53 Commits (fd3ed85c67174a0d3b6639ba9b237351d1c2201f)

Author SHA1 Message Date
Matt Caswell 33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
3 years ago
David Benjamin a21314dbbc Also check for errors in x86_64-xlate.pl.
In https://github.com/openssl/openssl/pull/10883, I'd meant to exclude
the perlasm drivers since they aren't opening pipes and do not
particularly need it, but I only noticed x86_64-xlate.pl, so
arm-xlate.pl and ppc-xlate.pl got the change.

That seems to have been fine, so be consistent and also apply the change
to x86_64-xlate.pl. Checking for errors is generally a good idea.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
(Merged from https://github.com/openssl/openssl/pull/10930)
3 years ago
H.J. Lu 98ad3fe82b x86_64: Add endbranch at function entries for Intel CET
To support Intel CET, all indirect branch targets must start with
endbranch.  Here is a patch to add endbranch to function entries
in x86_64 assembly codes which are indirect branch targets as
discovered by running openssl testsuite on Intel CET machine and
visual inspection.

Verified with

$ CC="gcc -Wl,-z,cet-report=error" ./Configure shared linux-x86_64 -fcf-protection
$ make
$ make test


$ CC="gcc -mx32 -Wl,-z,cet-report=error" ./Configure shared linux-x32 -fcf-protection
$ make
$ make test # <<< passed with https://github.com/openssl/openssl/pull/10988

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10982)
3 years ago
David Benjamin 32be631ca1 Do not silently truncate files on perlasm errors
If one of the perlasm xlate drivers crashes, OpenSSL's build will
currently swallow the error and silently truncate the output to however
far the driver got. This will hopefully fail to build, but better to
check such things.

Handle this by checking for errors when closing STDOUT (which is a pipe
to the xlate driver).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10883)
3 years ago
Bernd Edlinger 8913378a55 Fix unwind info for some trivial functions
While stack unwinding works with gdb here, the
function _Unwind_Backtrace gives up when something outside
.cfi_startproc/.cfi_endproc is found in the call stack, like
OPENSSL_cleanse, OPENSSL_atomic_add, OPENSSL_rdtsc, CRYPTO_memcmp
and other trivial functions which don't save anything in the stack.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10635)
4 years ago
Richard Levitte 1aa89a7a3a Unify all assembler file generators
They now generally conform to the following argument sequence:

    script.pl "$(PERLASM_SCHEME)" [ C preprocessor arguments ... ] \
              $(PROCESSOR) <output file>

However, in the spirit of being able to use these scripts manually,
they also allow for no argument, or for only the flavour, or for only
the output file.  This is done by only using the last argument as
output file if it's a file (it has an extension), and only using the
first argument as flavour if it isn't a file (it doesn't have an

While we're at it, we make all $xlate calls the same, i.e. the $output
argument is always quoted, and we always die on error when trying to
start $xlate.

There's a perl lesson in this, regarding operator priority...

This will always succeed, even when it fails:

    open FOO, "something" || die "ERR: $!";

The reason is that '||' has higher priority than list operators (a
function is essentially a list operator and gobbles up everything
following it that isn't lower priority), and since a non-empty string
is always true, so that ends up being exactly the same as:

    open FOO, "something";

This, however, will fail if "something" can't be opened:

    open FOO, "something" or die "ERR: $!";

The reason is that 'or' has lower priority that list operators,
i.e. it's performed after the 'open' call.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9884)
4 years ago
Richard Levitte 0e9725bcb9 Following the license change, modify the boilerplates in crypto/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7827)
5 years ago
Andy Polyakov 9a708bf982 {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp.
OPENSSL_memcmp is a must in GCM decrypt and general-purpose loop takes
quite a portion of execution time for short inputs, more than GHASH for
few-byte inputs according to profiler. Special 16-byte case takes it off
top five list in profiler output.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6312)
5 years ago
Bryan Donlan 082193ef2b Fix issues in ia32 RDRAND asm leading to reduced entropy
This patch fixes two issues in the ia32 RDRAND assembly code that result in a
(possibly significant) loss of entropy.

