Select SHA-256 vs SHA-512 explicitly in perlasm sha512-armv8.pl and sha512-x86_64.pl implement both SHA-256 and SHA-512 and select which to emit by looking for "512" in the output path. This can result in a false positive if the output path happens to contain "512" in it. When the build uses relative paths, it's fine, but this seems needlessly fragile. If we're generate into a temporary file, there's a small but non-negligible probability that the path has a "512" in it. Instead, give those scripts three arguments: flavor hash output, so the selection is independent of the output file name. Bug: 542 Change-Id: Idf256abed1c07003034d3eb4544552125e3289e5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62325 Reviewed-by: Bob Beck <bbe@google.com> Auto-Submit: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/cmake/perlasm.cmake b/cmake/perlasm.cmake index 9828799..6d0c30f 100644 --- a/cmake/perlasm.cmake +++ b/cmake/perlasm.cmake
@@ -29,27 +29,27 @@ # perlasm generates perlasm output from a given file. arch specifies the # architecture. dest specifies the basename of the output file. The list of # generated files will be appended to ${var}_ASM and ${var}_NASM depending on -# the assembler used. +# the assembler used. Extra arguments are passed to the perlasm script. function(perlasm var arch dest src) if(arch STREQUAL "aarch64") - add_perlasm_target("${dest}-apple.S" ${src} ios64) - add_perlasm_target("${dest}-linux.S" ${src} linux64) - add_perlasm_target("${dest}-win.S" ${src} win64) + add_perlasm_target("${dest}-apple.S" ${src} ios64 ${ARGN}) + add_perlasm_target("${dest}-linux.S" ${src} linux64 ${ARGN}) + add_perlasm_target("${dest}-win.S" ${src} win64 ${ARGN}) append_to_parent_scope("${var}_ASM" "${dest}-apple.S" "${dest}-linux.S" "${dest}-win.S") elseif(arch STREQUAL "arm") - add_perlasm_target("${dest}-apple.S" ${src} ios32) - add_perlasm_target("${dest}-linux.S" ${src} linux32) + add_perlasm_target("${dest}-apple.S" ${src} ios32 ${ARGN}) + add_perlasm_target("${dest}-linux.S" ${src} linux32 ${ARGN}) append_to_parent_scope("${var}_ASM" "${dest}-apple.S" "${dest}-linux.S") elseif(arch STREQUAL "x86") - add_perlasm_target("${dest}-apple.S" ${src} macosx -fPIC -DOPENSSL_IA32_SSE2) - add_perlasm_target("${dest}-linux.S" ${src} elf -fPIC -DOPENSSL_IA32_SSE2) - add_perlasm_target("${dest}-win.asm" ${src} win32n -DOPENSSL_IA32_SSE2) + add_perlasm_target("${dest}-apple.S" ${src} macosx -fPIC -DOPENSSL_IA32_SSE2 ${ARGN}) + add_perlasm_target("${dest}-linux.S" ${src} elf -fPIC -DOPENSSL_IA32_SSE2 ${ARGN}) + add_perlasm_target("${dest}-win.asm" ${src} win32n -DOPENSSL_IA32_SSE2 ${ARGN}) append_to_parent_scope("${var}_ASM" "${dest}-apple.S" "${dest}-linux.S") append_to_parent_scope("${var}_NASM" "${dest}-win.asm") elseif(arch STREQUAL "x86_64") - add_perlasm_target("${dest}-apple.S" ${src} macosx) - add_perlasm_target("${dest}-linux.S" ${src} elf) - add_perlasm_target("${dest}-win.asm" ${src} nasm) + add_perlasm_target("${dest}-apple.S" ${src} macosx ${ARGN}) + add_perlasm_target("${dest}-linux.S" ${src} elf ${ARGN}) + add_perlasm_target("${dest}-win.asm" ${src} nasm ${ARGN}) append_to_parent_scope("${var}_ASM" "${dest}-apple.S" "${dest}-linux.S") append_to_parent_scope("${var}_NASM" "${dest}-win.asm") else()
diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt index 6c18791..12a12eb 100644 --- a/crypto/fipsmodule/CMakeLists.txt +++ b/crypto/fipsmodule/CMakeLists.txt
@@ -7,8 +7,8 @@ perlasm(BCM_SOURCES aarch64 p256_beeu-armv8-asm ec/asm/p256_beeu-armv8-asm.pl) perlasm(BCM_SOURCES aarch64 p256-armv8-asm ec/asm/p256-armv8-asm.pl) perlasm(BCM_SOURCES aarch64 sha1-armv8 sha/asm/sha1-armv8.pl) -perlasm(BCM_SOURCES aarch64 sha256-armv8 sha/asm/sha512-armv8.pl) -perlasm(BCM_SOURCES aarch64 sha512-armv8 sha/asm/sha512-armv8.pl) +perlasm(BCM_SOURCES aarch64 sha256-armv8 sha/asm/sha512-armv8.pl sha256) +perlasm(BCM_SOURCES aarch64 sha512-armv8 sha/asm/sha512-armv8.pl sha512) perlasm(BCM_SOURCES aarch64 vpaes-armv8 aes/asm/vpaes-armv8.pl) perlasm(BCM_SOURCES arm aesv8-armv7 aes/asm/aesv8-armx.pl) perlasm(BCM_SOURCES arm armv4-mont bn/asm/armv4-mont.pl) @@ -40,8 +40,8 @@ perlasm(BCM_SOURCES x86_64 rdrand-x86_64 rand/asm/rdrand-x86_64.pl) perlasm(BCM_SOURCES x86_64 rsaz-avx2 bn/asm/rsaz-avx2.pl) perlasm(BCM_SOURCES x86_64 sha1-x86_64 sha/asm/sha1-x86_64.pl) -perlasm(BCM_SOURCES x86_64 sha256-x86_64 sha/asm/sha512-x86_64.pl) -perlasm(BCM_SOURCES x86_64 sha512-x86_64 sha/asm/sha512-x86_64.pl) +perlasm(BCM_SOURCES x86_64 sha256-x86_64 sha/asm/sha512-x86_64.pl sha256) +perlasm(BCM_SOURCES x86_64 sha512-x86_64 sha/asm/sha512-x86_64.pl sha512) perlasm(BCM_SOURCES x86_64 vpaes-x86_64 aes/asm/vpaes-x86_64.pl) perlasm(BCM_SOURCES x86_64 x86_64-mont bn/asm/x86_64-mont.pl) perlasm(BCM_SOURCES x86_64 x86_64-mont5 bn/asm/x86_64-mont5.pl)
diff --git a/crypto/fipsmodule/sha/asm/sha512-armv8.pl b/crypto/fipsmodule/sha/asm/sha512-armv8.pl index 0235be3..c7d9154 100644 --- a/crypto/fipsmodule/sha/asm/sha512-armv8.pl +++ b/crypto/fipsmodule/sha/asm/sha512-armv8.pl
@@ -39,8 +39,29 @@ # generated with -mgeneral-regs-only is significantly faster # and the gap is only 40-90%. -$output=pop; -$flavour=pop; +my ($flavour, $hash, $output) = @ARGV; + +if ($hash eq "sha512") { + $BITS=512; + $SZ=8; + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; + $reg_t="x"; +} elsif ($hash eq "sha256") { + $BITS=256; + $SZ=4; + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; + $reg_t="w"; +} else { + die "unknown hash: $hash"; +} if ($flavour && $flavour ne "void") { $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; @@ -55,26 +76,6 @@ *STDOUT=*OUT; } -if ($output =~ /512/) { - $BITS=512; - $SZ=8; - @Sigma0=(28,34,39); - @Sigma1=(14,18,41); - @sigma0=(1, 8, 7); - @sigma1=(19,61, 6); - $rounds=80; - $reg_t="x"; -} else { - $BITS=256; - $SZ=4; - @Sigma0=( 2,13,22); - @Sigma1=( 6,11,25); - @sigma0=( 7,18, 3); - @sigma1=(17,19,10); - $rounds=64; - $reg_t="w"; -} - $func="sha${BITS}_block_data_order"; ($ctx,$inp,$num,$Ktbl)=map("x$_",(0..2,30));
