openbsd/src/lib/libcrypto/bn/arch/amd64, branch OPENBSD_7

openbsd/src/lib/libcrypto/bn/arch/amd64, branch OPENBSD_7_4 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_4 2023-06-24T16:01:44+00:00 Rewrite and simplify bn_sqr()/bn_sqr_normal(). 2023-06-24T16:01:44+00:00 jsing 2023-06-24T16:01:44+00:00 urn:sha1:3180c8185bba7d792127e1b9bc87f11e439ba0fb Rework bn_sqr()/bn_sqr_normal() so that it is less convoluted and more readable. Instead of recomputing values that the caller has already computed, pass it as an argument. Avoid branching and remove duplication of variables. Consistently use a_len and r_len naming for lengths. ok tb@ Add endbr64 where needed by inspection. Passes regresson tests. 2023-04-25T04:42:26+00:00 deraadt 2023-04-25T04:42:26+00:00 urn:sha1:f56bc15e44b93e564d434a7d0b5c8f837812aac3 ok jsing, and kind of tb an earlier version Rework bn_add()/bn_sub() to operate on word arrays. 2023-02-22T05:46:37+00:00 jsing 2023-02-22T05:46:37+00:00 urn:sha1:b78cccc526d31cefe3af77cef6ddab0981e8a45b Rather than working on BIGNUMs, change bn_add()/bn_sub() to operate on word arrays that potentially differ in length. This matches the behaviour of s2n-bignum's bignum_add() and bignum_sub(). ok tb@ Enable s2n-bignum word_clz() on amd64. 2023-02-16T11:13:05+00:00 jsing 2023-02-16T11:13:05+00:00 urn:sha1:02f91f3325f965a313f0cffe5053a084d05a84ea The BN_num_bits_word() function is a hot path, being called more than 80 million times during a libcrypto regress run. The word_clz() implementation uses five instructions to do the same as the generic code that uses more than 60 instructions. Discussed with tb@ Change include from _internal_s2n_bignum.h to s2n_bignum_internal.h. 2023-02-16T10:54:20+00:00 jsing 2023-02-16T10:54:20+00:00 urn:sha1:95c0ed9385b76741de79e6270c2ff6c36a289b02 Include the ISC license from s2n-bignum's LICENSE file. 2023-02-16T10:53:18+00:00 jsing 2023-02-16T10:53:18+00:00 urn:sha1:d35b9335195e893a1f5798a0928ff46db9c39e43 Bring in word_clz.S from s2n-bignum for amd64. 2023-02-16T10:51:58+00:00 jsing 2023-02-16T10:51:58+00:00 urn:sha1:f483fe7409c6e019825355a40d8dca761bb5d6d3 Rename bn_umul_hilo() to bn_mulw(). 2023-02-16T10:41:03+00:00 jsing 2023-02-16T10:41:03+00:00 urn:sha1:b11f50c06cb0a98a91ab4cbfb49715c95ee07486 This keeps the naming consistent with the other bignum primitives that have been recently introduced. Also, use 1/0 intead of h/l (e.g. a1 instead of ah), as this keeps consistency with other primitives and allows for naming that works with double word, triple word and quadruple word inputs/outputs. Discussed with tb@ Remove bn_sqr_words() on amd64. 2023-02-04T14:00:18+00:00 jsing 2023-02-04T14:00:18+00:00 urn:sha1:aaf5516f11bba33217f3fa07b497d5b1dc0158d1 s2n-bignum's bignum_sqr() is not the same as bn_sqr_words() (which only computes a partial result, unlike the former). This went unnoticed since bn_sqr() is called directly on amd64, hence bn_sqr_words() is currently unused. Refactor BN_uadd() and BN_usub(). 2023-02-02T18:39:26+00:00 jsing 2023-02-02T18:39:26+00:00 urn:sha1:6dde0660e73e2597e14e06a5b2d1c9b84bf66d89 Unlike bn_add_words()/bn_sub_words(), the s2n-bignum bignum_add() and bignum_sub() functions correctly handle inputs with differing word lengths. This means that they can be called directly, without needing to fix up any remaining words manually. Split BN_uadd() in two - the default bn_add() implementation calls bn_add_words(), before handling the carry for any remaining words. Likewise split BN_usub() in two - the default bn_sub() implementation calls bn_sub_words(), before handling the borrow for any remaining words. On amd64, provide an implementation of bn_add() that calls s2n-bignum's bignum_add() directly, similarly with an implementation of bn_sub() that calls s2n-bignum's bignum_sub() directly. ok tb@