Commit Graph

1253 Commits

Author SHA1 Message Date
David Benjamin
d33908e8d6 modes/asm/ghashv8-armx.pl: up to 90% performance improvement.
(Imported from upstream's 7eeeb49e1103533bc81c234eb19613353866e474)

Here are the performance numbers on a Nexus 9 (32-bit binary):

Before:

Did 4376000 AES-128-GCM (16 bytes) seal operations in 1000016us (4375930.0 ops/sec): 70.0 MB/s
Did 642000 AES-128-GCM (1350 bytes) seal operations in 1001090us (641301.0 ops/sec): 865.8 MB/s
Did 126000 AES-128-GCM (8192 bytes) seal operations in 1001460us (125816.3 ops/sec): 1030.7 MB/s
Did 4120000 AES-256-GCM (16 bytes) seal operations in 1000004us (4119983.5 ops/sec): 65.9 MB/s
Did 547000 AES-256-GCM (1350 bytes) seal operations in 1001165us (546363.5 ops/sec): 737.6 MB/s
Did 99000 AES-256-GCM (8192 bytes) seal operations in 1000027us (98997.3 ops/sec): 811.0 MB/s


After:

Did 4569000 AES-128-GCM (16 bytes) seal operations in 1000011us (4568949.7 ops/sec): 73.1 MB/s
Did 796000 AES-128-GCM (1350 bytes) seal operations in 1000161us (795871.9 ops/sec): 1074.4 MB/s
Did 162000 AES-128-GCM (8192 bytes) seal operations in 1003828us (161382.2 ops/sec): 1322.0 MB/s
Did 4398000 AES-256-GCM (16 bytes) seal operations in 1000001us (4397995.6 ops/sec): 70.4 MB/s
Did 634000 AES-256-GCM (1350 bytes) seal operations in 1001290us (633183.2 ops/sec): 854.8 MB/s
Did 122000 AES-256-GCM (8192 bytes) seal operations in 1005650us (121314.6 ops/sec): 993.8 MB/s


Change-Id: I2fef921069ad174f5651dfe59be262625fb3f7c9
Reviewed-on: https://boringssl-review.googlesource.com/4483
Reviewed-by: Adam Langley <agl@google.com>
2015-04-29 00:49:04 +00:00
David Benjamin
69752b09e4 sha/asm/sha*-armv8.pl: add Denver and X-Gene esults.
(Imported from upstream's be5a87a1b00aceba5484a7ec198ac622c9283def)

Change-Id: I21c16b56949387a0eb3794c98550b8d7dfc4a376
Reviewed-on: https://boringssl-review.googlesource.com/4482
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 21:28:30 +00:00
David Benjamin
74f79b601d aes/asm/aesv8-armx.pl: optimize for Cortex-A5x.
ARM has optimized Cortex-A5x pipeline to favour pairs of complementary
AES instructions. While modified code improves performance of post-r0p0
Cortex-A53 performance by >40% (for CBC decrypt and CTR), it hurts
original r0p0. We favour later revisions, because one can't prevent
future from coming. Improvement on post-r0p0 Cortex-A57 exceeds 50%,
while new code is not slower on r0p0, or Apple A7 for that matter.

[Update even SHA results for latest Cortex-A53.]

(Imported from upstream's 94376cccb4ed5b376220bffe0739140ea9dad8c8)

Change-Id: I581c65b566116b1f4211fb1bd5a1a54479889d70
Reviewed-on: https://boringssl-review.googlesource.com/4481
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 21:28:06 +00:00
David Benjamin
15a08fcca2 perlasm/arm-xlate.pl update (fix end-less loop and prepare for 32-bit iOS).
(Imported from upstream's 7b644df899d0c818488686affc0bfe2dfdd0d0c2)

Looking at update_gypi_and_asm.py with git diff -w, the only differences seem
to be that .asciz fixed a bug where a space after a ',' got swallowed (sigh).

BUG=338886

Change-Id: Ib52296f4a62bc6f892a0d4ee7367493a8c639a3b
Reviewed-on: https://boringssl-review.googlesource.com/4480
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 21:26:34 +00:00
David Benjamin
1022dd3d52 Don't inclue crypto/ec/internal.h in ec_test.cc.
MSVC seems to dislike the zero-array trick in C++, but not C. Turns out there
was no need for the include, so that's an easy fix.

