| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Add detection of Multi-Precision Add-Carry Instruction Extensions on amd64.
s2n-bignum provides a number of fast multiplication routines that can
leverage these instructions.
ok tb@
|
| |
|
|
|
|
| |
There are no more consumers of crypto_cpu_caps_ia32(), so remove it.
ok bcook@ joshua@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
Make aes_ecb_encrypt_internal() replaceable and provide machine dependent
versions for amd64 and i386, which dispatch to AES-NI if appropriate.
Remove the AES-NI specific EVP methods for ECB.
This removes the last of the machine dependent code from EVP AES.
ok bcook@ joshua@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mode implementation for CCM has two variants - one takes the block
function, while the other takes a "ccm64" function. The latter is expected
to handle the lower 64 bits of the IV/counter but only for 16 byte blocks.
The AES-NI implementation for CCM currently uses the second variant.
Provide aes_ccm64_encrypt_internal() as a function that can be replaced on
a machine dependent basis, along with an aes_ccm64_encrypt_generic()
function that provides the default implementation and can be used as a
fallback. Wire up the AES-NI version for amd64 and i386, change EVP's
aes_ccm_cipher() to use CRYPTO_ctr128_{en,de}crypt_ccm64() with
aes_ccm64_encrypt_internal()) and remove the various AES-NI specific
EVP_CIPHER methods for CCM.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Provide aes_xts_encrypt_internal() and call that from aes_xts_cipher().
Have amd64 and i386 provide their own versions that dispatch to
aesni_xts_encrypt()/aesni_xts_decrypt() as appropriate. The
AESNI_CAPABLE code and methods can then be removed.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Provide gcm128_amd64.c and gcm128_i386.c, which contain the appropriate
gcm128 initialisation and CPU feature tests for the respective platform.
This allows for all of the #define spagetti to be removed from gcm128.c
and removes one of the two remaining consumers of crypto_cpu_caps_ia32().
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mode implementation for CTR has two variants - one takes the block
function, while the other takes a "ctr32" function. The latter is expected
to handle the lower 32 bits of the IV/counter, but is not expected to
handle overflow. The AES-NI implementation for CTR currently uses the
second variant.
Provide aes_ctr32_encrypt_internal() as a function that can be replaced on
a machine dependent basis, along with an aes_ctr32_encrypt_generic()
function that provides the default implementation and can be used as a
fallback. Wire up the AES-NI version for amd64 and i386, change
AES_ctr128_encrypt() to use CRYPTO_ctr128_encrypt_ctr32() (which calls
aes_ctr32_encrypt_internal()) and remove the various AES-NI specific
EVP_CIPHER methods for CTR.
Callers of AES_ctr128_encrypt() will now use AES-NI, if available.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, SHA{1,256,512}_ASM defines are used to remove the C
implementation of sha{1,256,512}_block_data_order() when it is provided
by assembly. However, this prevents the C implementation from being used
as a fallback.
Rename the C sha*_block_data_order() to sha*_block_generic() and provide
a sha*_block_data_order() that calls sha*_block_generic(). Replace the
Makefile based SHA*_ASM defines with two HAVE_SHA_* defines that allow
these functions to be compiled in or removed, such that machine specific
verisons can be provided. This should effectively be a no-op on any
platform that defined SHA{1,256,512}_ASM.
ok tb@
|
| |
|
|
|
|
|
| |
This also provides a crypto_cpu_caps_amd64 variable that can be checked
for CRYPTO_CPU_CAPS_AMD64_SHA.
ok tb@
|
| |
|
|
|
|
| |
Move the IA32 specific code to arch/{amd64,i386}/crypto_cpu_caps.c, rather
than polluting cryptlib.c with machine dependent code. A stub version of
crypto_cpu_caps_ia32() still remains for now.
|
| |
|
|
|
|
|
|
|
|
|
| |
This is a CPU capability detection implementation in C, with minimal
inline assembly (for cpuid and xgetbv). This replaces the assembly
mess generated by x86_64cpuid.pl. Rather than populating OPENSSL_ia32cap_P
directly with CPUID output, just set the bits that the remaining
perlasm checks (namely AESNI, AVX, FXSR, INTEL, HT, MMX, PCLMUL, SSE, SSE2
and SSSE3).
ok joshua@ tb@
|
|
|
Provide a per architecture crypto_arch.h - this will be used in a similar
manner to bn_arch.h and will allow for architecture specific #defines and
static inline functions. Move the HAVE_AES_* and HAVE_RC4_* defines here.
ok tb@
|
