Commit Graph

20 Commits

Author SHA1 Message Date
David Benjamin
2a2dbaa9e4 Add assembly support for 32-bit iOS.
(Imported from upstream's 313e6ec11fb8a7bda1676ce5804bee8755664141)

BUG=338886

Change-Id: Id635e78b9afaad5ca311e3aeed888c9aedeb9637
Reviewed-on: https://boringssl-review.googlesource.com/4490
Reviewed-by: Adam Langley <agl@google.com>
2015-05-04 22:44:24 +00:00
David Benjamin
c521b305c6 aes/asm/bsaes-armv7: fix kernel-side XTS and harmonize with Linux.
XTS bug spotted and fix suggested by Adrian Kotelba.

(Imported from upstream's e620e5ae37bc3fc5e457ebf3edcdd01b20f8c5dd.)

Another patch we missed.

Change-Id: Ibea40eeec01a49b29064b14631706756795c9592
Reviewed-on: https://boringssl-review.googlesource.com/4489
Reviewed-by: Adam Langley <agl@google.com>
2015-05-04 22:43:58 +00:00
David Benjamin
96ac819197 Remove inconsistency in ARM support.
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7.

(Imported from upstream's c1669e1c205dc8e695fb0c10a655f434e758b9f7)

This is a change from a while ago which was a source of divergence between our
perlasm and upstream's. This change in upstream came with the following comment
in Configure:

 Note that -march is not among compiler options in below linux-armv4
 target line. Not specifying one is intentional to give you choice to:

 a) rely on your compiler default by not specifying one;
 b) specify your target platform explicitly for optimal performance,
    e.g. -march=armv6 or -march=armv7-a;
 c) build "universal" binary that targets *range* of platforms by
    specifying minimum and maximum supported architecture;

 As for c) option. It actually makes no sense to specify maximum to be
 less than ARMv7, because it's the least requirement for run-time
 switch between platform-specific code paths. And without run-time
 switch performance would be equivalent to one for minimum. Secondly,
 there are some natural limitations that you'd have to accept and
 respect. Most notably you can *not* build "universal" binary for
 big-endian platform. This is because ARMv7 processor always picks
 instructions in little-endian order. Another similar limitation is
 that -mthumb can't "cross" -march=armv6t2 boundary, because that's
 where it became Thumb-2. Well, this limitation is a bit artificial,
 because it's not really impossible, but it's deemed too tricky to
 support. And of course you have to be sure that your binutils are
 actually up to the task of handling maximum target platform.

Change-Id: Ie5f674d603393f0a1354a0d0973987484a4a650c
Reviewed-on: https://boringssl-review.googlesource.com/4488
Reviewed-by: Adam Langley <agl@google.com>
2015-05-04 22:43:51 +00:00
David Benjamin
4ae52cddad ARM assembly pack: get ARMv7 instruction endianness right.
Pointer out and suggested by: Ard Biesheuvel.

(Imported from upstream's 5dcf70a1c57c2019bfad640fe14fd4a73212860a)

This is from a while ago, but it's one source of divergence between our copy of
these files and master's.

Change-Id: I6525a27f25eb86a92420c32996af47ecc42ee020
Reviewed-on: https://boringssl-review.googlesource.com/4487
Reviewed-by: Adam Langley <agl@google.com>
2015-05-04 22:41:59 +00:00
David Benjamin
74f79b601d aes/asm/aesv8-armx.pl: optimize for Cortex-A5x.
ARM has optimized Cortex-A5x pipeline to favour pairs of complementary
AES instructions. While modified code improves performance of post-r0p0
Cortex-A53 performance by >40% (for CBC decrypt and CTR), it hurts
original r0p0. We favour later revisions, because one can't prevent
future from coming. Improvement on post-r0p0 Cortex-A57 exceeds 50%,
while new code is not slower on r0p0, or Apple A7 for that matter.

[Update even SHA results for latest Cortex-A53.]

(Imported from upstream's 94376cccb4ed5b376220bffe0739140ea9dad8c8)

Change-Id: I581c65b566116b1f4211fb1bd5a1a54479889d70
Reviewed-on: https://boringssl-review.googlesource.com/4481
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 21:28:06 +00:00
David Benjamin
f06802f1e4 Add arm-xlate.pl and initial iOS asm support.
This is as partial import of upstream's
9b05cbc33e7895ed033b1119e300782d9e0cf23c. It includes the perlasm changes, but
not the CPU feature detection bits as we do those differently. This is largely
so we don't diverge from upstream, but it'll help with iOS assembly in the
future.

sha512-armv8.pl is modified slightly from upstream to switch from conditioning
on the output file to conditioning on an extra argument. This makes our
previous change from upstream (removing the 'open STDOUT' line) more explicit.

BUG=338886

Change-Id: Ic8ca1388ae20e94566f475bad3464ccc73f445df
Reviewed-on: https://boringssl-review.googlesource.com/4405
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 19:08:26 +00:00
David Benjamin
09bdb2a2c3 Remove explicit .hiddens from x86_64 perlasm files.
This reverts the non-ARM portions of 97999919bb.
x86_64 perlasm already makes .globl imply .hidden. (Confusingly, ARM does not.)
Since we don't need it, revert those to minimize divergence with upstream.

Change-Id: I2d205cfb1183e65d4f18a62bde187d206b1a96de
Reviewed-on: https://boringssl-review.googlesource.com/3610
Reviewed-by: Adam Langley <agl@google.com>
2015-02-25 21:26:16 +00:00
Adam Langley
97999919bb Hide all asm symbols.
We are leaking asm symbols in Android builds because the asm code isn't
affected by -fvisibility=hidden. This change hides all asm symbols.

