cipher_extra/chacha20_poly1305_x86_64.${ASM_EXT} cipher_extra/asm/chacha20_poly1305_x86_64.pl)
|
2019-01-07 20:29:48 +00:00
|
|
|
perlasm(test/trampoline-armv4.${ASM_EXT} test/asm/trampoline-armv4.pl)
|
2019-02-02 00:25:07 +00:00
|
|
|
perlasm(test/trampoline-armv8.${ASM_EXT} test/asm/trampoline-armv8.pl)
|
2019-01-26 17:29:08 +00:00
|
|
|
perlasm(test/trampoline-x86.${ASM_EXT} test/asm/trampoline-x86.pl)
|
Add an ABI testing framework.
Dear reader, I must apologize in advance. This CL contains the following:
- A new 256-line perlasm file with non-trivial perl bits and a dual-ABI
variadic function caller.
- C preprocessor gymnastics, with variadic macros and fun facts about
__VA_ARGS__'s behavior on empty argument lists.
- C++ template gymnastics, including variadic arguments, template
specialization, std::enable_if, and machinery to control template argument
deduction.
Enjoy.
This tests that our assembly functions correctly honor platform ABI
conventions. Right now this only tests callee-saved registers, but it should be
extendable to SEH/CFI unwind testing with single-step debugging APIs.
Register-checking does not involve anything funny and should be compatible with
SDE. (The future unwind testing is unlikely to be compatible.)
This CL adds support for x86_64 SysV and Win64 ABIs. ARM, AArch64, and x86 can
be added in the future. The testing is injected in two places. First, all the
assembly tests in p256-x86_64-test.cc are now instrumented. This is the
intended workflow and should capture all registers.
However, we currently do not unit-test our assembly much directly. We should do
that as follow-up work[0] but, in the meantime, I've also wrapped all of the GTest
main function in an ABI test. This is imperfect as ABI failures may be masked
by other stack frames, but it costs nothing[1] and is pretty reliable at
catching Win64 xmm register failures.
[0] An alternate strategy would be, in debug builds, unconditionally instrument
every assembly call in libcrypto. But the CHECK_ABI macro would be difficult to
replicate in pure C, and unwind testing may be too invasive for this. Still,
something to consider when we C++ libcrypto.
[1] When single-stepped unwind testing exists, it won't cost nothing. The
gtest_main.cc call will turn unwind testing off.
Change-Id: I6643b26445891fd46abfacac52bc024024c8d7f6
Reviewed-on: https://boringssl-review.googlesource.com/c/33764
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
2018-12-16 00:58:43 +00:00
|
|
|
perlasm(test/trampoline-x86_64.${ASM_EXT} test/asm/trampoline-x86_64.pl)
|
2018-09-05 21:31:48 +01:00
|
|
|
|
2018-09-05 22:40:13 +01:00
|
|
|
add_custom_command(
|
|
|
|
OUTPUT err_data.c
|
|
|
|
COMMAND ${GO_EXECUTABLE} run err_data_generate.go > ${CMAKE_CURRENT_BINARY_DIR}/err_data.c
|
|
|
|
DEPENDS
|
|
|
|
err/err_data_generate.go
|
|
|
|
err/asn1.errordata
|
|
|
|
err/bio.errordata
|
|
|
|
err/bn.errordata
|
|
|
|
err/cipher.errordata
|
|
|
|
err/conf.errordata
|
|
|
|
err/dh.errordata
|
|
|
|
err/digest.errordata
|
|
|
|
err/dsa.errordata
|
|
|
|
err/ecdh.errordata
|
|
|
|
err/ecdsa.errordata
|
|
|
|
err/ec.errordata
|
|
|
|
err/engine.errordata
|
|
|
|
err/evp.errordata
|
|
|
|
err/hkdf.errordata
|
|
|
|
err/obj.errordata
|
|
|
|
err/pem.errordata
|
|
|
|
err/pkcs7.errordata
|
|
|
|
err/pkcs8.errordata
|
|
|
|
err/rsa.errordata
|
|
|
|
err/ssl.errordata
|
|
|
|
err/x509.errordata
|
|
|
|
err/x509v3.errordata
|
|
|
|
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/err
|
|
|
|
)
|
|
|
|
|
2017-04-04 22:21:43 +01:00
|
|
|
add_library(
|
|
|
|
crypto
|
2015-01-29 00:37:10 +00:00
|
|
|
|
2018-09-05 22:40:13 +01:00
|
|
|
asn1/a_bitstr.c
|
|
|
|
asn1/a_bool.c
|
|
|
|
asn1/a_d2i_fp.c
|
|
|
|
asn1/a_dup.c
|
|
|
|
asn1/a_enum.c
|
|
|
|
asn1/a_gentm.c
|
|
|
|
asn1/a_i2d_fp.c
|
|
|
|
asn1/a_int.c
|
|
|
|
asn1/a_mbstr.c
|
|
|
|
asn1/a_object.c
|
|
|
|
asn1/a_octet.c
|
|
|
|
asn1/a_print.c
|
|
|
|
asn1/a_strnid.c
|
