#
2a53df69 |
| 09-Sep-2024 |
Gerd Hoffmann |
fix small footprint builds on arm Building with '-D OPENSSL_SMALL_FOOTPRINT' for aarch64 fails due to 'gcm_ghash_4bit' being undeclared. Fix that by not setting the function pointer
fix small footprint builds on arm Building with '-D OPENSSL_SMALL_FOOTPRINT' for aarch64 fails due to 'gcm_ghash_4bit' being undeclared. Fix that by not setting the function pointer when building with OPENSSL_SMALL_FOOTPRINT, matching openssl behavior on x86. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25419)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
df04e817 |
| 09-Jan-2024 |
barracuda156 |
aes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64 Current PowerPC-related defines omit Darwin ppc64 case. Use __POWERPC__ in place of __ppc__ + __ppc64__ Fixes #232
aes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64 Current PowerPC-related defines omit Darwin ppc64 case. Use __POWERPC__ in place of __ppc__ + __ppc64__ Fixes #23220 CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23245)
show more ...
|
#
3645eb0b |
| 28-Sep-2023 |
Jerry Shih |
Update for Zvkb extension. https://github.com/riscv/riscv-crypto/blob/c8ddeb7e64a3444dda0438316af1238aeed72041/doc/vector/riscv-crypto-vector-zvkb.adoc Create `RISCV_HAS_ZVKB()` macro.
Update for Zvkb extension. https://github.com/riscv/riscv-crypto/blob/c8ddeb7e64a3444dda0438316af1238aeed72041/doc/vector/riscv-crypto-vector-zvkb.adoc Create `RISCV_HAS_ZVKB()` macro. Use zvkb for SM4 instead of zvbb. Use zvkb for ghash instead of zvbb. We could just use the zvbb's subset `zvkb` for flexibility. Signed-off-by: Jerry Shih <jerry.shih@sifive.com> Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21923)
show more ...
|
#
5191bcc8 |
| 18-Jan-2023 |
Christoph Müllner |
riscv: GCM: Provide a Zvkg-based implementation The upcoming RISC-V vector crypto extensions feature a Zvkg extension, that provides a vghmac.vv instruction. This patch provides an i
riscv: GCM: Provide a Zvkg-based implementation The upcoming RISC-V vector crypto extensions feature a Zvkg extension, that provides a vghmac.vv instruction. This patch provides an implementation that utilizes this extension if available. Tested on QEMU and no regressions observed. Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21923)
show more ...
|
#
003f5698 |
| 18-Jan-2023 |
Christoph Müllner |
riscv: GCM: Provide a Zvbb/Zvbc-based implementation The RISC-V vector crypto extensions features a Zvbc extension that provides a carryless multiplication ('vclmul.vv') instruction.
riscv: GCM: Provide a Zvbb/Zvbc-based implementation The RISC-V vector crypto extensions features a Zvbc extension that provides a carryless multiplication ('vclmul.vv') instruction. This patch provides an implementation that utilizes this extension if available. Tested on QEMU and no regressions observed. Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21923)
show more ...
|
#
636ee1d0 |
| 07-Aug-2023 |
Evgeny Karpov |
* Enable extra Arm64 optimization on Windows for GHASH, RAND and AES Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https:/
* Enable extra Arm64 optimization on Windows for GHASH, RAND and AES Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21673)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
eb4129e1 |
| 09-May-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
Fix typos found by codespell Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (M
Fix typos found by codespell Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20910)
show more ...
|
#
f3fed0d5 |
| 18-Jan-2023 |
Christoph Müllner |
riscv: GCM: Implement GHASH() RISC-V currently only offers a GMULT() callback for accelerated processing. Let's implement the missing piece to have GHASH() available as well. Like GM
riscv: GCM: Implement GHASH() RISC-V currently only offers a GMULT() callback for accelerated processing. Let's implement the missing piece to have GHASH() available as well. Like GMULT(), we provide a variant for systems with the Zbkb extension (including brev8). The integration follows the existing pattern for GMULT() in RISC-V. We keep the C implementation as we need to decide if we can call an optimized routine at run-time. The C implementation is the fall-back in case we don't have any extensions available that can be used to accelerate the calculation. Tested with all combinations of possible extensions on QEMU (limiting the available instructions accordingly). No regressions observed. Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20078)
show more ...
|
#
b2468436 |
| 18-Jan-2023 |
Christoph Müllner |
riscv: GCM: Simplify GCM calculation The existing GCM calculation provides some potential for further optimizations. Let's use the demo code from the RISC-V cryptography extension gr
riscv: GCM: Simplify GCM calculation The existing GCM calculation provides some potential for further optimizations. Let's use the demo code from the RISC-V cryptography extension groups (https://github.com/riscv/riscv-crypto), which represents the extension architect's intended use of the clmul instruction. The GCM calculation depends on bit and byte reversal. Therefore, we use the corresponding instructions to do that (if available at run-time). The resulting computation becomes quite compact and passes all tests. Note, that a side-effect of this change is a reduced register usage in .gmult(), which opens the door for an efficient .ghash() implementation. Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20078)
show more ...
