summaryrefslogtreecommitdiffstats
path: root/crypto/aes (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Following the license change, modify the boilerplates in crypto/aes/Richard Levitte2018-12-0635-35/+35
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7771)
* License: change any non-boilerplate comment referring to "OpenSSL license"Richard Levitte2018-12-062-2/+2
| | | | | | | | Make it just say "the License", which refers back to the standard boilerplate. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7764)
* Update copyright yearMatt Caswell2018-09-111-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7176)
* PA-RISC assembly pack: make it work with GNU assembler for HP-UX.Andy Polyakov2018-06-251-0/+9
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6583)
* PPC assembly pack: correct POWER9 results.Andy Polyakov2018-06-031-1/+2
| | | | | | | | | | As it turns out originally published results were skewed by "turbo" mode. VM apparently remains oblivious to dynamic frequency scaling, and reports that processor operates at "base" frequency at all times. While actual frequency gets increased under load. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6406)
* Update copyright yearMatt Caswell2018-05-291-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6371)
* PPC assembly pack: add POWER9 results.Andy Polyakov2018-05-101-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Update copyright yearMatt Caswell2018-03-203-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5689)
* MIPS assembly pack: default heuristic detection to little-endian.Andy Polyakov2018-03-191-1/+1
| | | | | | | | | Current endianness detection is somewhat opportunistic and can fail in cross-compile scenario. Since we are more likely to cross-compile for little-endian now, adjust the default accordingly. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
* Always use adr with __thumb2__.David Benjamin2018-02-282-6/+6
| | | | | | | | | | | | | | | | | | | | | | | Thumb2 addresses are a bit a mess, depending on whether a label is interpreted as a function pointer value (for use with BX and BLX) or as a program counter value (for use with PC-relative addressing). Clang's integrated assembler mis-assembles this code. See https://crbug.com/124610#c54 for details. Instead, use the ADR pseudo-instruction which has clear semantics and should be supported by every assembler that handles the OpenSSL Thumb2 code. (In other files, the ADR vs SUB conditionals are based on __thumb2__ already. For some reason, this one is based on __APPLE__, I'm guessing to deal with an older version of clang assembler.) It's unclear to me which of clang or binutils is "correct" or if this is even a well-defined notion beyond "whatever binutils does". But I will note that https://github.com/openssl/openssl/pull/4669 suggests binutils has also changed behavior around this before. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5431)
* Harmonize the make variables across all known platforms familiesRichard Levitte2018-02-141-6/+3
| | | | | | | | | | | | | | | | | | | | | | | | The make variables LIB_CFLAGS, DSO_CFLAGS and so on were used in addition to CFLAGS and so on. This works without problem on Unix and Windows, where options with different purposes (such as -D and -I) can appear anywhere on the command line and get accumulated as they come. This is not necessarely so on VMS. For example, macros must all be collected and given through one /DEFINE, and the same goes for inclusion directories (/INCLUDE). So, to harmonize all platforms, we repurpose make variables starting with LIB_, DSO_ and BIN_ to be all encompassing variables that collects the corresponding values from CFLAGS, CPPFLAGS, DEFINES, INCLUDES and so on together with possible config target values specific for libraries DSOs and programs, and use them instead of the general ones everywhere. This will, for example, allow VMS to use the exact same generators for generated files that go through cpp as all other platforms, something that has been impossible to do safely before now. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5357)
* Processing GNU-style "make variables" - separate CPP flags from C flagsRichard Levitte2018-01-281-3/+9
| | | | | | | | | | | | C preprocessor flags get separated from C flags, which has the advantage that we don't get loads of macro definitions and inclusion directory specs when linking shared libraries, DSOs and programs. This is a step to add support for "make variables" when configuring. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5177)
* Update copyright years on all files merged since Jan 1st 2018Richard Levitte2018-01-091-1/+1
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5038)
* crypto/aes/asm/aes-s390x.pl: replace decrypt flag by macro.Patrick Steuer2018-01-071-2/+2
| | | | | | | | Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4634)
* s390x assembly pack: add KMA code path for aes-ctr.Patrick Steuer2018-01-071-1/+55
| | | | | | | | Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4634)