|
|
|
asn1/a_time.c
|
|
|
|
asn1/a_type.c
|
|
|
|
asn1/a_utctm.c
|
|
|
|
asn1/a_utf8.c
|
|
|
|
asn1/asn1_lib.c
|
|
|
|
asn1/asn1_par.c
|
|
|
|
asn1/asn_pack.c
|
|
|
|
asn1/f_enum.c
|
|
|
|
asn1/f_int.c
|
|
|
|
asn1/f_string.c
|
|
|
|
asn1/tasn_dec.c
|
|
|
|
asn1/tasn_enc.c
|
|
|
|
asn1/tasn_fre.c
|
|
|
|
asn1/tasn_new.c
|
|
|
|
asn1/tasn_typ.c
|
|
|
|
asn1/tasn_utl.c
|
|
|
|
asn1/time_support.c
|
|
|
|
base64/base64.c
|
|
|
|
bio/bio.c
|
|
|
|
bio/bio_mem.c
|
|
|
|
bio/connect.c
|
|
|
|
bio/fd.c
|
|
|
|
bio/file.c
|
|
|
|
bio/hexdump.c
|
|
|
|
bio/pair.c
|
|
|
|
bio/printf.c
|
|
|
|
bio/socket.c
|
|
|
|
bio/socket_helper.c
|
|
|
|
bn_extra/bn_asn1.c
|
|
|
|
bn_extra/convert.c
|
|
|
|
buf/buf.c
|
|
|
|
bytestring/asn1_compat.c
|
|
|
|
bytestring/ber.c
|
|
|
|
bytestring/cbb.c
|
|
|
|
bytestring/cbs.c
|
|
|
|
bytestring/unicode.c
|
|
|
|
chacha/chacha.c
|
|
|
|
cipher_extra/cipher_extra.c
|
|
|
|
cipher_extra/derive_key.c
|
|
|
|
cipher_extra/e_aesccm.c
|
|
|
|
cipher_extra/e_aesctrhmac.c
|
|
|
|
cipher_extra/e_aesgcmsiv.c
|
|
|
|
cipher_extra/e_chacha20poly1305.c
|
|
|
|
cipher_extra/e_null.c
|
|
|
|
cipher_extra/e_rc2.c
|
|
|
|
cipher_extra/e_rc4.c
|
|
|
|
cipher_extra/e_tls.c
|
|
|
|
cipher_extra/tls_cbc.c
|
|
|
|
cmac/cmac.c
|
|
|
|
conf/conf.c
|
|
|
|
cpu-aarch64-fuchsia.c
|
|
|
|
cpu-aarch64-linux.c
|
|
|
|
cpu-arm-linux.c
|
|
|
|
cpu-arm.c
|
|
|
|
cpu-intel.c
|
|
|
|
cpu-ppc64le.c
|
|
|
|
crypto.c
|
|
|
|
curve25519/spake25519.c
|
|
|
|
dh/dh.c
|
|
|
|
dh/params.c
|
|
|
|
dh/check.c
|
|
|
|
dh/dh_asn1.c
|
|
|
|
digest_extra/digest_extra.c
|
|
|
|
dsa/dsa.c
|
|
|
|
dsa/dsa_asn1.c
|
|
|
|
ecdh_extra/ecdh_extra.c
|
|
|
|
ecdsa_extra/ecdsa_asn1.c
|
|
|
|
ec_extra/ec_asn1.c
|
|
|
|
err/err.c
|
|
|
|
err_data.c
|
|
|
|
engine/engine.c
|
|
|
|
evp/digestsign.c
|
|
|
|
evp/evp.c
|
|
|
|
evp/evp_asn1.c
|
|
|
|
evp/evp_ctx.c
|
|
|
|
evp/p_dsa_asn1.c
|
|
|
|
evp/p_ec.c
|
|
|
|
evp/p_ec_asn1.c
|
|
|
|
evp/p_ed25519.c
|
|
|
|
evp/p_ed25519_asn1.c
|
|
|
|
evp/p_rsa.c
|
|
|
|
evp/p_rsa_asn1.c
|
|
|
|
evp/pbkdf.c
|
|
|
|
evp/print.c
|
|
|
|
evp/scrypt.c
|
|
|
|
evp/sign.c
|
|
|
|
ex_data.c
|
|
|
|
hkdf/hkdf.c
|
2018-11-12 21:53:42 +00:00
|
|
|
hrss/hrss.c
|
2018-09-05 22:40:13 +01:00
|
|
|
lhash/lhash.c
|
|
|
|
mem.c
|
|
|
|
obj/obj.c
|
|
|
|
obj/obj_xref.c
|
|
|
|
pem/pem_all.c
|
|
|
|
pem/pem_info.c
|
|
|
|
pem/pem_lib.c
|
|
|
|
pem/pem_oth.c
|
|
|
|
pem/pem_pk8.c
|
|
|
|
pem/pem_pkey.c
|
|
|
|
pem/pem_x509.c
|
|
|
|
pem/pem_xaux.c
|
|
|
|
pkcs7/pkcs7.c
|
|
|
|
pkcs7/pkcs7_x509.c
|
|
|
|
pkcs8/pkcs8.c
|
|
|
|
pkcs8/pkcs8_x509.c
|
|
|
|
pkcs8/p5_pbev2.c
|
|
|
|
poly1305/poly1305.c
|
|
|
|
poly1305/poly1305_arm.c
|
|
|
|
poly1305/poly1305_vec.c
|
|
|
|
pool/pool.c
|
|
|
|
rand_extra/deterministic.c
|
|
|
|
rand_extra/forkunsafe.c
|
|
|
|
rand_extra/fuchsia.c
|
|
|
|
rand_extra/rand_extra.c
|
|
|
|
rand_extra/windows.c
|
|
|
|
rc4/rc4.c
|
|
|
|
refcount_c11.c
|
|
|
|
refcount_lock.c
|
|
|
|
rsa_extra/rsa_asn1.c
|
|
|
|
rsa_extra/rsa_print.c
|
|
|
|
stack/stack.c
|
|
|
|
thread.c
|
|
|
|
thread_none.c
|
|
|
|
thread_pthread.c
|
|
|
|
thread_win.c
|
|
|
|
x509/a_digest.c
|
|
|
|
x509/a_sign.c
|
|
|
|
x509/a_strex.c
|
|
|
|
x509/a_verify.c
|
|
|
|
x509/algorithm.c
|
|
|
|
x509/asn1_gen.c
|
|
|
|
x509/by_dir.c
|
|
|
|
x509/by_file.c
|
|
|
|
x509/i2d_pr.c
|
|
|
|
x509/rsa_pss.c
|
|
|
|
x509/t_crl.c
|
|
|
|
x509/t_req.c
|
|
|
|
x509/t_x509.c
|
|
|
|
x509/t_x509a.c
|
|
|
|
x509/x509.c
|
|
|
|
x509/x509_att.c
|
|
|
|
x509/x509_cmp.c
|
|
|
|
x509/x509_d2.c
|
|
|
|
x509/x509_def.c
|
|
|
|
x509/x509_ext.c
|
|
|
|
x509/x509_lu.c
|
|
|
|
x509/x509_obj.c
|
|
|
|
x509/x509_r2x.c
|
|
|
|
x509/x509_req.c
|
|
|
|
x509/x509_set.c
|
|
|
|
x509/x509_trs.c
|
|
|
|
x509/x509_txt.c
|
|
|
|
x509/x509_v3.c
|
|
|
|
x509/x509_vfy.c
|
|
|
|
x509/x509_vpm.c
|
|
|
|
x509/x509cset.c
|
|
|
|
x509/x509name.c
|
|
|
|
x509/x509rset.c
|
|
|
|
x509/x509spki.c
|
|
|
|
x509/x_algor.c
|
|
|
|
x509/x_all.c
|
|