Change-Id: I6def7b430a450c4ff7eeafa3611f0d40f5fc5945
Reviewed-on: https://boringssl-review.googlesource.com/4580
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 21:16:50 +00:00
David Benjamin
7743c026cb Ensure EC private keys retain leading zeros
RFC 5915 requires the use of the I2OSP primitive as defined in RFC 3447
for encoding ECPrivateKey. Fix this and add a test.

See also upstream's 30cd4ff294252c4b6a4b69cbef6a5b4117705d22, though it mixes
up degree and order.

Change-Id: I81ba14da3c8d69e3799422c669fab7f16956f322
Reviewed-on: https://boringssl-review.googlesource.com/4469
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 21:03:27 +00:00
David Benjamin
67be048e1a Convert ec_test to C++
Change-Id: I5e25ddbc87370b58d9b6fc410f51e259947df8dd
Reviewed-on: https://boringssl-review.googlesource.com/4468
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 21:00:34 +00:00
David Benjamin
7af16eb49f sha/asm/sha512-armv4.pl: adapt for use in Linux kernel context.
Follow-up to sha256-armv4.pl in cooperation with Ard Biesheuvel
(Linaro) and Sami Tolvanen (Google).

(Imported from upstream's b1a5d1c652086257930a1f62ae51c9cdee654b2c.)

Change-Id: Ibc4f289cc8f499924ade8d6b8d494f53bc08bda7
Reviewed-on: https://boringssl-review.googlesource.com/4467
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 20:55:54 +00:00
David Benjamin
0fd37062b6 sha/asm/sha256-armv4.pl: fix compile issue in kernel and eliminate little-endian dependency.
(Imported from upstream's 51f8d095562f36cdaa6893597b5c609e943b0565.)

I don't see why we'd care, but just to minimize divergence.

Change-Id: I4b07e72c88fcb04654ad28d8fd371e13d59a61b5
Reviewed-on: https://boringssl-review.googlesource.com/4466
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 20:55:29 +00:00
David Benjamin
90da8c8817 Test that the server picks a non-ECC cipher when no curves are supported.
Change-Id: I9cd788998345ad877f73dd1341ccff68dbb8d124
Reviewed-on: https://boringssl-review.googlesource.com/4465
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 20:55:09 +00:00
David Benjamin
dd978784d7 Always enable ecdh_auto.
This is a really dumb API wart. Now that we have a limited set of curves that
are all reasonable, the automatic logic should just always kick in. This makes
set_ecdh_auto a no-op and, instead of making it the first choice, uses it as
the fallback behavior should none of the older curve selection APIs be used.

Currently, by default, server sockets can only use the plain RSA key exchange.

BUG=481139

Change-Id: Iaabc82de766cd00968844a71aaac29bd59841cd4
Reviewed-on: https://boringssl-review.googlesource.com/4531
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 20:51:05 +00:00
David Benjamin
55a436497f Handle empty curve preferences from the client.
See upstream's bd891f098bdfcaa285c073ce556d0f5e27ec3a10. It honestly seems
kinda dumb for a client to do this, but apparently the spec allows this.
Judging by code inspection, OpenSSL 1.0.1 also allowed this, so this avoids a
behavior change when switching from 1.0.1 to BoringSSL.

Add a test for this, which revealed that, unlike upstream's version, this
actually works with ecdh_auto since tls1_get_shared_curve also needs updating.
(To be mentioned in newsletter.)

Change-Id: Ie622700f17835965457034393b90f346740cfca8
Reviewed-on: https://boringssl-review.googlesource.com/4464
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 20:44:01 +00:00
David Benjamin
256451c461 sha/asm/sha256-armv4.pl: adapt for use in Linux kernel context.
In cooperation with Ard Biesheuvel (Linaro) and Sami Tolvanen (Google).

(Imported from upstream's 2ecd32a1f8f0643ae7b38f59bbaf9f0d6ef326fe)

Change-Id: Iac5853220654b6ef4cb3bb7f8d1efe0eb2ecf634
Reviewed-on: https://boringssl-review.googlesource.com/4463
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 20:40:39 +00:00
David Benjamin
1c722b7781 Add DTLS to SSL_get_version
(Imported from upstream's 504e643e0996fb842ac183023c3a6b9049af50ea)

Change-Id: I94f4fea105b6eeb001d376ca3ffef77d1432aa88
Reviewed-on: https://boringssl-review.googlesource.com/4462
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 20:38:45 +00:00
David Benjamin
dcd979f1a4 CertificateStatus is optional.
Because RFC 6066 is obnoxious like that and IIS servers actually do this
when OCSP-stapling is configured, but the OCSP server cannot be reached.