* ARMv8 assembly pack: add Qualcomm Kryo results.Andy Polyakov2017-11-131-0/+1
| | | | | | [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org>
* Many spelling fixes/typo's corrected.Josh Soref2017-11-1212-31/+31
| | | | | | | | | Around 138 distinct errors found and fixed; thanks! Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3459)
* aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with binutils-2.29.Andy Polyakov2017-11-052-6/+6
| | | | | | | | | | It's not clear if it's a feature or bug, but binutils-2.29[.1] interprets 'adr' instruction with Thumb2 code reference differently, in a way that affects calculation of addresses of constants' tables. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4669)
* s390x assembly pack: extend s390x capability vector.Patrick Steuer2017-10-302-5/+9
| | | | | | | | | | | | | | | Extend the s390x capability vector to store the longer facility list available from z13 onwards. The bits indicating the vector extensions are set to zero, if the kernel does not enable the vector facility. Also add capability bits returned by the crypto instructions' query functions. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4542)
* s390x assembly pack: remove capability double-checking.Patrick Steuer2017-10-171-12/+4
| | | | | | | | | | | | | | | | | An instruction's QUERY function is executed at initialization, iff the required MSA level is installed. Therefore, it is sufficient to check the bits returned by the QUERY functions. The MSA level does not have to be checked at every function call. crypto/aes/asm/aes-s390x.pl: The AES key schedule must be computed if the required KM or KMC function codes are not available. Formally, the availability of a KMC function code does not imply the availability of the corresponding KM function code. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4501)
* crypto/aes/asm/aes-s390x.pl: fix $softonly=1 code path.Patrick Steuer2017-10-171-2/+2
| | | | | | | | Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4501)
* Remove email addresses from source code.Rich Salz2017-10-1312-28/+23
| | | | | | | | | | Names were not removed. Some comments were updated. Replace Andy's address with openssl.org Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4516)
* aes/asm/aesni-sha*-x86_64.pl: add SHAEXT performance results.Andy Polyakov2017-07-242-7/+15
| | | | | Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/3898)
* x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results.Andy Polyakov2017-07-211-0/+1
| | | | | | | | | | | | | | | | | | "Optimize" is in quotes because it's rather a "salvage operation" for now. Idea is to identify processor capability flags that drive Knights Landing to suboptimial code paths and mask them. Two flags were identified, XSAVE and ADCX/ADOX. Former affects choice of AES-NI code path specific for Silvermont (Knights Landing is of Silvermont "ancestry"). And 64-bit ADCX/ADOX instructions are effectively mishandled at decode time. In both cases we are looking at ~2x improvement. AVX-512 results cover even Skylake-X :-) Hardware used for benchmarking courtesy of Atos, experiments run by Romain Dolbeau <romain.dolbeau@atos.net>. Kudos! Reviewed-by: Rich Salz <rsalz@openssl.org>
* x86_64 assembly pack: fill some blanks in Ryzen results.Andy Polyakov2017-07-031-1/+1
| | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
* Remove filename argument to x86 asm_init.David Benjamin2017-05-113-3/+3
| | | | | | | | | | | | | | | The assembler already knows the actual path to the generated file and, in other perlasm architectures, is left to manage debug symbols itself. Notably, in OpenSSL 1.1.x's new build system, which allows a separate build directory, converting .pl to .s as the scripts currently do result in the wrong paths. This also avoids inconsistencies from some of the files using $0 and some passing in the filename. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3431)
* More typo fixesFdaSilvaYY2017-03-291-2/+2
| | | | | | | | Fix some comments too [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3069)
* aes/asm/bsaes-armv7.pl: relax stack alignment requirement.Andy Polyakov2017-03-261-1/+1
| | | | | | | | | | | Even though Apple refers to Procedure Call Standard for ARM Architecture (AAPCS), they apparently adhere to custom version that doesn't follow stack alignment constraints in the said standard. [Why or why? If it's vendor lock-in thing, then it would be like worst spot ever.] And since bsaes-armv7 relied on standard alignment, it became problematic to execute the code on iOS. Reviewed-by: Rich Salz <rsalz@openssl.org>
* aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.Andy Polyakov2017-03-222-0/+2
| | | | | | | | Initial IV was disregarded on SHAEXT-capable processors. Amazingly enough bulk AES128-SHA* talk-to-yourself tests were passing. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2992)
* x86_64 assembly pack: add some Ryzen performance results.Andy Polyakov2017-03-221-0/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* aes/aes_x86core.c: clarify reference implementation status.Andy Polyakov2017-03-021-9/+8
