History log of /openssl/crypto/modes/gcm128.c (Results 1 – 25 of 102)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 2a53df69 09-Sep-2024 Gerd Hoffmann

fix small footprint builds on arm

Building with '-D OPENSSL_SMALL_FOOTPRINT' for aarch64 fails due to
'gcm_ghash_4bit' being undeclared. Fix that by not setting the function
pointer

fix small footprint builds on arm

Building with '-D OPENSSL_SMALL_FOOTPRINT' for aarch64 fails due to
'gcm_ghash_4bit' being undeclared. Fix that by not setting the function
pointer when building with OPENSSL_SMALL_FOOTPRINT, matching openssl
behavior on x86.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25419)

show more ...


# b6461792 20-Mar-2024 Richard Levitte

Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Lan

Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)

show more ...


# df04e817 09-Jan-2024 barracuda156

aes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64

Current PowerPC-related defines omit Darwin ppc64 case.
Use __POWERPC__ in place of __ppc__ + __ppc64__
Fixes #232

aes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64

Current PowerPC-related defines omit Darwin ppc64 case.
Use __POWERPC__ in place of __ppc__ + __ppc64__
Fixes #23220

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23245)

show more ...


# 3645eb0b 28-Sep-2023 Jerry Shih

Update for Zvkb extension.

https://github.com/riscv/riscv-crypto/blob/c8ddeb7e64a3444dda0438316af1238aeed72041/doc/vector/riscv-crypto-vector-zvkb.adoc
Create `RISCV_HAS_ZVKB()` macro.

Update for Zvkb extension.

https://github.com/riscv/riscv-crypto/blob/c8ddeb7e64a3444dda0438316af1238aeed72041/doc/vector/riscv-crypto-vector-zvkb.adoc
Create `RISCV_HAS_ZVKB()` macro.
Use zvkb for SM4 instead of zvbb.
Use zvkb for ghash instead of zvbb.
We could just use the zvbb's subset `zvkb` for flexibility.

Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)

show more ...


# 5191bcc8 18-Jan-2023 Christoph Müllner

riscv: GCM: Provide a Zvkg-based implementation

The upcoming RISC-V vector crypto extensions feature
a Zvkg extension, that provides a vghmac.vv instruction.
This patch provides an i

riscv: GCM: Provide a Zvkg-based implementation

The upcoming RISC-V vector crypto extensions feature
a Zvkg extension, that provides a vghmac.vv instruction.
This patch provides an implementation that utilizes this
extension if available.

Tested on QEMU and no regressions observed.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)

show more ...


# 003f5698 18-Jan-2023 Christoph Müllner

riscv: GCM: Provide a Zvbb/Zvbc-based implementation

The RISC-V vector crypto extensions features a Zvbc extension
that provides a carryless multiplication ('vclmul.vv') instruction.

riscv: GCM: Provide a Zvbb/Zvbc-based implementation

The RISC-V vector crypto extensions features a Zvbc extension
that provides a carryless multiplication ('vclmul.vv') instruction.
This patch provides an implementation that utilizes this
extension if available.

Tested on QEMU and no regressions observed.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)

show more ...


# 636ee1d0 07-Aug-2023 Evgeny Karpov

* Enable extra Arm64 optimization on Windows for GHASH, RAND and AES

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/

* Enable extra Arm64 optimization on Windows for GHASH, RAND and AES

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21673)

show more ...


# da1c088f 07-Sep-2023 Matt Caswell

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes


# eb4129e1 09-May-2023 Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>

Fix typos found by codespell

Typos in doc/man* will be fixed in a different commit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(M

Fix typos found by codespell

Typos in doc/man* will be fixed in a different commit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20910)

show more ...


# f3fed0d5 18-Jan-2023 Christoph Müllner

riscv: GCM: Implement GHASH()

RISC-V currently only offers a GMULT() callback for accelerated
processing. Let's implement the missing piece to have GHASH()
available as well. Like GM

riscv: GCM: Implement GHASH()

RISC-V currently only offers a GMULT() callback for accelerated
processing. Let's implement the missing piece to have GHASH()
available as well. Like GMULT(), we provide a variant for
systems with the Zbkb extension (including brev8).

The integration follows the existing pattern for GMULT()
in RISC-V. We keep the C implementation as we need to decide
if we can call an optimized routine at run-time.
The C implementation is the fall-back in case we don't have
any extensions available that can be used to accelerate
the calculation.

Tested with all combinations of possible extensions
on QEMU (limiting the available instructions accordingly).
No regressions observed.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20078)

show more ...


# b2468436 18-Jan-2023 Christoph Müllner

riscv: GCM: Simplify GCM calculation

The existing GCM calculation provides some potential
for further optimizations. Let's use the demo code
from the RISC-V cryptography extension gr

riscv: GCM: Simplify GCM calculation

The existing GCM calculation provides some potential
for further optimizations. Let's use the demo code
from the RISC-V cryptography extension groups
(https://github.com/riscv/riscv-crypto), which represents
the extension architect's intended use of the clmul instruction.

The GCM calculation depends on bit and byte reversal.
Therefore, we use the corresponding instructions to do that
(if available at run-time).

The resulting computation becomes quite compact and passes
all tests.