|
|
x509/x_attrib.c
|
|
|
|
x509/x_crl.c
|
|
|
|
x509/x_exten.c
|
|
|
|
x509/x_info.c
|
|
|
|
x509/x_name.c
|
|
|
|
x509/x_pkey.c
|
|
|
|
x509/x_pubkey.c
|
|
|
|
x509/x_req.c
|
|
|
|
x509/x_sig.c
|
|
|
|
x509/x_spki.c
|
|
|
|
x509/x_val.c
|
|
|
|
x509/x_x509.c
|
|
|
|
x509/x_x509a.c
|
|
|
|
x509v3/pcy_cache.c
|
|
|
|
x509v3/pcy_data.c
|
|
|
|
x509v3/pcy_lib.c
|
|
|
|
x509v3/pcy_map.c
|
|
|
|
x509v3/pcy_node.c
|
|
|
|
x509v3/pcy_tree.c
|
|
|
|
x509v3/v3_akey.c
|
|
|
|
x509v3/v3_akeya.c
|
|
|
|
x509v3/v3_alt.c
|
|
|
|
x509v3/v3_bcons.c
|
|
|
|
x509v3/v3_bitst.c
|
|
|
|
x509v3/v3_conf.c
|
|
|
|
x509v3/v3_cpols.c
|
|
|
|
x509v3/v3_crld.c
|
|
|
|
x509v3/v3_enum.c
|
|
|
|
x509v3/v3_extku.c
|
|
|
|
x509v3/v3_genn.c
|
|
|
|
x509v3/v3_ia5.c
|
|
|
|
x509v3/v3_info.c
|
|
|
|
x509v3/v3_int.c
|
|
|
|
x509v3/v3_lib.c
|
|
|
|
x509v3/v3_ncons.c
|
|
|
|
x509v3/v3_ocsp.c
|
|
|
|
x509v3/v3_pci.c
|
|
|
|
x509v3/v3_pcia.c
|
|
|
|
x509v3/v3_pcons.c
|
|
|
|
x509v3/v3_pku.c
|
|
|
|
x509v3/v3_pmaps.c
|
|
|
|
x509v3/v3_prn.c
|
|
|
|
x509v3/v3_purp.c
|
|
|
|
x509v3/v3_skey.c
|
|
|
|
x509v3/v3_sxnet.c
|
|
|
|
x509v3/v3_utl.c
|
2018-09-06 15:57:38 +01:00
|
|
|
../third_party/fiat/curve25519.c
|
Add support for SIKE/p503 post-quantum KEM
Based on Microsoft's implementation available on github:
Source: https://github.com/Microsoft/PQCrypto-SIDH
Commit: 77044b76181eb61c744ac8eb7ddc7a8fe72f6919
Following changes has been applied
* In intel assembly, use MOV instead of MOVQ:
Intel instruction reference in the Intel Software Developer's Manual
volume 2A, the MOVQ has 4 forms. None of them mentions moving
literal to GPR, hence "movq $rax, 0x0" is wrong. Instead, on 64bit
system, MOV can be used.
* Some variables were wrongly zero-initialized (as per C99 spec)
* Move constant values to .RODATA segment, as keeping them in .TEXT
segment is not compatible with XOM.
* Fixes issue in arm64 code related to the fact that compiler doesn't
reserve enough space for the linker to relocate address of a global
variable when used by 'ldr' instructions. Solution is to use 'adrp'
followed by 'add' instruction. Relocations for 'adrp' and 'add'
instructions is generated by prefixing the label with :pg_hi21:
and :lo12: respectively.
* Enable MULX and ADX. Code from MS doesn't support PIC. MULX can't
reference global variable directly. Instead RIP-relative addressing
can be used. This improves performance around 10%-13% on SkyLake
* Check if CPU supports BMI2 and ADOX instruction at runtime. On AMD64
optimized implementation of montgomery multiplication and reduction
have 2 implementations - faster one takes advantage of BMI2
instruction set introduced in Haswell and ADOX introduced in
Broadwell. Thanks to OPENSSL_ia32cap_P it can be decided at runtime
which implementation to choose. As CPU configuration is static by
nature, branch predictor will be correct most of the time and hence
this check very often has no cost.
* Reuse some utilities from boringssl instead of reimplementing them.
This includes things like:
* definition of a limb size (use crypto_word_t instead of digit_t)
* use functions for checking in constant time if value is 0 and/or
less then
* #define's used for conditional compilation
* Use SSE2 for conditional swap on vector registers. Improves
performance a little bit.
* Fix f2elm_t definition. Code imported from MSR defines f2elm_t type as
a array of arrays. This decays to a pointer to an array (when passing
as an argument). In C, one can't assign const pointer to an array with
non-const pointer to an array. Seems it violates 6.7.3/8 from C99
(same for C11). This problem occures in GCC 6, only when -pedantic
flag is specified and it occures always in GCC 4.9 (debian jessie).
* Fix definition of eval_3_isog. Second argument in eval_3_isog mustn't be
const. Similar reason as above.
* Use HMAC-SHA256 instead of cSHAKE-256 to avoid upstreaming cSHAKE
and SHA3 code.
* Add speed and unit tests for SIKE.