BUG=478947

Change-Id: I3d34c1497e0b6b02d706278dcea5ceb684ff60ae
Reviewed-on: https://boringssl-review.googlesource.com/4461
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 20:36:57 +00:00
David Benjamin
2c6080f192 Put the mem.h include back into crypto.h.
054e682675 removed the compatibility include of
mem.h in crypto.h. mem.h doesn't exist in upstream which defines these
functions in crypto.h instead. The compatibility include should probably be
restored to avoid causing all kinds of grief when porting consumers over.

Change-Id: Idfe0f9b43ebee5df22bebfe0ed6dc85ec98b4de0
Reviewed-on: https://boringssl-review.googlesource.com/4530
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 20:14:32 +00:00
Doug Hogan
41846c74f1 Modify sk_find() so it returns 1 on success and 0 otherwise.
The 2 arg OpenSSL sk_find() returned -1 on error and >= 0 on
success.  BoringSSL's 3 arg sk_find() returns -1 if the sk argument
is NULL, 0 if the item is not found, and 1 if found.

In practice, all callers of the sk_find() macros in BoringSSL only
check for zero/non-zero.  If sk is ever NULL, it looks like most
callers are going to use uninitialized data as the index because
the return value check is insufficient.

Change-Id: I640089a0f4044aaa8d50178b2aecd9c3c1fe2f9c
Reviewed-on: https://boringssl-review.googlesource.com/4500
Reviewed-by: Adam Langley <agl@google.com>
2015-04-24 23:19:56 +00:00
Adam Langley
9bc266e68d Fix typo in comment for SSL_MODE_SEND_FALLBACK_SCSV.
Comment-only change. No semantic effect.

Change-Id: I72fe8a277eb65297edd26e590471f4cafd974e4a
2015-04-23 17:28:27 -07:00
David Benjamin
c85573ccd8 Ensure BN_asc2bn, BN_dec2bn, and BN_hex2bn never give -0.
See upstream's a0eed48d37a4b7beea0c966caf09ad46f4a92a44. Rather than import
that, we should just ensure neg + zero isn't a possible state.

Add some tests for asc2bn and dec2bn while we're here. Also fix a bug with
dec2bn where it doesn't actually ignore trailing data as it's supposed to.

Change-Id: I2385b67b740e57020c75a247bee254085ab7ce15
Reviewed-on: https://boringssl-review.googlesource.com/4484
Reviewed-by: Adam Langley <agl@google.com>
2015-04-23 20:53:24 +00:00
Matt Braithwaite
9626f26320 Fix logic error that was breaking OBJ_create.
Change-Id: Iea367f6dea0710da17097fff2fc2e26f6f73befd
Reviewed-on: https://boringssl-review.googlesource.com/4471
Reviewed-by: Adam Langley <agl@google.com>
2015-04-23 01:46:15 +00:00
David Benjamin
83f182c6c5 Revert "Temporary introduce a memory leak in ssl_test"
This reverts commit 88d0f91952.
2015-04-21 06:32:24 -04:00
David Benjamin
88d0f91952 Temporary introduce a memory leak in ssl_test
Making sure the ASan bot notices. This will be reverted in a minute.

Change-Id: Ib8acf21948e3638d54ab09f3df4c339c4ea3d649
2015-04-21 06:30:59 -04:00
David Benjamin
7cb4bcc6e7 Empty commit to kick the bots.
Let's see how the Mac and ASan ones work.

Change-Id: I8cfb152776ef4cc89fbe253ecfe2991f03edef15
2015-04-21 06:26:29 -04:00
David Benjamin
5928c41a1a 32-bit ARM perlasm should be 'linux32', not 'elf'.
arm-xlate.pl conditions some things on the flavour matching /linux/. This
change will need to be mirrored in update_gypi_and_asm.py.

Change-Id: I60483aaf40fd13181173373f12f6d3651a2a8a0c
Reviewed-on: https://boringssl-review.googlesource.com/4460
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 22:50:44 +00:00
David Benjamin
f06802f1e4 Add arm-xlate.pl and initial iOS asm support.
This is as partial import of upstream's
9b05cbc33e7895ed033b1119e300782d9e0cf23c. It includes the perlasm changes, but
not the CPU feature detection bits as we do those differently. This is largely
so we don't diverge from upstream, but it'll help with iOS assembly in the
future.

sha512-armv8.pl is modified slightly from upstream to switch from conditioning
on the output file to conditioning on an extra argument. This makes our
previous change from upstream (removing the 'open STDOUT' line) more explicit.

