openbsd/src/lib/libcrypto/bn/arch/amd64, branch OPENBSD_7_3

openbsd/src/lib/libcrypto/bn/arch/amd64, branch OPENBSD_7_3_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_3_BASE 2023-02-22T05:46:37+00:00 Rework bn_add()/bn_sub() to operate on word arrays. 2023-02-22T05:46:37+00:00 jsing 2023-02-22T05:46:37+00:00 urn:sha1:b78cccc526d31cefe3af77cef6ddab0981e8a45b Rather than working on BIGNUMs, change bn_add()/bn_sub() to operate on word arrays that potentially differ in length. This matches the behaviour of s2n-bignum's bignum_add() and bignum_sub(). ok tb@ Enable s2n-bignum word_clz() on amd64. 2023-02-16T11:13:05+00:00 jsing 2023-02-16T11:13:05+00:00 urn:sha1:02f91f3325f965a313f0cffe5053a084d05a84ea The BN_num_bits_word() function is a hot path, being called more than 80 million times during a libcrypto regress run. The word_clz() implementation uses five instructions to do the same as the generic code that uses more than 60 instructions. Discussed with tb@ Change include from _internal_s2n_bignum.h to s2n_bignum_internal.h. 2023-02-16T10:54:20+00:00 jsing 2023-02-16T10:54:20+00:00 urn:sha1:95c0ed9385b76741de79e6270c2ff6c36a289b02 Include the ISC license from s2n-bignum's LICENSE file. 2023-02-16T10:53:18+00:00 jsing 2023-02-16T10:53:18+00:00 urn:sha1:d35b9335195e893a1f5798a0928ff46db9c39e43 Bring in word_clz.S from s2n-bignum for amd64. 2023-02-16T10:51:58+00:00 jsing 2023-02-16T10:51:58+00:00 urn:sha1:f483fe7409c6e019825355a40d8dca761bb5d6d3 Rename bn_umul_hilo() to bn_mulw(). 2023-02-16T10:41:03+00:00 jsing 2023-02-16T10:41:03+00:00 urn:sha1:b11f50c06cb0a98a91ab4cbfb49715c95ee07486 This keeps the naming consistent with the other bignum primitives that have been recently introduced. Also, use 1/0 intead of h/l (e.g. a1 instead of ah), as this keeps consistency with other primitives and allows for naming that works with double word, triple word and quadruple word inputs/outputs. Discussed with tb@ Remove bn_sqr_words() on amd64. 2023-02-04T14:00:18+00:00 jsing 2023-02-04T14:00:18+00:00 urn:sha1:aaf5516f11bba33217f3fa07b497d5b1dc0158d1 s2n-bignum's bignum_sqr() is not the same as bn_sqr_words() (which only computes a partial result, unlike the former). This went unnoticed since bn_sqr() is called directly on amd64, hence bn_sqr_words() is currently unused. Refactor BN_uadd() and BN_usub(). 2023-02-02T18:39:26+00:00 jsing 2023-02-02T18:39:26+00:00 urn:sha1:6dde0660e73e2597e14e06a5b2d1c9b84bf66d89 Unlike bn_add_words()/bn_sub_words(), the s2n-bignum bignum_add() and bignum_sub() functions correctly handle inputs with differing word lengths. This means that they can be called directly, without needing to fix up any remaining words manually. Split BN_uadd() in two - the default bn_add() implementation calls bn_add_words(), before handling the carry for any remaining words. Likewise split BN_usub() in two - the default bn_sub() implementation calls bn_sub_words(), before handling the borrow for any remaining words. On amd64, provide an implementation of bn_add() that calls s2n-bignum's bignum_add() directly, similarly with an implementation of bn_sub() that calls s2n-bignum's bignum_sub() directly. ok tb@ Provide inline assembly versions of bn_umul_hilo() for aarch64/amd64/i386. 2023-01-31T05:53:49+00:00 jsing 2023-01-31T05:53:49+00:00 urn:sha1:9c88ed4a67c87199cab1e4e10e846c1fccef4069 ok tb@ Use s2n-bignum assembly implementations for libcrypto bignum on amd64. 2023-01-29T14:00:41+00:00 jsing 2023-01-29T14:00:41+00:00 urn:sha1:4e1fab63a267fba43456f4cf3909f8d17ca6aee7 This switches the core bignum assembly implementations from x86_64-gcc.c to s2n-bignum for amd64. ok miod@ tb@