The first, less significant, issue is that, by returning success as 0 from
OPENSSL_ia32_rdrand() and OPENSSL_ia32_rdseed(), a subtle bias was introduced.
Specifically, because the assembly routine copied the remaining number of
retries over the result when RDRAND/RDSEED returned 'successful but zero', a
bias towards values 1-8 (primarily 8) was introduced.

The second, more worrying issue was that, due to a mixup in registers, when a
buffer that was not size 0 or 1 mod 8 was passed to OPENSSL_ia32_rdrand_bytes
or OPENSSL_ia32_rdseed_bytes, the last (n mod 8) bytes were all the same value.
This issue impacts only the 64-bit variant of the assembly.

This change fixes both issues by first eliminating the only use of
OPENSSL_ia32_rdrand, replacing it with OPENSSL_ia32_rdrand_bytes, and fixes the
register mixup in OPENSSL_ia32_rdrand_bytes. It also adds a sanity test for
OPENSSL_ia32_rdrand_bytes and OPENSSL_ia32_rdseed_bytes to help catch problems
of this nature in the future.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5342)
5 years ago
Andy Polyakov 7933762870 crypto/x86_64cpuid.pl: suppress AVX512F flag on Skylake-X.
It was observed that AVX512 code paths can negatively affect overall
Skylake-X system performance. But we are talking specifically about
512-bit code, while AVX512VL, 256-bit variant of AVX512F instructions,
is supposed to fly as smooth as AVX2. Which is why it remains unmasked.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4838)
6 years ago
Andy Polyakov 88ac224cda crypto/x86_64cpuid.pl: fix AVX512 capability masking.
Originally it was thought that it's possible to use AVX512VL+BW
instructions with XMM and YMM registers without kernel enabling
ZMM support, but it turned to be wrong assumption.

Reviewed-by: Rich Salz <rsalz@openssl.org>
6 years ago
Andy Polyakov d6ee8f3dc4 OPENSSL_ia32cap: reserve for new extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
6 years ago
David Benjamin d67e755418 Fix comment typo.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4023)
6 years ago
Andy Polyakov d84df59440 crypto/x86_64cpuid.pl: fix typo in Knights Landing detection.
Thanks to David Benjamin for spotting this!

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4009)
6 years ago
Andy Polyakov 64d92d7498 x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results.
"Optimize" is in quotes because it's rather a "salvage operation"
for now. Idea is to identify processor capability flags that
drive Knights Landing to suboptimial code paths and mask them.
Two flags were identified, XSAVE and ADCX/ADOX. Former affects
choice of AES-NI code path specific for Silvermont (Knights Landing
is of Silvermont "ancestry"). And 64-bit ADCX/ADOX instructions are
effectively mishandled at decode time. In both cases we are looking
at ~2x improvement.

AVX-512 results cover even Skylake-X :-)

Hardware used for benchmarking courtesy of Atos, experiments run by
Romain Dolbeau <romain.dolbeau@atos.net>. Kudos!

Reviewed-by: Rich Salz <rsalz@openssl.org>
6 years ago
Andy Polyakov 1aed5e1ac2 crypto/x86*cpuid.pl: move extended feature detection.
Exteneded feature flags were not pulled on AMD processors, as result
a number of extensions were effectively masked on Ryzen. Original fix
for x86_64cpuid.pl addressed this problem, but messed up processor
vendor detection. This fix moves extended feature detection past
basic feature detection where it belongs. 32-bit counterpart is
harmonized too.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
6 years ago
Andy Polyakov f8418d87e1 crypto/x86_64cpuid.pl: move extended feature detection upwards.
Exteneded feature flags were not pulled on AMD processors, as result a
number of extensions were effectively masked on Ryzen. It should have
been reported for Excavator since it implements AVX2 extension, but
apparently nobody noticed or cared...