diff --git a/crypto/fipsmodule/sha/asm/sha512-x86_64.pl b/crypto/fipsmodule/sha/asm/sha512-x86_64.pl index 35e88d9..a3e4122 100755 --- a/crypto/fipsmodule/sha/asm/sha512-x86_64.pl +++ b/crypto/fipsmodule/sha/asm/sha512-x86_64.pl
@@ -111,9 +111,35 @@ # # Modified from upstream OpenSSL to remove the XOP code. -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } +my ($flavour, $hash, $output) = @ARGV; + +if ($hash eq "sha512") { + $func="sha512_block_data_order"; + $TABLE="K512"; + $SZ=8; + @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx", + "%r8", "%r9", "%r10","%r11"); + ($T1,$a0,$a1,$a2,$a3)=("%r12","%r13","%r14","%r15","%rdi"); + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; +} elsif ($hash eq "sha256") { + $func="sha256_block_data_order"; + $TABLE="K256"; + $SZ=4; + @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx", + "%r8d","%r9d","%r10d","%r11d"); + ($T1,$a0,$a1,$a2,$a3)=("%r12d","%r13d","%r14d","%r15d","%edi"); + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; +} else { + die "unknown hash: $hash"; +} $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); @@ -136,32 +162,6 @@ open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; *STDOUT=*OUT; -if ($output =~ /512/) { - $func="sha512_block_data_order"; - $TABLE="K512"; - $SZ=8; - @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx", - "%r8", "%r9", "%r10","%r11"); - ($T1,$a0,$a1,$a2,$a3)=("%r12","%r13","%r14","%r15","%rdi"); - @Sigma0=(28,34,39); - @Sigma1=(14,18,41); - @sigma0=(1, 8, 7); - @sigma1=(19,61, 6); - $rounds=80; -} else { - $func="sha256_block_data_order"; - $TABLE="K256"; - $SZ=4; - @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx", - "%r8d","%r9d","%r10d","%r11d"); - ($T1,$a0,$a1,$a2,$a3)=("%r12d","%r13d","%r14d","%r15d","%edi"); - @Sigma0=( 2,13,22); - @Sigma1=( 6,11,25); - @sigma0=( 7,18, 3); - @sigma1=(17,19,10); - $rounds=64; -} - $ctx="%rdi"; # 1st arg, zapped by $a3 $inp="%rsi"; # 2nd arg $Tbl="%rbp";
diff --git a/util/generate_build_files.py b/util/generate_build_files.py index d7ae8b1..bd2882f 100644 --- a/util/generate_build_files.py +++ b/util/generate_build_files.py
@@ -648,12 +648,13 @@ raise ValueError('Bad perlasm line in %s' % cmakefile) # Remove "perlasm(" from start and ")" from end params = line[8:-1].split() - if len(params) != 4: + if len(params) < 4: raise ValueError('Bad perlasm line in %s' % cmakefile) perlasms.append({ 'arch': params[1], 'output': os.path.join(os.path.dirname(cmakefile), params[2]), 'input': os.path.join(os.path.dirname(cmakefile), params[3]), + 'extra_args': params[4:], }) return perlasms @@ -700,7 +701,8 @@ raise ValueError('output missing src: %s' % output) output = os.path.join(outDir, output[4:]) output = '%s-%s.%s' % (output, osname, asm_ext) - PerlAsm(output, perlasm['input'], perlasm_style, extra_args) + PerlAsm(output, perlasm['input'], perlasm_style, + extra_args + perlasm['extra_args']) asmfiles.setdefault(key, []).append(output) for (key, non_perl_asm_files) in NON_PERL_FILES.items():