Note, that a side-effect of this change is a reduced register
usage in .gmult(), which opens the door for an efficient .ghash()
implementation.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20078)

show more ...


# 86c69fe8 17-Jan-2023 Christoph Müllner

riscv: Clean up extension test macros

In RISC-V we have multiple extensions, that can be
used to accelerate processing.
The known extensions are defined in riscv_arch.def.
From t

riscv: Clean up extension test macros

In RISC-V we have multiple extensions, that can be
used to accelerate processing.
The known extensions are defined in riscv_arch.def.
From that file test functions of the following
form are generated: RISCV_HAS_$ext().

In recent commits new ways to define the availability
of these test macros have been defined. E.g.:
#define RV32I_ZKND_ZKNE_CAPABLE \
(RISCV_HAS_ZKND() && RISCV_HAS_ZKNE())
[...]
#define RV64I_ZKND_ZKNE_CAPABLE \
(RISCV_HAS_ZKND() && RISCV_HAS_ZKNE())

This leaves us with two different APIs to test capabilities.
Further, creating the same macros for RV32 and RV64 results
in duplicated code (see example above).

This inconsistent situation makes it hard to integrate
further code. So let's clean this up with the following steps:
* Replace RV32I_* and RV64I_* macros by RICSV_HAS_* macros
* Move all test macros into riscv_arch.h
* Use "AND" and "OR" to combine tests with more than one extension
* Rename include files for accelerated processing (remove extension
postfix).

We end up with compile time tests for RV32/RV64 and run-time tests
for available extensions. Adding new routines (e.g. for vector crypto
instructions) should be straightforward.

Testing showed no regressions.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20078)

show more ...


# be0161ff 14-Nov-2022 Tomas Mraz

gcm_get_funcs(): Add missing fallback for ghash on x86_64

Fixes #19673

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from

gcm_get_funcs(): Add missing fallback for ghash on x86_64

Fixes #19673

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19674)

show more ...


# 0113ec84 28-Apr-2022 Todd Short

Implement AES-GCM-SIV (RFC8452)

Fixes #16721

This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could
not get AES-CTR to work as-is), and GHASH to implement

Implement AES-GCM-SIV (RFC8452)

Fixes #16721

This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could
not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally,
there would be separate polyval assembly implementation(s), but the only one
I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed.

This implementation lives only in the default provider; there is no legacy
implementation.

The code offered in #16721 is not used; that implementation sits on top of
OpenSSL, this one is embedded inside OpenSSL.

Full test vectors from RFC8452 are included, except the 0 length plaintext;
that is not supported; and I'm not sure it's worthwhile to do so.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18693)

show more ...


# 186be8ed 28-Jul-2022 Tomas Mraz

Fix regression from GCM mode refactoring

Fixes #18896

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/

Fix regression from GCM mode refactoring

Fixes #18896

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18903)

show more ...


# 48e35b99 25-Jul-2022 Juergen Christ

s390x: Fix GCM setup

Rework of GCM code did not include s390x causing NULL pointer dereferences on
GCM operations other than AES-GCM on platforms that support kma. Fix this by
a pro

s390x: Fix GCM setup

Rework of GCM code did not include s390x causing NULL pointer dereferences on
GCM operations other than AES-GCM on platforms that support kma. Fix this by
a proper setup of the function pointers.

Fixes: 92c9086e5c2b ("Use separate function to get GCM functions")

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18862)

show more ...


# d50e0934 20-Jul-2022 Todd Short

Clean up GCM_MUL and remove GCM_FUNCREF_4BIT

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pu

Clean up GCM_MUL and remove GCM_FUNCREF_4BIT

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)

show more ...


# 95201ef4 20-Jul-2022 Todd Short

Clean up use of GHASH macro

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)


# 92c9086e 20-Jul-2022 Todd Short

Use separate function to get GCM functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Use separate function to get GCM functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)

show more ...


# 7da952bc 20-Jul-2022 Todd Short

Remove some unused 4bit GCM code

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)


# 7b6e19fc 20-Jul-2022 Todd Short

Remove unused 1bit GCM implementation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1883

Remove unused 1bit GCM implementation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)

show more ...


# a8b5128f 20-Jul-2022 Todd Short

Remove unused 8bit GCM implementation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1883

Remove unused 8bit GCM implementation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)

show more ...


# 36c269c3 15-May-2022 Daniel Fiala

Change loops conditions to make zero loop risk more obvious.

Fixes openssl#18073.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Rev

Change loops conditions to make zero loop risk more obvious.

Fixes openssl#18073.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18327)

show more ...


# 999376dc 28-Jan-2022 Henry Brausen

Add clmul-based gmult for riscv64 with Zbb, Zbc

ghash-riscv64.pl implements 128-bit galois field multiplication for
use in the GCM mode using RISC-V carryless multiplication primitives.

Add clmul-based gmult for riscv64 with Zbb, Zbc

ghash-riscv64.pl implements 128-bit galois field multiplication for
use in the GCM mode using RISC-V carryless multiplication primitives.

The clmul-accelerated routine can be selected by setting the Zbb and
Zbc bits of the OPENSSL_riscvcap environment variable at runtime.

Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)

show more ...


# 52f7e44e 07-Jul-2021 Tomas Mraz

Split bignum code out of the sparcv9cap.c

Fixes #15978

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16019)


12345