Merge BoringSSL thorugh 962432c

briansmith · Jan 30, 2025 · bee592c · bee592c
2 parents 705fd04 + cfbbc67
commit bee592c
Show file tree

Hide file tree

Showing 12 changed files with 310 additions and 294 deletions.
diff --git a/build.rs b/build.rs
@@ -881,6 +881,8 @@ fn prefix_all_symbols(pp: char, prefix_prefix: &str, prefix: &str) -> String {
         "OPENSSL_ia32cap_P",
         "aes_hw_ctr32_encrypt_blocks",
         "aes_hw_set_encrypt_key",
+        "aes_hw_set_encrypt_key_alt",
+        "aes_hw_set_encrypt_key_base",
         "aes_nohw_ctr32_encrypt_blocks",
         "aes_nohw_encrypt",
         "aes_nohw_set_encrypt_key",

diff --git a/crypto/cpu_intel.c b/crypto/cpu_intel.c
@@ -147,15 +147,6 @@ void OPENSSL_cpuid_setup(void) {
   // Reserved bit #30 is repurposed to signal an Intel CPU.
   if (is_intel) {
     edx |= (1u << 30);
-
-    // Clear the XSAVE bit on Knights Landing to mimic Silvermont. This enables
-    // some Silvermont-specific codepaths which perform better. See OpenSSL
-    // commit 64d92d74985ebb3d0be58a9718f9e080a14a8e7f and
-    // |CRYPTO_cpu_perf_is_like_silvermont|.
-    if ((eax & 0x0fff0ff0) == 0x00050670 /* Knights Landing */ ||
-        (eax & 0x0fff0ff0) == 0x00080650 /* Knights Mill (per SDE) */) {
-      ecx &= ~(1u << 26);
-    }
   } else {
     edx &= ~(1u << 30);
   }
@@ -190,12 +181,6 @@ void OPENSSL_cpuid_setup(void) {
     extended_features[0] &= ~(1u << 16);
   }
 
-  // Disable ADX instructions on Knights Landing. See OpenSSL commit
-  // 64d92d74985ebb3d0be58a9718f9e080a14a8e7f.
-  if ((ecx & (1u << 26)) == 0) {
-    extended_features[0] &= ~(1u << 19);
-  }
-
   OPENSSL_ia32cap_P[0] = edx;
   OPENSSL_ia32cap_P[1] = ecx;
   OPENSSL_ia32cap_P[2] = extended_features[0];

diff --git a/crypto/fipsmodule/aes/asm/aesni-x86.pl b/crypto/fipsmodule/aes/asm/aesni-x86.pl
@@ -83,7 +83,6 @@
 
 &asm_init($ARGV[0]);
 
-&external_label("OPENSSL_ia32cap_P");
 &preprocessor_ifdef("BORINGSSL_DISPATCH_TEST")
 &external_label("BORINGSSL_function_hit");
 &preprocessor_endif();
@@ -158,12 +157,10 @@ sub aesni_generate1	# fully unrolled loop
 	&jb		(&label("${p}128"));
 	&lea		($key,&DWP(0x40,$key));
 	# 192-bit key support was removed.
-
 	eval"&aes${p}	($inout,$rndkey1)";
 	&$movekey	($rndkey1,&QWP(-0x40,$key));
 	eval"&aes${p}	($inout,$rndkey0)";
 	&$movekey	($rndkey0,&QWP(-0x30,$key));
-
 	# 192-bit key support was removed.
 	eval"&aes${p}	($inout,$rndkey1)";
 	&$movekey	($rndkey1,&QWP(-0x20,$key));
@@ -652,45 +649,32 @@ sub aesni_generate6
 
 ######################################################################
 # Mechanical port from aesni-x86_64.pl.
-#
-# _aesni_set_encrypt_key is private interface,
-# input:
-#	"eax"	const unsigned char *userKey
-#	$rounds	int bits
-#	$key	AES_KEY *key
-# output:
-#	"eax"	return code
-#	$round	rounds
-
-&function_begin_B("_aesni_set_encrypt_key");
-	&push	("ebp");
+
+# int $PREFIX_set_encrypt_key_base (const unsigned char *userKey, int bits,
+#                                   AES_KEY *key)
+&function_begin_B("${PREFIX}_set_encrypt_key_base");
+	&record_function_hit(3);
+
+	&mov	("eax",&wparam(0));
+	&mov	($rounds,&wparam(1));
+	&mov	($key,&wparam(2));
 	&push	("ebx");
-	&test	("eax","eax");
-	&jz	(&label("bad_pointer"));
-	&test	($key,$key);
-	&jz	(&label("bad_pointer"));
 