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Clean up references to FIPSEmilia Kasper2017-02-281-4/+0
| | | | | | | | | | | This removes the fips configure option. This option is broken as the required FIPS code is not available. FIPS_mode() and FIPS_mode_set() are retained for compatibility, but FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to turn FIPS mode off. Reviewed-by: Stephen Henson <steve@openssl.org>
* Don't call memcpy if len is zero.Rich Salz2017-02-211-0/+3
| | | | | | | | | | | Prevent undefined behavior in CRYPTO_cbc128_encrypt: calling this function with the 'len' parameter being 0 would result in a memcpy where the source and destination parameters are the same, which is undefined behavior. Do same for AES_ige_encrypt. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2671)
* ARMv4 assembly pack: harmonize Thumb-ification of iOS build.Andy Polyakov2017-02-151-3/+6
| | | | | | | Three modules were left behind in a285992763f3961f69a8d86bf7dfff020a08cef9. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2617)
* aes/asm/*-x86_64.pl: add CFI annotations.Andy Polyakov2017-02-136-1/+446
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* x86_64 assembly pack: Win64 SEH face-lift.Andy Polyakov2017-02-064-258/+274
| | | | | | | | - harmonize handlers with guidelines and themselves; - fix some bugs in handlers; - add missing handlers in chacha and ecp_nistz256 modules; Reviewed-by: Rich Salz <rsalz@openssl.org>
* x86 assembly pack: update performance results.Andy Polyakov2016-12-191-0/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* PPC assembler pack: add some PPC970/G5 performance data.Andy Polyakov2016-11-111-1/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* aes/asm/aesp8-ppc.pl: improve [backward] portability.Andy Polyakov2016-11-101-1/+1
| | | | | | | | Some of stone-age assembler can't cope with r0 in address. It's actually sensible thing to do, because r0 is shunted to 0 in address arithmetic and by refusing r0 assembler effectively makes you understand that. Reviewed-by: Rich Salz <rsalz@openssl.org>
* x86_64 assembly pack: add Goldmont performance results.Andy Polyakov2016-10-243-0/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix strict-warnings buildPatrick Steuer2016-10-181-4/+4
| | | | | | | | | | | | | | | | | crypto/evp/e_aes.c: Types of inp and out parameters of AES_xts_en/decrypt functions need to be changed from char to unsigned char to avoid build error due to '-Werror=incompatible-pointer-types'. crypto/aes/asm/aes-s390x.pl: Comments need to reflect the above change. Signed-off-by: Patrick Steuer <psteuer@mail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> CLA: trivial
* Remove trailing whitespace from some files.David Benjamin2016-10-1117-71/+71
| | | | | | | | | | | | | | | | | | The prevailing style seems to not have trailing whitespace, but a few lines do. This is mostly in the perlasm files, but a few C files got them after the reformat. This is the result of: find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//' find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//' find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//' Then bn_prime.h was excluded since this is a generated file. Note mkerr.pl has some changes in a heredoc for some help output, but other lines there lack trailing whitespace too. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* MIPS assembly pack: adapt it for MIPS[32|64]R6.Andy Polyakov2016-09-022-22/+66
| | | | | | | | | MIPS[32|64]R6 is binary and source incompatible with previous MIPS ISA specifications. Fortunately it's still possible to resolve differences in source code with standard pre-processor and switching to trap-free version of addition and subtraction instructions. Reviewed-by: Richard Levitte <levitte@openssl.org>
* ARMv8 assembly pack: add Samsung Mongoose results.Andy Polyakov2016-08-162-0/+2
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* spelling fixes, just comments and readme.klemens2016-08-064-4/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)
* Fix a few if(, for(, while( inside code.FdaSilvaYY2016-07-201-4/+4
| | | | | | | Fix some indentation at the same time Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1292)
* aes/asm/aesfx-sparcv9.pl: switch to fshiftorx to improve single-blockAndy Polyakov2016-07-161-124/+226
| | | | | | | | and short-input performance. [Fix bug in misaligned output handling.] Reviewed-by: Richard Levitte <levitte@openssl.org>
* SPARC assembly pack: enforce V8+ ABI constraints.Andy Polyakov2016-07-161-8/+11
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* aes/asm/aesfx-sparcv9.pl: add "teaser" CBC and CTR subroutines.Andy Polyakov2016-07-161-28/+747
| | | | | | [Also optimize aligaddr usage in single-block subroutines.] Reviewed-by: Rich Salz <rsalz@openssl.org>
* Whitespace cleanup in cryptoFdaSilvaYY2016-06-292-6/+6
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)