boringssl/crypto/fipsmodule/ec
David Benjamin 54efa1afc0 Add an ABI testing framework.
Dear reader, I must apologize in advance. This CL contains the following:

- A new 256-line perlasm file with non-trivial perl bits and a dual-ABI
  variadic function caller.

- C preprocessor gymnastics, with variadic macros and fun facts about
  __VA_ARGS__'s behavior on empty argument lists.

- C++ template gymnastics, including variadic arguments, template
  specialization, std::enable_if, and machinery to control template argument
  deduction.

Enjoy.

This tests that our assembly functions correctly honor platform ABI
conventions. Right now this only tests callee-saved registers, but it should be
extendable to SEH/CFI unwind testing with single-step debugging APIs.
Register-checking does not involve anything funny and should be compatible with
SDE. (The future unwind testing is unlikely to be compatible.)

This CL adds support for x86_64 SysV and Win64 ABIs. ARM, AArch64, and x86 can
be added in the future. The testing is injected in two places. First, all the
assembly tests in p256-x86_64-test.cc are now instrumented. This is the
intended workflow and should capture all registers.

However, we currently do not unit-test our assembly much directly. We should do
that as follow-up work[0] but, in the meantime, I've also wrapped all of the GTest
main function in an ABI test. This is imperfect as ABI failures may be masked
by other stack frames, but it costs nothing[1] and is pretty reliable at
catching Win64 xmm register failures.

[0] An alternate strategy would be, in debug builds, unconditionally instrument
every assembly call in libcrypto. But the CHECK_ABI macro would be difficult to
replicate in pure C, and unwind testing may be too invasive for this. Still,
something to consider when we C++ libcrypto.

[1] When single-stepped unwind testing exists, it won't cost nothing. The
gtest_main.cc call will turn unwind testing off.

Change-Id: I6643b26445891fd46abfacac52bc024024c8d7f6
Reviewed-on: https://boringssl-review.googlesource.com/c/33764
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
2018-12-21 16:09:32 +00:00
..
asm Revert "Revert "Speed up ECDSA verify on x86-64."" 2018-11-07 23:57:22 +00:00
ec_key.c Use EC_RAW_POINT in ECDSA. 2018-11-13 02:06:46 +00:00
ec_montgomery.c Optimize EC_GFp_mont_method's cmp_x_coordinate. 2018-11-13 01:48:21 +00:00
ec_scalar_base_mult_tests.txt Add some EC base point multiplication test vectors. 2018-03-27 23:33:24 +00:00
ec_test.cc Contract P-224 elements before returning them. 2018-11-14 22:38:12 +00:00
ec.c Clean up EC_POINT to byte conversions. 2018-11-13 17:27:59 +00:00
felem.c Add missing #include of <openssl/err.h>. 2018-05-01 01:00:44 +00:00
internal.h Modernize OPENSSL_COMPILE_ASSERT, part 2. 2018-11-14 16:06:37 +00:00
make_ec_scalar_base_mult_tests.go Add some EC base point multiplication test vectors. 2018-03-27 23:33:24 +00:00
make_p256-x86_64-table.go
oct.c Clean up EC_POINT to byte conversions. 2018-11-13 17:27:59 +00:00
p224-64.c Merge P-224 contract into serialisation. 2018-11-14 23:47:13 +00:00
p256-x86_64_test.cc Add an ABI testing framework. 2018-12-21 16:09:32 +00:00
p256-x86_64_tests.txt Add some tests for scalar operations. 2018-04-24 16:12:34 +00:00
p256-x86_64-table.h
p256-x86_64.c Eliminate |OPENSSL_ia32cap_P| in C code in the FIPS module. 2018-12-06 00:58:14 +00:00
p256-x86_64.h Add an ABI testing framework. 2018-12-21 16:09:32 +00:00
scalar.c Rename EC_MAX_SCALAR_*. 2018-11-13 03:22:04 +00:00
simple_mul.c Devirtualize ec_simple_{add,dbl}. 2018-11-06 18:32:11 +00:00
simple.c Push BIGNUM out of the cmp_x_coordinate interface. 2018-11-12 21:46:36 +00:00
util.c
wnaf.c Rename EC_MAX_SCALAR_*. 2018-11-13 03:22:04 +00:00