 	&call	(&label("pic"));
 &set_label("pic");
 	&blindpop("ebx");
 	&lea	("ebx",&DWP(&label("key_const")."-".&label("pic"),"ebx"));
 
-	&picmeup("ebp","OPENSSL_ia32cap_P","ebx",&label("key_const"));
 	&movups	("xmm0",&QWP(0,"eax"));	# pull first 128 bits of *userKey
 	&xorps	("xmm4","xmm4");	# low dword of xmm4 is assumed 0
-	&mov	("ebp",&DWP(4,"ebp"));
 	&lea	($key,&DWP(16,$key));
-	&and	("ebp",1<<28|1<<11);	# AVX and XOP bits
 	&cmp	($rounds,256);
 	&je	(&label("14rounds"));
 	# 192-bit key support was removed.
 	&cmp	($rounds,128);
 	&jne	(&label("bad_keybits"));
 
 &set_label("10rounds",16);
-	&cmp		("ebp",1<<28);
-	&je		(&label("10rounds_alt"));
-
 	&mov		($rounds,9);
 	&$movekey	(&QWP(-16,$key),"xmm0");	# round 0
 	&aeskeygenassist("xmm1","xmm0",0x01);		# round 1
@@ -730,6 +714,111 @@ sub aesni_generate6
 	&xorps		("xmm0","xmm1");
 	&ret();
 
+&set_label("14rounds",16);
+	&movups		("xmm2",&QWP(16,"eax"));	# remaining half of *userKey
+	&lea		($key,&DWP(16,$key));
+
+	&mov		($rounds,13);
+	&$movekey	(&QWP(-32,$key),"xmm0");	# round 0
+	&$movekey	(&QWP(-16,$key),"xmm2");	# round 1
+	&aeskeygenassist("xmm1","xmm2",0x01);		# round 2
+	&call		(&label("key_256a_cold"));
+	&aeskeygenassist("xmm1","xmm0",0x01);		# round 3
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x02);		# round 4
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x02);		# round 5
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x04);		# round 6
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x04);		# round 7
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x08);		# round 8
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x08);		# round 9
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x10);		# round 10
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x10);		# round 11
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x20);		# round 12
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x20);		# round 13
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x40);		# round 14
+	&call		(&label("key_256a"));
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&mov		(&DWP(16,$key),$rounds);
+	&xor		("eax","eax");
+
+	&jmp	(&label("good_key"));
+
+&set_label("key_256a",16);
+	&$movekey	(&QWP(0,$key),"xmm2");
+	&lea		($key,&DWP(16,$key));
+&set_label("key_256a_cold");
+	&shufps		("xmm4","xmm0",0b00010000);
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm4","xmm0",0b10001100);
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm1","xmm1",0b11111111);	# critical path
+	&xorps		("xmm0","xmm1");
+	&ret();
+
+&set_label("key_256b",16);
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&lea		($key,&DWP(16,$key));
+
+	&shufps		("xmm4","xmm2",0b00010000);
+	&xorps		("xmm2","xmm4");
+	&shufps		("xmm4","xmm2",0b10001100);
+	&xorps		("xmm2","xmm4");
+	&shufps		("xmm1","xmm1",0b10101010);	# critical path
+	&xorps		("xmm2","xmm1");
+	&ret();
+
+&set_label("good_key");
+	&pxor	("xmm0","xmm0");
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&xor	("eax","eax");
+	&pop	("ebx");
+	&ret	();
+
+&set_label("bad_keybits",4);
+	&pxor	("xmm0","xmm0");
+	&mov	("eax",-2);
+	&pop	("ebx");
+	&ret	();
+&function_end_B("${PREFIX}_set_encrypt_key_base");
+
+# int $PREFIX_set_encrypt_key_alt (const unsigned char *userKey, int bits,
+#                                  AES_KEY *key)
+&function_begin_B("${PREFIX}_set_encrypt_key_alt");
+	&record_function_hit(3);
+
+	&mov	("eax",&wparam(0));
+	&mov	($rounds,&wparam(1));
+	&mov	($key,&wparam(2));
+	&push	("ebx");
+
+	&call	(&label("pic"));
+&set_label("pic");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("key_const")."-".&label("pic"),"ebx"));
+
+	&movups	("xmm0",&QWP(0,"eax"));	# pull first 128 bits of *userKey
+	&xorps	("xmm4","xmm4");	# low dword of xmm4 is assumed 0
+	&lea	($key,&DWP(16,$key));
+	&cmp	($rounds,256);
+	&je	(&label("14rounds_alt"));
+	# 192-bit key support was removed.
+	&cmp	($rounds,128);
+	&jne	(&label("bad_keybits"));
+
 &set_label("10rounds_alt",16);
 	&movdqa		("xmm5",&QWP(0x00,"ebx"));
 	&mov		($rounds,8);
@@ -795,74 +884,11 @@ sub aesni_generate6
 
 	&jmp	(&label("good_key"));
 
-# 192-bit key support was removed.
+	# 192-bit key support was removed.
 