Change-Id: I22f0bb1f9edff314a35cd74b48e8c4962568e330
2019-03-06 18:19:25 +00:00
|
|
|
../third_party/sike/fpx.c
|
|
|
|
../third_party/sike/isogeny.c
|
|
|
|
../third_party/sike/P503.c
|
|
|
|
../third_party/sike/sike.c
|
|
|
|
../third_party/sike/asm/fp_generic.c
|
2018-09-05 22:40:13 +01:00
|
|
|
|
2017-04-04 22:21:43 +01:00
|
|
|
$<TARGET_OBJECTS:fipsmodule>
|
|
|
|
|
2018-09-05 21:31:48 +01:00
|
|
|
${CRYPTO_ARCH_SOURCES}
|
2017-04-04 22:21:43 +01:00
|
|
|
${CRYPTO_FIPS_OBJECTS}
|
2014-06-20 20:00:00 +01:00
|
|
|
)
|
|
|
|
|
Support symbol prefixes
- In base.h, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols.h
- In all .S files, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols_asm.h
- In base.h, BSSL_NAMESPACE_BEGIN and BSSL_NAMESPACE_END are
defined with appropriate values depending on whether
BORINGSSL_PREFIX is defined; these macros are used in place
of 'namespace bssl {' and '}'
- Add util/make_prefix_headers.go, which takes a list of symbols
and auto-generates the header files mentioned above
- In CMakeLists.txt, if BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS
are defined, run util/make_prefix_headers.go to generate header
files
- In various CMakeLists.txt files, add "global_target" that all
targets depend on to give us a place to hook logic that must run
before all other targets (in particular, the header file generation
logic)
- Document this in BUILDING.md, including the fact that it is
the caller's responsibility to provide the symbol list and keep it
up to date
- Note that this scheme has not been tested on Windows, and likely
does not work on it; Windows support will need to be added in a
future commit
Change-Id: If66a7157f46b5b66230ef91e15826b910cf979a2
Reviewed-on: https://boringssl-review.googlesource.com/31364
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-08-27 02:53:36 +01:00
|
|
|
add_dependencies(crypto global_target)
|
|
|
|
|
2017-05-17 21:05:50 +01:00
|
|
|
if(FIPS_DELOCATE)
|
2017-04-04 22:21:43 +01:00
|
|
|
add_dependencies(crypto bcm_o_target)
|
|
|
|
endif()
|
|
|
|
|
|
|
|
SET_TARGET_PROPERTIES(crypto PROPERTIES LINKER_LANGUAGE C)
|
|
|
|
|
2015-04-29 01:46:58 +01:00
|
|
|
if(NOT MSVC AND NOT ANDROID)
|
2015-04-02 21:47:15 +01:00
|
|
|
target_link_libraries(crypto pthread)
|
|
|
|
endif()
|
|
|
|
|
2018-08-09 21:33:07 +01:00
|
|
|
# Every target depends on crypto, so we add libcxx as a dependency here to
|
|
|
|
# simplify injecting it everywhere.
|
|
|
|
if(USE_CUSTOM_LIBCXX)
|
|
|
|
target_link_libraries(crypto libcxx)
|
|
|
|
endif()
|
|
|
|
|
Do a cursory conversion of a few tests to GTest.
For now, this is the laziest conversion possible. The intent is to just
get the build setup ready so that we can get everything working in our
consumers. The intended end state is:
- The standalone build produces three test targets, one per library:
{crypto,ssl,decrepit}_tests.
- Each FOO_test is made up of:
FOO/**/*_test.cc
crypto/test/gtest_main.cc
test_support
- generate_build_files.py emits variables crypto_test_sources and
ssl_test_sources. These variables are populated with FindCFiles,
looking for *_test.cc.
- The consuming file assembles those variables into the two test targets
(plus decrepit) from there. This avoids having generate_build_files.py
emit actual build rules.
- Our standalone builders, Chromium, and Android just run the top-level
test targets using whatever GTest-based reporting story they have.
In transition, we start by converting one of two tests in each library
to populate the three test targets. Those are added to all_tests.json
and all_tests.go hacked to handle them transparently. This keeps our
standalone builder working.
generate_build_files.py, to start with, populates the new source lists
manually and subtracts them out of the old machinery. We emit both for
the time being. When this change rolls in, we'll write all the build
glue needed to build the GTest-based tests and add it to consumers'
continuous builders.
Next, we'll subsume a file-based test and get the consumers working with
that. (I.e. make sure the GTest targets can depend on a data file.)
Once that's all done, we'll be sure all this will work. At that point,
we start subsuming the remaining tests into the GTest targets and,
asynchronously, rewriting tests to use GTest properly rather than
cursory conversion here.
When all non-GTest tests are gone, the old generate_build_files.py hooks
will be removed, consumers updated to not depend on them, and standalone
builders converted to not rely on all_tests.go, which can then be
removed. (Unless bits end up being needed as a malloc test driver. I'm
thinking we'll want to do something with --gtest_filter.)
As part of this CL, I've bumped the CMake requirements (for
target_include_directories) and added a few suppressions for warnings
that GTest doesn't pass.
BUG=129
Change-Id: I881b26b07a8739cc0b52dbb51a30956908e1b71a
Reviewed-on: https://boringssl-review.googlesource.com/13232
Reviewed-by: Adam Langley <agl@google.com>
2017-01-20 00:05:47 +00:00
|
|
|
add_executable(
|
|
|
|
crypto_test
|
|
|
|
|
Add an ABI testing framework.
Dear reader, I must apologize in advance. This CL contains the following:
- A new 256-line perlasm file with non-trivial perl bits and a dual-ABI
variadic function caller.
- C preprocessor gymnastics, with variadic macros and fun facts about
__VA_ARGS__'s behavior on empty argument lists.
- C++ template gymnastics, including variadic arguments, template
specialization, std::enable_if, and machinery to control template argument
deduction.
Enjoy.
This tests that our assembly functions correctly honor platform ABI
conventions. Right now this only tests callee-saved registers, but it should be
extendable to SEH/CFI unwind testing with single-step debugging APIs.
Register-checking does not involve anything funny and should be compatible with
SDE. (The future unwind testing is unlikely to be compatible.)
This CL adds support for x86_64 SysV and Win64 ABIs. ARM, AArch64, and x86 can
be added in the future. The testing is injected in two places. First, all the
assembly tests in p256-x86_64-test.cc are now instrumented. This is the
intended workflow and should capture all registers.