This assumes that no asm symbols are public API and that should be true.
Some points to note:

In crypto/rc4/asm/rc4-md5-x86_64.pl there are |RC4_set_key| and
|RC4_options| functions which aren't getting marked as hidden. That's
because those functions aren't actually ever generated. (I'm just trying
to minimise drift with upstream here.)

In crypto/rc4/asm/rc4-x86_64.pl there's |RC4_options| which is "public"
API, except that we've never had it in the header files. So I've just
deleted it. Since we have an internal caller, we'll probably have to put
it back in the future, but it can just be done in rc4.c to save
problems.

BUG=448386

Change-Id: I3846617a0e3d73ec9e5ec3638a53364adbbc6260
Reviewed-on: https://boringssl-review.googlesource.com/3520
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-20 21:24:01 +00:00
Adam Langley
3e6526575a aarch64 support.
This is an initial cut at aarch64 support. I have only qemu to test it
however—hopefully hardware will be coming soon.

This also affects 32-bit ARM in that aarch64 chips can run 32-bit code
and we would like to be able to take advantage of the crypto operations
even in 32-bit mode. AES and GHASH should Just Work in this case: the
-armx.pl files can be built for either 32- or 64-bit mode based on the
flavour argument given to the Perl script.

SHA-1 and SHA-256 don't work like this however because they've never
support for multiple implementations, thus BoringSSL built for 32-bit
won't use the SHA instructions on an aarch64 chip.

No dedicated ChaCha20 or Poly1305 support yet.

Change-Id: Ib275bc4894a365c8ec7c42f4e91af6dba3bd686c
Reviewed-on: https://boringssl-review.googlesource.com/2801
Reviewed-by: Adam Langley <agl@google.com>
2015-01-14 23:38:11 +00:00
Adam Langley
a0b74eb241 aesni-x86_64.pl: make ECB subroutine Windows ABI compliant (RT 3552).
(Imported from upstream's 3e3cc471c2682f5cb40523f3997f75974de1755e.)

Change-Id: I8b6468b104091a609140a035739c09a031de90b4
2014-11-10 13:45:33 -08:00
Adam Langley
3dfbcc1f25 x86[_64] assembly pack: add Silvermont performance data.
(Imported from upstream's 9dd6240201fdd9a9a0ce2aa66df04c174d08cf99)

Change-Id: Ie0f6f876e06ac28c717ec949565f6b0126166b30
2014-11-10 13:45:32 -08:00
Adam Langley
ded93581f1 Windows build fixes.
Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an
OPENSSL_SSIZE_T seems worse than just using an int.

Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f
Reviewed-on: https://boringssl-review.googlesource.com/1352
Reviewed-by: Adam Langley <agl@google.com>
2014-08-11 22:10:02 +00:00
Adam Langley
eb7d2ed1fe Add visibility rules.
This change marks public symbols as dynamically exported. This means
that it becomes viable to build a shared library of libcrypto and libssl
with -fvisibility=hidden.

On Windows, one not only needs to mark functions for export in a
component, but also for import when using them from a different
component. Because of this we have to build with
|BORINGSSL_IMPLEMENTATION| defined when building the code. Other
components, when including our headers, won't have that defined and then
the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines
in base.h

In the asm code, symbols are now hidden by default and those that need
to be exported are wrapped by a C function.

In order to support Chromium, a couple of libssl functions were moved to
ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache.

Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261
Reviewed-on: https://boringssl-review.googlesource.com/1350
Reviewed-by: Adam Langley <agl@google.com>
2014-07-31 22:03:11 +00:00
Adam Langley
89b73fbafa aes/asm/bsaes-x86_64.pl: Atom-specific optimization.
(Imported from upstream's ffdff9f12f028e4075b473a2a21e51c5bcc2bbd9)
2014-06-20 13:17:40 -07:00
Adam Langley
45ba42a94c vpaes-[x86_64|ppc].pl: fix typo, which for some reason triggers rkhunter.
(Imported from upstream's dacb698ada2579bccfc3d88662f8cca75fb1b9aa)
2014-06-20 13:17:39 -07:00
Adam Langley
5685363771 aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak.
(Imported from upstream's 2d4d9623da229162ad4377174526af3c01b1707a)
2014-06-20 13:17:38 -07:00
Adam Langley
114a711f8b aes/asm/aesni-x86_64.pl: further optimization for Atom Silvermont.
Improve CBC decrypt and CTR by ~13/16%, which adds up to ~25/33%
improvement over "pre-Silvermont" version. [Add performance table to
aesni-x86.pl].

(Imported from upstream's b347341c75656cf8bc039bd0ea5e3571c9299687)
2014-06-20 13:17:38 -07:00
Adam Langley
7b29449086 AES-NI asm update from master.
(Imported from upstream's 5572bc4e2fb485c0d85bd5b4ec430ae0af65f7ea)
2014-06-20 13:17:37 -07:00
Adam Langley
77b7e63311 Adjust stack pointer in AES-NI CBC decryption.
This change adjusts the stack pointer during CBC decryption. The code
was previously using the red zone across function calls and valgrind
thinks that the "unused" stack is undefined after a function call.
2014-06-20 13:17:35 -07:00
Adam Langley
95c29f3cd1 Inital import.
Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta).

(This change contains substantial changes from the original and
effectively starts a new history.)
2014-06-20 13:17:32 -07:00