BUG=338886

Change-Id: Ic8ca1388ae20e94566f475bad3464ccc73f445df
Reviewed-on: https://boringssl-review.googlesource.com/4405
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 19:08:26 +00:00
David Benjamin
c574f4114d Test that client curve preferences are enforced.
Change-Id: Idc8ac43bd59607641ac2ad0b7179b2f942c0b0ce
Reviewed-on: https://boringssl-review.googlesource.com/4403
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 18:59:15 +00:00
David Benjamin
4b0afdd220 Add a tool to download Chromium's prebuilt clang.
See tools/clang/scripts/update.sh. This'll be used to run ASan on the bots.

BUG=469928

Change-Id: I6b5093c2db21ad4ed742852944e77a6b32e29e29
Reviewed-on: https://boringssl-review.googlesource.com/4402
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 18:56:03 +00:00
David Benjamin
93de5e5c11 Reject empty cipher suite lists early.
See upstream's 3ae91cfb327c9ed689b9aaf7bca01a3f5a0657cb.

I misread that code and thought it was allowing empty cipher suites when there
*is* a session ID, but it was allowing them when there isn't. Which doesn't
make much sense because it'll get rejected later anyway. (Verified by toying
with handshake_client.go.)

Change-Id: Ia870a1518bca36fce6f3018892254f53ab49f460
Reviewed-on: https://boringssl-review.googlesource.com/4401
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 18:55:20 +00:00
David Benjamin
3fa27774b4 Fix some unsigned long cipher masks.
107db58047 missed a few.

Change-Id: Ib1c7e85e7de7e26888be17d3b644d856b134f76e
Reviewed-on: https://boringssl-review.googlesource.com/4400
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 18:54:37 +00:00
David Benjamin
f0df86a1f6 Fix standalone build on Mac.
CRYPTO_MUTEX was the wrong size. Fortunately, Apple was kind enough to define
pthread_rwlock_t unconditionally, so we can be spared fighting with feature
macros. Some of the stdlib.h removals were wrong and clang is pick about
multiply-defined typedefs. Apparently that's a C11 thing?

BUG=478598

Change-Id: Ibdcb8de9e5d83ca28e4c55b2979177d1ef0f9721
Reviewed-on: https://boringssl-review.googlesource.com/4404
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 16:50:18 +00:00
Adam Langley
caf6b09598 runner: fix a couple of nits from govet.
Change-Id: I489d00bc4ee22a5ecad75dc1eb84776f044566e5
Reviewed-on: https://boringssl-review.googlesource.com/4391
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-04-17 21:45:50 +00:00
Matt Braithwaite
7eaf4015fa (d2i_SSL_SESSION): Fix a memory leak that occurs on error.
Change-Id: I5424617f0b12937f092698d35a99316eb73a6c35
Reviewed-on: https://boringssl-review.googlesource.com/4390
Reviewed-by: Adam Langley <agl@google.com>
2015-04-17 17:39:38 +00:00
Adam Langley
92b6b02475 tool: include base.h before testing OPENSSL_WINDOWS.
Even though windows.h etc are system headers, conditional includes have
to come after the others.

Change-Id: I839b3b6c32a76c806698e2cdc71e50433fa900b2
2015-04-16 14:02:52 -07:00
Adam Langley
ad6b28e974 Add 64-bit, P-256 implementation.
This is taken from upstream, although it originally came from us. This
will only take effect on 64-bit systems (x86-64 and aarch64).

Before:

Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec)
Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec)
Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec)

After:

Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec)
Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec)
Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec)

Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
2015-04-16 13:53:05 -07:00
David Benjamin
042bcdd9bd No-op comment to trigger the bots.
Testing out the new Windows bots.

Change-Id: Iaeb9251945dc52f4dcb2514d3479a1808242e424
2015-04-16 07:32:21 -04:00
Adam Langley
d5eb7f4268 bio: remove BIO_CTRL_PUSH/_POP.
We don't support the SSL BIO so this is a no-op change.

Change-Id: Iba9522b837ebb0eb6adc80d5df6dcac99abf2552
Reviewed-on: https://boringssl-review.googlesource.com/4360
Reviewed-by: Adam Langley <agl@google.com>
2015-04-16 00:16:20 +00:00
David Benjamin
9f33fc63c6 Remove hash table lookups from ex_data.
Instead, each module defines a static CRYPTO_EX_DATA_CLASS to hold the values.
This makes CRYPTO_cleanup_all_ex_data a no-op as spreading the
CRYPTO_EX_DATA_CLASSes across modules (and across crypto and ssl) makes cleanup
slightly trickier. We can make it do something if needbe, but it's probably not
worth the trouble.