However, we currently do not unit-test our assembly much directly. We should do
that as follow-up work[0] but, in the meantime, I've also wrapped all of the GTest
main function in an ABI test. This is imperfect as ABI failures may be masked
by other stack frames, but it costs nothing[1] and is pretty reliable at
catching Win64 xmm register failures.
[0] An alternate strategy would be, in debug builds, unconditionally instrument
every assembly call in libcrypto. But the CHECK_ABI macro would be difficult to
replicate in pure C, and unwind testing may be too invasive for this. Still,
something to consider when we C++ libcrypto.
[1] When single-stepped unwind testing exists, it won't cost nothing. The
gtest_main.cc call will turn unwind testing off.
Change-Id: I6643b26445891fd46abfacac52bc024024c8d7f6
Reviewed-on: https://boringssl-review.googlesource.com/c/33764
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
2018-12-16 00:58:43 +00:00
|
|
|
abi_self_test.cc
|
2017-03-05 19:47:16 +00:00
|
|
|
asn1/asn1_test.cc
|
2017-04-17 15:04:39 +01:00
|
|
|
base64/base64_test.cc
|
2017-10-06 23:26:36 +01:00
|
|
|
buf/buf_test.cc
|
2017-03-09 06:13:07 +00:00
|
|
|
bio/bio_test.cc
|
2017-04-12 04:07:13 +01:00
|
|
|
bytestring/bytestring_test.cc
|
2017-02-15 15:33:19 +00:00
|
|
|
chacha/chacha_test.cc
|
2017-05-24 05:50:35 +01:00
|
|
|
cipher_extra/aead_test.cc
|
|
|
|
cipher_extra/cipher_test.cc
|
2017-04-23 16:55:32 +01:00
|
|
|
cmac/cmac_test.cc
|
2017-04-20 18:54:28 +01:00
|
|
|
compiler_test.cc
|
2017-03-16 15:25:20 +00:00
|
|
|
constant_time_test.cc
|
2018-08-31 21:37:56 +01:00
|
|
|
cpu-arm-linux_test.cc
|
2017-05-22 21:33:29 +01:00
|
|
|
curve25519/ed25519_test.cc
|
2017-04-23 17:00:39 +01:00
|
|
|
curve25519/spake25519_test.cc
|
2017-03-01 17:37:35 +00:00
|
|
|
curve25519/x25519_test.cc
|
2018-07-27 22:27:09 +01:00
|
|
|
ecdh_extra/ecdh_test.cc
|
Do a cursory conversion of a few tests to GTest.
For now, this is the laziest conversion possible. The intent is to just
get the build setup ready so that we can get everything working in our
consumers. The intended end state is:
- The standalone build produces three test targets, one per library:
{crypto,ssl,decrepit}_tests.
- Each FOO_test is made up of:
FOO/**/*_test.cc
crypto/test/gtest_main.cc
test_support
- generate_build_files.py emits variables crypto_test_sources and
ssl_test_sources. These variables are populated with FindCFiles,
looking for *_test.cc.
- The consuming file assembles those variables into the two test targets
(plus decrepit) from there. This avoids having generate_build_files.py
emit actual build rules.
- Our standalone builders, Chromium, and Android just run the top-level
test targets using whatever GTest-based reporting story they have.
In transition, we start by converting one of two tests in each library
to populate the three test targets. Those are added to all_tests.json
and all_tests.go hacked to handle them transparently. This keeps our
standalone builder working.
generate_build_files.py, to start with, populates the new source lists
manually and subtracts them out of the old machinery. We emit both for
the time being. When this change rolls in, we'll write all the build
glue needed to build the GTest-based tests and add it to consumers'
continuous builders.
Next, we'll subsume a file-based test and get the consumers working with
that. (I.e. make sure the GTest targets can depend on a data file.)
Once that's all done, we'll be sure all this will work. At that point,
we start subsuming the remaining tests into the GTest targets and,
asynchronously, rewriting tests to use GTest properly rather than
cursory conversion here.
When all non-GTest tests are gone, the old generate_build_files.py hooks
will be removed, consumers updated to not depend on them, and standalone
builders converted to not rely on all_tests.go, which can then be
removed. (Unless bits end up being needed as a malloc test driver. I'm
thinking we'll want to do something with --gtest_filter.)
As part of this CL, I've bumped the CMake requirements (for
target_include_directories) and added a few suppressions for warnings
that GTest doesn't pass.
BUG=129
Change-Id: I881b26b07a8739cc0b52dbb51a30956908e1b71a
Reviewed-on: https://boringssl-review.googlesource.com/13232
Reviewed-by: Adam Langley <agl@google.com>
2017-01-20 00:05:47 +00:00
|
|
|
dh/dh_test.cc
|
2017-05-18 01:30:18 +01:00
|
|
|
digest_extra/digest_test.cc
|
Do a cursory conversion of a few tests to GTest.
For now, this is the laziest conversion possible. The intent is to just
get the build setup ready so that we can get everything working in our
consumers. The intended end state is:
- The standalone build produces three test targets, one per library:
{crypto,ssl,decrepit}_tests.
- Each FOO_test is made up of:
FOO/**/*_test.cc
crypto/test/gtest_main.cc
test_support
- generate_build_files.py emits variables crypto_test_sources and
ssl_test_sources. These variables are populated with FindCFiles,
looking for *_test.cc.
- The consuming file assembles those variables into the two test targets
(plus decrepit) from there. This avoids having generate_build_files.py
emit actual build rules.
- Our standalone builders, Chromium, and Android just run the top-level
test targets using whatever GTest-based reporting story they have.
In transition, we start by converting one of two tests in each library
to populate the three test targets. Those are added to all_tests.json
and all_tests.go hacked to handle them transparently. This keeps our
standalone builder working.
generate_build_files.py, to start with, populates the new source lists
manually and subtracts them out of the old machinery. We emit both for
the time being. When this change rolls in, we'll write all the build
glue needed to build the GTest-based tests and add it to consumers'
continuous builders.
Next, we'll subsume a file-based test and get the consumers working with
that. (I.e. make sure the GTest targets can depend on a data file.)
Once that's all done, we'll be sure all this will work. At that point,
we start subsuming the remaining tests into the GTest targets and,
asynchronously, rewriting tests to use GTest properly rather than
cursory conversion here.