Reviewed-by: Rich Salz <rsalz@openssl.org>
6 years ago
Andy Polyakov 5e32cfb2b6 crypto/x86_64cpuid.pl: add CFI annotations.
Reviewed-by: Rich Salz <rsalz@openssl.org>
6 years ago
Andy Polyakov 66bee01c82 crypto/x86_64cpuid.pl: detect if kernel preserves %zmm registers.
Reviewed-by: Rich Salz <rsalz@openssl.org>
6 years ago
Andy Polyakov 9c940446f6 crypto/x86[_64]cpuid.pl: add OPENSSL_ia32_rd[rand|seed]_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
Andy Polyakov cfe1d9929e x86_64 assembly pack: tolerate spaces in source directory name.
[as it is now quoting $output is not required, but done just in case]

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
Andy Polyakov e33826f01b Add assembly CRYPTO_memcmp.
GH: #102

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
Rich Salz e0a651945c Copyright consolidation: perl files
Add copyright to most .pl files
This does NOT cover any .pl file that has other copyright in it.
Most of those are Andy's but some are public domain.
Fix typo's in some existing files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
Andy Polyakov f4d456408d x86[_64]cpuid.pl: add low-level RDSEED. 9 years ago
Andy Polyakov 46bf83f07a x86_64 assembly pack: make Windows build more robust.
PR: 2963 and a number of others
11 years ago
Andy Polyakov c5cd28bd64 Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability. 11 years ago
Andy Polyakov 6251989eb6 x86_64 assembly pack: make it possible to compile with Perl located on
path with spaces.

PR: 2835
11 years ago
Andy Polyakov ff6f9f96fd cryptlib.c, etc.: fix linker warnings in 64-bit Darwin build. 12 years ago
Andy Polyakov 4d01f2761d x86_64cpuid.pl: fix typo. 12 years ago
Andy Polyakov 301799b803 x86[_64]cpuid.pl: add function accessing rdrand instruction. 12 years ago
Andy Polyakov 4bb90087d7 x86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30. 12 years ago
Andy Polyakov 2bc3ad28b3 x86_64cpuid.pl: get AVX masking right. 12 years ago
Andy Polyakov ddc20d4da9 x86_64cpuid.pl: allow shared build to work without -Bsymbolic.
PR: 2466
12 years ago
Andy Polyakov b906422149 x86[_64]cpuid.pl: handle new extensions. 12 years ago
Andy Polyakov 5fabb88a78 Multiple assembler packs: add experimental memory bus instrumentation. 12 years ago
Andy Polyakov 3efe51a407 Revert previous Linux-specific/centric commit#19629. If it really has to
be done, it's definitely not the way to do it. So far answer to the
question was to ./config -Wa,--noexecstack (adopted by RedHat).
13 years ago
Ben Laurie 0e3ef596e5 Non-executable stack in asm. 13 years ago
Andy Polyakov 1fd79f66ea x86_64cpuid.pl: ml64 is allergic to db on label line. 13 years ago
Andy Polyakov 7676eebf42 OPENSSL_cleanse to accept zero length parameter [matching C implementation]. 14 years ago
Andy Polyakov 761393bba7 x86[_64]cpuid.pl: further refine shared cache detection. 14 years ago
Andy Polyakov 5cd91b5055 x86_64cpuid.pl: refine shared cache detection logic. 14 years ago
Andy Polyakov aa8f38e49b x86_64 assembler pack to comply with updated styling x86_64-xlate.pl rules. 15 years ago
Andy Polyakov 89778b7f3f x86_64cpuid.pl cosmetics: harmonize $dir treatment with other modules. 15 years ago
Dr. Stephen Henson a9e96d724d Use default value for $dir if it is empty. 15 years ago
Andy Polyakov abe7f8b457 Make all x86_64 modules independent on current working directory. 16 years ago
Andy Polyakov 55eab3b74b Make x86_64 modules work under Win64/x64. 16 years ago
Andy Polyakov 3df2eff4bd x86*cpuid update. 16 years ago
Andy Polyakov 5d86336746 Flush output in x86_64cpuid.pl. 16 years ago
Andy Polyakov b2dba9bf1f Profiling revealed that OPENSSL_cleanse consumes *more* CPU time than
sha1_block_data_order when hashing short messages. Move OPENSSL_cleanse
to "cpuid" assembler module and gain 2x.
16 years ago
Andy Polyakov 932cc129ee x86_64 assembler updates. 16 years ago