-&set_label("14rounds",16);
+&set_label("14rounds_alt",16);
 	&movups		("xmm2",&QWP(16,"eax"));	# remaining half of *userKey
 	&lea		($key,&DWP(16,$key));
-	&cmp		("ebp",1<<28);
-	&je		(&label("14rounds_alt"));
-
-	&mov		($rounds,13);
-	&$movekey	(&QWP(-32,$key),"xmm0");	# round 0
-	&$movekey	(&QWP(-16,$key),"xmm2");	# round 1
-	&aeskeygenassist("xmm1","xmm2",0x01);		# round 2
-	&call		(&label("key_256a_cold"));
-	&aeskeygenassist("xmm1","xmm0",0x01);		# round 3
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x02);		# round 4
-	&call		(&label("key_256a"));
-	&aeskeygenassist("xmm1","xmm0",0x02);		# round 5
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x04);		# round 6
-	&call		(&label("key_256a"));
-	&aeskeygenassist("xmm1","xmm0",0x04);		# round 7
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x08);		# round 8
-	&call		(&label("key_256a"));
-	&aeskeygenassist("xmm1","xmm0",0x08);		# round 9
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x10);		# round 10
-	&call		(&label("key_256a"));
-	&aeskeygenassist("xmm1","xmm0",0x10);		# round 11
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x20);		# round 12
-	&call		(&label("key_256a"));
-	&aeskeygenassist("xmm1","xmm0",0x20);		# round 13
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x40);		# round 14
-	&call		(&label("key_256a"));
-	&$movekey	(&QWP(0,$key),"xmm0");
-	&mov		(&DWP(16,$key),$rounds);
-	&xor		("eax","eax");
-
-	&jmp	(&label("good_key"));
-
-&set_label("key_256a",16);
-	&$movekey	(&QWP(0,$key),"xmm2");
-	&lea		($key,&DWP(16,$key));
-&set_label("key_256a_cold");
-	&shufps		("xmm4","xmm0",0b00010000);
-	&xorps		("xmm0","xmm4");
-	&shufps		("xmm4","xmm0",0b10001100);
-	&xorps		("xmm0","xmm4");
-	&shufps		("xmm1","xmm1",0b11111111);	# critical path
-	&xorps		("xmm0","xmm1");
-	&ret();
-
-&set_label("key_256b",16);
-	&$movekey	(&QWP(0,$key),"xmm0");
-	&lea		($key,&DWP(16,$key));
-
-	&shufps		("xmm4","xmm2",0b00010000);
-	&xorps		("xmm2","xmm4");
-	&shufps		("xmm4","xmm2",0b10001100);
-	&xorps		("xmm2","xmm4");
-	&shufps		("xmm1","xmm1",0b10101010);	# critical path
-	&xorps		("xmm2","xmm1");
-	&ret();
-
-&set_label("14rounds_alt",16);
 	&movdqa		("xmm5",&QWP(0x00,"ebx"));
 	&movdqa		("xmm4",&QWP(0x20,"ebx"));
 	&mov		($rounds,7);
@@ -920,33 +946,15 @@ sub aesni_generate6
 	&pxor	("xmm5","xmm5");
 	&xor	("eax","eax");
 	&pop	("ebx");
-	&pop	("ebp");
 	&ret	();
 
-&set_label("bad_pointer",4);
-	&mov	("eax",-1);
-	&pop	("ebx");
-	&pop	("ebp");
-	&ret	();
 &set_label("bad_keybits",4);
 	&pxor	("xmm0","xmm0");
 	&mov	("eax",-2);
 	&pop	("ebx");
-	&pop	("ebp");
 	&ret	();
-&function_end_B("_aesni_set_encrypt_key");
+&function_end_B("${PREFIX}_set_encrypt_key_alt");
 
-# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits,
-#                              AES_KEY *key)
-&function_begin_B("${PREFIX}_set_encrypt_key");
-	&record_function_hit(3);
-
-	&mov	("eax",&wparam(0));
-	&mov	($rounds,&wparam(1));
-	&mov	($key,&wparam(2));
-	&call	("_aesni_set_encrypt_key");
-	&ret	();
-&function_end_B("${PREFIX}_set_encrypt_key");
 
 &set_label("key_const",64);
 &data_word(0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d);