When all non-GTest tests are gone, the old generate_build_files.py hooks
will be removed, consumers updated to not depend on them, and standalone
builders converted to not rely on all_tests.go, which can then be
removed. (Unless bits end up being needed as a malloc test driver. I'm
thinking we'll want to do something with --gtest_filter.)
As part of this CL, I've bumped the CMake requirements (for
target_include_directories) and added a few suppressions for warnings
that GTest doesn't pass.
BUG=129
Change-Id: I881b26b07a8739cc0b52dbb51a30956908e1b71a
Reviewed-on: https://boringssl-review.googlesource.com/13232
Reviewed-by: Adam Langley <agl@google.com>
2017-01-20 00:05:47 +00:00
|
|
|
dsa/dsa_test.cc
|
2017-02-05 08:01:25 +00:00
|
|
|
err/err_test.cc
|
2017-03-01 16:53:41 +00:00
|
|
|
evp/evp_extra_test.cc
|
2017-06-08 21:00:10 +01:00
|
|
|
evp/evp_test.cc
|
2017-05-20 14:48:45 +01:00
|
|
|
evp/pbkdf_test.cc
|
2017-06-10 00:27:37 +01:00
|
|
|
evp/scrypt_test.cc
|
2017-05-19 20:26:18 +01:00
|
|
|
fipsmodule/aes/aes_test.cc
|
2017-06-04 20:37:23 +01:00
|
|
|
fipsmodule/bn/bn_test.cc
|
2017-05-02 22:25:39 +01:00
|
|
|
fipsmodule/ec/ec_test.cc
|
2017-06-09 01:04:08 +01:00
|
|
|
fipsmodule/ec/p256-x86_64_test.cc
|
2017-06-06 15:22:22 +01:00
|
|
|
fipsmodule/ecdsa/ecdsa_test.cc
|
2019-01-01 22:08:19 +00:00
|
|
|
fipsmodule/md5/md5_test.cc
|
2017-05-24 05:50:35 +01:00
|
|
|
fipsmodule/modes/gcm_test.cc
|
2017-04-14 19:16:20 +01:00
|
|
|
fipsmodule/rand/ctrdrbg_test.cc
|
2018-12-31 07:31:44 +00:00
|
|
|
fipsmodule/sha/sha_test.cc
|
2017-05-20 14:48:45 +01:00
|
|
|
hkdf/hkdf_test.cc
|
2017-05-24 05:50:35 +01:00
|
|
|
hmac_extra/hmac_test.cc
|
2018-11-12 21:53:42 +00:00
|
|
|
hrss/hrss_test.cc
|
2018-11-27 22:07:12 +00:00
|
|
|
impl_dispatch_test.cc
|
2017-05-20 14:48:45 +01:00
|
|
|
lhash/lhash_test.cc
|
2017-06-02 13:55:16 +01:00
|
|
|
obj/obj_test.cc
|
2018-08-15 01:09:07 +01:00
|
|
|
pem/pem_test.cc
|
2017-06-02 12:24:46 +01:00
|
|
|
pkcs7/pkcs7_test.cc
|
|
|
|
pkcs8/pkcs8_test.cc
|
2017-06-02 13:21:49 +01:00
|
|
|
pkcs8/pkcs12_test.cc
|
2017-05-24 05:50:35 +01:00
|
|
|
poly1305/poly1305_test.cc
|
2017-05-20 14:48:45 +01:00
|
|
|
pool/pool_test.cc
|
2018-09-06 23:33:53 +01:00
|
|
|
rand_extra/rand_test.cc
|
2017-05-20 14:48:45 +01:00
|
|
|
refcount_test.cc
|
2017-05-03 19:50:51 +01:00
|
|
|
rsa_extra/rsa_test.cc
|
2018-01-22 19:07:42 +00:00
|
|
|
self_test.cc
|
2018-09-23 21:07:08 +01:00
|
|
|
stack/stack_test.cc
|
2017-05-20 14:48:45 +01:00
|
|
|
test/file_test_gtest.cc
|
2017-06-04 20:57:20 +01:00
|
|
|
thread_test.cc
|
2017-06-07 11:28:27 +01:00
|
|
|
x509/x509_test.cc
|
2018-06-18 22:31:39 +01:00
|
|
|
x509/x509_time_test.cc
|
2017-07-10 04:26:26 +01:00
|
|
|
x509v3/tab_test.cc
|
|
|
|
x509v3/v3name_test.cc
|
Add support for SIKE/p503 post-quantum KEM
Based on Microsoft's implementation available on github:
Source: https://github.com/Microsoft/PQCrypto-SIDH
Commit: 77044b76181eb61c744ac8eb7ddc7a8fe72f6919
Following changes has been applied
* In intel assembly, use MOV instead of MOVQ:
Intel instruction reference in the Intel Software Developer's Manual
volume 2A, the MOVQ has 4 forms. None of them mentions moving
literal to GPR, hence "movq $rax, 0x0" is wrong. Instead, on 64bit
system, MOV can be used.
* Some variables were wrongly zero-initialized (as per C99 spec)
* Move constant values to .RODATA segment, as keeping them in .TEXT
segment is not compatible with XOM.
* Fixes issue in arm64 code related to the fact that compiler doesn't
reserve enough space for the linker to relocate address of a global
variable when used by 'ldr' instructions. Solution is to use 'adrp'
followed by 'add' instruction. Relocations for 'adrp' and 'add'
instructions is generated by prefixing the label with :pg_hi21:
and :lo12: respectively.
* Enable MULX and ADX. Code from MS doesn't support PIC. MULX can't
reference global variable directly. Instead RIP-relative addressing
can be used. This improves performance around 10%-13% on SkyLake
* Check if CPU supports BMI2 and ADOX instruction at runtime. On AMD64
optimized implementation of montgomery multiplication and reduction
have 2 implementations - faster one takes advantage of BMI2
instruction set introduced in Haswell and ADOX introduced in
Broadwell. Thanks to OPENSSL_ia32cap_P it can be decided at runtime
which implementation to choose. As CPU configuration is static by
nature, branch predictor will be correct most of the time and hence
this check very often has no cost.