|
#
86c69fe8 |
| 17-Jan-2023 |
Christoph Müllner |
riscv: Clean up extension test macros In RISC-V we have multiple extensions, that can be used to accelerate processing. The known extensions are defined in riscv_arch.def. From t
riscv: Clean up extension test macros In RISC-V we have multiple extensions, that can be used to accelerate processing. The known extensions are defined in riscv_arch.def. From that file test functions of the following form are generated: RISCV_HAS_$ext(). In recent commits new ways to define the availability of these test macros have been defined. E.g.: #define RV32I_ZKND_ZKNE_CAPABLE \ (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) [...] #define RV64I_ZKND_ZKNE_CAPABLE \ (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) This leaves us with two different APIs to test capabilities. Further, creating the same macros for RV32 and RV64 results in duplicated code (see example above). This inconsistent situation makes it hard to integrate further code. So let's clean this up with the following steps: * Replace RV32I_* and RV64I_* macros by RICSV_HAS_* macros * Move all test macros into riscv_arch.h * Use "AND" and "OR" to combine tests with more than one extension * Rename include files for accelerated processing (remove extension postfix). We end up with compile time tests for RV32/RV64 and run-time tests for available extensions. Adding new routines (e.g. for vector crypto instructions) should be straightforward. Testing showed no regressions. Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20078)
show more ...
|
#
be0161ff |
| 14-Nov-2022 |
Tomas Mraz |
gcm_get_funcs(): Add missing fallback for ghash on x86_64 Fixes #19673 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from
gcm_get_funcs(): Add missing fallback for ghash on x86_64 Fixes #19673 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19674)
show more ...
|
#
0113ec84 |
| 28-Apr-2022 |
Todd Short |
Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement
Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in #16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18693)
show more ...
|
#
186be8ed |
| 28-Jul-2022 |
Tomas Mraz |
Fix regression from GCM mode refactoring Fixes #18896 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/
Fix regression from GCM mode refactoring Fixes #18896 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18903)
show more ...
|
#
48e35b99 |
| 25-Jul-2022 |
Juergen Christ |
s390x: Fix GCM setup Rework of GCM code did not include s390x causing NULL pointer dereferences on GCM operations other than AES-GCM on platforms that support kma. Fix this by a pro
s390x: Fix GCM setup Rework of GCM code did not include s390x causing NULL pointer dereferences on GCM operations other than AES-GCM on platforms that support kma. Fix this by a proper setup of the function pointers. Fixes: 92c9086e5c2b ("Use separate function to get GCM functions") Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18862)
show more ...
|
#
d50e0934 |
| 20-Jul-2022 |
Todd Short |
Clean up GCM_MUL and remove GCM_FUNCREF_4BIT Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Clean up GCM_MUL and remove GCM_FUNCREF_4BIT Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
show more ...
|
#
95201ef4 |
| 20-Jul-2022 |
Todd Short |
Clean up use of GHASH macro Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
|
#
92c9086e |
| 20-Jul-2022 |
Todd Short |
Use separate function to get GCM functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Use separate function to get GCM functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
show more ...
|
#
7da952bc |
| 20-Jul-2022 |
Todd Short |
Remove some unused 4bit GCM code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
|
#
7b6e19fc |
| 20-Jul-2022 |
Todd Short |
Remove unused 1bit GCM implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1883
Remove unused 1bit GCM implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
show more ...
|
#
a8b5128f |
| 20-Jul-2022 |
Todd Short |
Remove unused 8bit GCM implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1883
Remove unused 8bit GCM implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
show more ...
|
#
36c269c3 |
| 15-May-2022 |
Daniel Fiala |
Change loops conditions to make zero loop risk more obvious. Fixes openssl#18073. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Rev
Change loops conditions to make zero loop risk more obvious. Fixes openssl#18073. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18327)
show more ...
|
#
999376dc |
| 28-Jan-2022 |
Henry Brausen |
Add clmul-based gmult for riscv64 with Zbb, Zbc ghash-riscv64.pl implements 128-bit galois field multiplication for use in the GCM mode using RISC-V carryless multiplication primitives.
Add clmul-based gmult for riscv64 with Zbb, Zbc ghash-riscv64.pl implements 128-bit galois field multiplication for use in the GCM mode using RISC-V carryless multiplication primitives. The clmul-accelerated routine can be selected by setting the Zbb and Zbc bits of the OPENSSL_riscvcap environment variable at runtime. Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu> Signed-off-by: Henry Brausen <henry.brausen@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17640)
show more ...
|
#
52f7e44e |
| 07-Jul-2021 |
Tomas Mraz |
Split bignum code out of the sparcv9cap.c Fixes #15978 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16019)
|