Change-Id: Ib6f6fd39a51d8ba88649f0fa29c66db540610c76
Reviewed-on: https://boringssl-review.googlesource.com/4375
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 23:59:35 +00:00
David Benjamin
2ab9090b87 Remove X509_STORE's ex_data.
No functions for using it were ever added.

Change-Id: Iaee6e5bc8254a740435ccdcdbd715b851d8a0dce
Reviewed-on: https://boringssl-review.googlesource.com/4374
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 23:36:09 +00:00
David Benjamin
1004b9564a Remove BIO's ex_data.
No wrappers were ever added and codesearch confirms no one ever added to it
manually. Probably anyone doing complex things with BIOs just made a custom
BIO_METHOD. We can put it back with proper functions if the need ever arises.

Change-Id: Icb5da7ceeb8f1da6d08f4a8854d53dfa75827d9c
Reviewed-on: https://boringssl-review.googlesource.com/4373
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 23:35:51 +00:00
David Benjamin
546f1a59ef Unexpose the generic ex_data functions.
Callers are required to use the wrappers now. They still need OPENSSL_EXPORT
since crypto and ssl get built separately in the standalone shared library
build.

Change-Id: I61186964e6099b9b589c4cd45b8314dcb2210c89
Reviewed-on: https://boringssl-review.googlesource.com/4372
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 23:27:22 +00:00
David Benjamin
b857ffe629 Remove CRYPTO_ex_data_new_class.
It's unused and requires ex_data support a class number per type.

Change-Id: Ie1fb55053631ef00c3318f3253f7c9501988f522
Reviewed-on: https://boringssl-review.googlesource.com/4371
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 23:24:21 +00:00
David Benjamin
32cd83f4de Remove the ability to set custom ex_data implementations.
This is never used and we can make the built-in one performant.

Change-Id: I6fc7639ba852349933789e73762bc3fa1341b2ff
Reviewed-on: https://boringssl-review.googlesource.com/4370
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 23:23:50 +00:00
David Benjamin
daf2c5dc0c Convert ecdsa_test to C++.
Change-Id: I3bcfc9d29fb3b5eed3d578eb4879b815458f20c0
Reviewed-on: https://boringssl-review.googlesource.com/4351
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 21:11:56 +00:00
David Benjamin
e65855c36f Fix memory leak in ecdsa_test.
This one really needs to get C++'d.

Change-Id: I088f3b77867af0cfc2da8324ba87954ef4cbba74
Reviewed-on: https://boringssl-review.googlesource.com/4350
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 21:04:52 +00:00
David Benjamin
25f0846316 Revert "Temporarily break a test on purpose."
This reverts commit cbbe020894.
2015-04-15 16:13:49 -04:00
David Benjamin
cbbe020894 Temporarily break a test on purpose.
This is to make sure emails get sent to the right place. This will be reverted
in a minute.

Change-Id: I657e8c32034deb2231b76c1a418bdc5dcf6be8bd
2015-04-15 15:59:07 -04:00
Brian Smith
f86c199f67 Fix Windows newline in err.h from commit 83a8298.
Change-Id: I2caa65b35e80233009e82599838f65aaf2e73cf4
Reviewed-on: https://boringssl-review.googlesource.com/4341
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 03:07:07 +00:00
Brian Smith
b828cfde3a Fix typos in documentation in rsa.h.
Change-Id: I0fb680d088425df8fca558bf8d4213f251eb0a96
Reviewed-on: https://boringssl-review.googlesource.com/4340
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 03:06:53 +00:00
Brian Smith
3700778248 Fix Windows build failures caused by 310d4dd.
MSVC doesn't like |const size_t len| in a function definition where the
declaration was just |size_t len| without the |const|. Also, MSVC needs
declarations of parameterless functions to have a |void| parameter list.

Change-Id: I91e01a12aca657b2ee1d653926f09cc52da2faed
Reviewed-on: https://boringssl-review.googlesource.com/4329
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 03:06:29 +00:00
Adam Langley
c3ef76f327 Compatibility changes for wpa_supplicant and OpenSSH.
OpenSSH, especially, does some terrible things that mean that it needs
the EVP_CIPHER structure to be exposed ☹. Damian is open to a better API
to replace this, but only if OpenSSL agree too. Either way, it won't be
happening soon.

Change-Id: I393b7a6af6694d4d2fe9ebcccd40286eff4029bd
Reviewed-on: https://boringssl-review.googlesource.com/4330
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:18:28 +00:00