* Reuse some utilities from boringssl instead of reimplementing them.
This includes things like:
* definition of a limb size (use crypto_word_t instead of digit_t)
* use functions for checking in constant time if value is 0 and/or
less then
* #define's used for conditional compilation
* Use SSE2 for conditional swap on vector registers. Improves
performance a little bit.
* Fix f2elm_t definition. Code imported from MSR defines f2elm_t type as
a array of arrays. This decays to a pointer to an array (when passing
as an argument). In C, one can't assign const pointer to an array with
non-const pointer to an array. Seems it violates 6.7.3/8 from C99
(same for C11). This problem occures in GCC 6, only when -pedantic
flag is specified and it occures always in GCC 4.9 (debian jessie).
* Fix definition of eval_3_isog. Second argument in eval_3_isog mustn't be
const. Similar reason as above.
* Use HMAC-SHA256 instead of cSHAKE-256 to avoid upstreaming cSHAKE
and SHA3 code.
* Add speed and unit tests for SIKE.
Change-Id: I22f0bb1f9edff314a35cd74b48e8c4962568e330
2019-03-06 18:19:25 +00:00
|
|
|
../third_party/sike/sike_test.cc
|
Do a cursory conversion of a few tests to GTest.
For now, this is the laziest conversion possible. The intent is to just
get the build setup ready so that we can get everything working in our
consumers. The intended end state is:
- The standalone build produces three test targets, one per library:
{crypto,ssl,decrepit}_tests.
- Each FOO_test is made up of:
FOO/**/*_test.cc
crypto/test/gtest_main.cc
test_support
- generate_build_files.py emits variables crypto_test_sources and
ssl_test_sources. These variables are populated with FindCFiles,
looking for *_test.cc.
- The consuming file assembles those variables into the two test targets
(plus decrepit) from there. This avoids having generate_build_files.py
emit actual build rules.
- Our standalone builders, Chromium, and Android just run the top-level
test targets using whatever GTest-based reporting story they have.
In transition, we start by converting one of two tests in each library
to populate the three test targets. Those are added to all_tests.json
and all_tests.go hacked to handle them transparently. This keeps our
standalone builder working.
generate_build_files.py, to start with, populates the new source lists
manually and subtracts them out of the old machinery. We emit both for
the time being. When this change rolls in, we'll write all the build
glue needed to build the GTest-based tests and add it to consumers'
continuous builders.
Next, we'll subsume a file-based test and get the consumers working with
that. (I.e. make sure the GTest targets can depend on a data file.)
Once that's all done, we'll be sure all this will work. At that point,
we start subsuming the remaining tests into the GTest targets and,
asynchronously, rewriting tests to use GTest properly rather than
cursory conversion here.
When all non-GTest tests are gone, the old generate_build_files.py hooks
will be removed, consumers updated to not depend on them, and standalone
builders converted to not rely on all_tests.go, which can then be
removed. (Unless bits end up being needed as a malloc test driver. I'm
thinking we'll want to do something with --gtest_filter.)
As part of this CL, I've bumped the CMake requirements (for
target_include_directories) and added a few suppressions for warnings
that GTest doesn't pass.
BUG=129
Change-Id: I881b26b07a8739cc0b52dbb51a30956908e1b71a
Reviewed-on: https://boringssl-review.googlesource.com/13232
Reviewed-by: Adam Langley <agl@google.com>
2017-01-20 00:05:47 +00:00
|
|
|
|
2017-05-19 20:26:18 +01:00
|
|
|
$<TARGET_OBJECTS:crypto_test_data>
|
2018-01-04 07:07:58 +00:00
|
|
|
$<TARGET_OBJECTS:boringssl_gtest_main>
|
Do a cursory conversion of a few tests to GTest.
For now, this is the laziest conversion possible. The intent is to just
get the build setup ready so that we can get everything working in our
consumers. The intended end state is:
- The standalone build produces three test targets, one per library:
{crypto,ssl,decrepit}_tests.
- Each FOO_test is made up of:
FOO/**/*_test.cc
crypto/test/gtest_main.cc
test_support
- generate_build_files.py emits variables crypto_test_sources and
ssl_test_sources. These variables are populated with FindCFiles,
looking for *_test.cc.
- The consuming file assembles those variables into the two test targets
(plus decrepit) from there. This avoids having generate_build_files.py
emit actual build rules.
- Our standalone builders, Chromium, and Android just run the top-level
test targets using whatever GTest-based reporting story they have.
In transition, we start by converting one of two tests in each library
to populate the three test targets. Those are added to all_tests.json
and all_tests.go hacked to handle them transparently. This keeps our
standalone builder working.
generate_build_files.py, to start with, populates the new source lists
manually and subtracts them out of the old machinery. We emit both for
the time being. When this change rolls in, we'll write all the build
glue needed to build the GTest-based tests and add it to consumers'
continuous builders.
Next, we'll subsume a file-based test and get the consumers working with
that. (I.e. make sure the GTest targets can depend on a data file.)
Once that's all done, we'll be sure all this will work. At that point,
we start subsuming the remaining tests into the GTest targets and,
asynchronously, rewriting tests to use GTest properly rather than
cursory conversion here.
When all non-GTest tests are gone, the old generate_build_files.py hooks
will be removed, consumers updated to not depend on them, and standalone
builders converted to not rely on all_tests.go, which can then be
removed. (Unless bits end up being needed as a malloc test driver. I'm
thinking we'll want to do something with --gtest_filter.)
As part of this CL, I've bumped the CMake requirements (for
target_include_directories) and added a few suppressions for warnings
that GTest doesn't pass.
BUG=129
Change-Id: I881b26b07a8739cc0b52dbb51a30956908e1b71a
Reviewed-on: https://boringssl-review.googlesource.com/13232
Reviewed-by: Adam Langley <agl@google.com>
2017-01-20 00:05:47 +00:00
|
|
|
)
|
|
|
|
|
Support symbol prefixes
- In base.h, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols.h
- In all .S files, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols_asm.h
- In base.h, BSSL_NAMESPACE_BEGIN and BSSL_NAMESPACE_END are
defined with appropriate values depending on whether
BORINGSSL_PREFIX is defined; these macros are used in place
of 'namespace bssl {' and '}'
- Add util/make_prefix_headers.go, which takes a list of symbols
and auto-generates the header files mentioned above
- In CMakeLists.txt, if BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS
are defined, run util/make_prefix_headers.go to generate header
files
- In various CMakeLists.txt files, add "global_target" that all
targets depend on to give us a place to hook logic that must run
before all other targets (in particular, the header file generation
logic)
- Document this in BUILDING.md, including the fact that it is
the caller's responsibility to provide the symbol list and keep it
up to date
- Note that this scheme has not been tested on Windows, and likely
does not work on it; Windows support will need to be added in a
future commit
Change-Id: If66a7157f46b5b66230ef91e15826b910cf979a2
Reviewed-on: https://boringssl-review.googlesource.com/31364
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-08-27 02:53:36 +01:00
|
|
|
add_dependencies(crypto_test global_target)
|
|
|
|
|
Add a CFI tester to CHECK_ABI.
This uses the x86 trap flag and libunwind to test CFI works at each
instruction. For now, it just uses the system one out of pkg-config and
disables unwind tests if unavailable. We'll probably want to stick a
copy into //third_party and perhaps try the LLVM one later.
This tester caught two bugs in P-256 CFI annotations already:
I47b5f9798b3bcee1748e537b21c173d312a14b42 and
I9f576d868850312d6c14d1386f8fbfa85021b347
An earlier design used PTRACE_SINGLESTEP with libunwind's remote
unwinding features. ptrace is a mess around stop signals (see group-stop
discussion in ptrace(2)) and this is 10x faster, so I went with it. The
question of which is more future-proof is complex:
- There are two libunwinds with the same API,
https://www.nongnu.org/libunwind/ and LLVM's. This currently uses the
system nongnu.org for convenience. In future, LLVM's should be easier
to bundle (less complex build) and appears to even support Windows,
but I haven't tested this. Moreover, setting the trap flag keeps the
test single-process, which is less complex on Windows. That suggests
the trap flag design and switching to LLVM later. However...
- Not all architectures have a trap flag settable by userspace. As far
as I can tell, ARMv8's PSTATE.SS can only be set from the kernel. If
we stick with nongnu.org libunwind, we can use PTRACE_SINGLESTEP and
remote unwinding. Or we implement it for LLVM. Another thought is for
the ptracer to bounce SIGTRAP back into the process, to share the
local unwinding code.
- ARMv7 has no trap flag at all and PTRACE_SINGLESTEP fails. Debuggers
single-step by injecting breakpoints instead. However, ARMv8's trap
flag seems to work in both AArch32 and AArch64 modes, so we may be
able to condition it on a 64-bit kernel.
Sadly, neither strategy works with Intel SDE. Adding flags to cpucap
vectors as we do with ARM would help, but it would not emulate CPUs
newer than the host CPU. For now, I've just had SDE tests disable these.
Annoyingly, CMake does not allow object libraries to have dependencies,
so make test_support a proper static library. Rename the target to
test_support_lib to avoid
https://gitlab.kitware.com/cmake/cmake/issues/17785
Update-Note: This adds a new optional test dependency, but it's disabled
by default (define BORINGSSL_HAVE_LIBUNWIND), so consumers do not need
to do anything. We'll probably want to adjust this in the future.
Bug: 181
Change-Id: I817263d7907aff0904a9cee83f8b26747262cc0c
Reviewed-on: https://boringssl-review.googlesource.com/c/33966
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2018-12-21 23:58:36 +00:00
|
|
|
target_link_libraries(crypto_test test_support_lib boringssl_gtest crypto)
|
2018-08-10 16:30:55 +01:00
|
|
|
if(WIN32)
|
2017-03-09 06:13:07 +00:00
|
|
|
target_link_libraries(crypto_test ws2_32)
|
|
|
|
endif()
|
Do a cursory conversion of a few tests to GTest.
For now, this is the laziest conversion possible. The intent is to just
get the build setup ready so that we can get everything working in our
consumers. The intended end state is:
- The standalone build produces three test targets, one per library:
{crypto,ssl,decrepit}_tests.
- Each FOO_test is made up of:
FOO/**/*_test.cc
crypto/test/gtest_main.cc
test_support
- generate_build_files.py emits variables crypto_test_sources and
ssl_test_sources. These variables are populated with FindCFiles,
looking for *_test.cc.
- The consuming file assembles those variables into the two test targets
(plus decrepit) from there. This avoids having generate_build_files.py
emit actual build rules.
- Our standalone builders, Chromium, and Android just run the top-level
test targets using whatever GTest-based reporting story they have.
In transition, we start by converting one of two tests in each library
to populate the three test targets. Those are added to all_tests.json
and all_tests.go hacked to handle them transparently. This keeps our
standalone builder working.
generate_build_files.py, to start with, populates the new source lists
manually and subtracts them out of the old machinery. We emit both for
the time being. When this change rolls in, we'll write all the build
glue needed to build the GTest-based tests and add it to consumers'
continuous builders.
Next, we'll subsume a file-based test and get the consumers working with
that. (I.e. make sure the GTest targets can depend on a data file.)
Once that's all done, we'll be sure all this will work. At that point,
we start subsuming the remaining tests into the GTest targets and,
asynchronously, rewriting tests to use GTest properly rather than
cursory conversion here.
When all non-GTest tests are gone, the old generate_build_files.py hooks
will be removed, consumers updated to not depend on them, and standalone
builders converted to not rely on all_tests.go, which can then be
removed. (Unless bits end up being needed as a malloc test driver. I'm
thinking we'll want to do something with --gtest_filter.)
As part of this CL, I've bumped the CMake requirements (for
target_include_directories) and added a few suppressions for warnings
that GTest doesn't pass.
BUG=129
Change-Id: I881b26b07a8739cc0b52dbb51a30956908e1b71a
Reviewed-on: https://boringssl-review.googlesource.com/13232
Reviewed-by: Adam Langley <agl@google.com>
2017-01-20 00:05:47 +00:00
|
|
|
add_dependencies(all_tests crypto_test)
|