ppccap.c: Split out algorithm-specific functions

Fixes #13336

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15828)

crypto/bn/bn_ppc.c

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+#include "crypto/ppc_arch.h"
+#include "bn_local.h"
+
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                        const BN_ULONG *np, const BN_ULONG *n0, int num);
+    int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                          const BN_ULONG *np, const BN_ULONG *n0, int num);
+    int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
+                             const BN_ULONG *bp, const BN_ULONG *np,
+                             const BN_ULONG *n0, int num);
+    int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
+                                 const BN_ULONG *bp, const BN_ULONG *np,
+                                 const BN_ULONG *n0, int num);
+
+    if (num < 4)
+        return 0;
+
+    if ((num & 3) == 0)
+        return bn_mul4x_mont_int(rp, ap, bp, np, n0, num);
+
+    /*
+     * There used to be [optional] call to bn_mul_mont_fpu64 here,
+     * but above subroutine is faster on contemporary processors.
+     * Formulation means that there might be old processors where
+     * FPU code path would be faster, POWER6 perhaps, but there was
+     * no opportunity to figure it out...
+     */
+
+    if (num == 6) {
+        if (OPENSSL_ppccap_P & PPC_MADD300)
+            return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
+        else
+            return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
+    }
+
+    return bn_mul_mont_int(rp, ap, bp, np, n0, num);
+}

crypto/bn/build.info

@@ -77,7 +77,7 @@ IF[{- !$disabled{asm} -}]
   $BNASM_parisc20_64=$BNASM_parisc11
   $BNDEF_parisc20_64=$BNDEF_parisc11
 
-  $BNASM_ppc32=bn-ppc.s ppc-mont.s
+  $BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s
   $BNDEF_ppc32=OPENSSL_BN_ASM_MONT
   $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s
   $BNDEF_ppc64=$BNDEF_ppc32

crypto/chacha/build.info

@@ -12,7 +12,7 @@ IF[{- !$disabled{asm} -}]
   $CHACHAASM_armv4=chacha-armv4.S
   $CHACHAASM_aarch64=chacha-armv8.S
 
-  $CHACHAASM_ppc32=chacha-ppc.s
+  $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s
   $CHACHAASM_ppc64=$CHACHAASM_ppc32
 
   $CHACHAASM_c64xplus=chacha-c64xplus.s

crypto/chacha/chacha_ppc.c

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include "crypto/chacha.h"
+#include "crypto/ppc_arch.h"
+
+void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
+                        size_t len, const unsigned int key[8],
+                        const unsigned int counter[4]);
+void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp,
+                        size_t len, const unsigned int key[8],
+                        const unsigned int counter[4]);
+void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp,
+                        size_t len, const unsigned int key[8],
+                        const unsigned int counter[4]);
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4])
+{
+    OPENSSL_ppccap_P & PPC_CRYPTO207
+        ? ChaCha20_ctr32_vsx(out, inp, len, key, counter)
+        : OPENSSL_ppccap_P & PPC_ALTIVEC
+            ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
+            : ChaCha20_ctr32_int(out, inp, len, key, counter);
+}

crypto/ec/build.info

@@ -30,7 +30,7 @@ IF[{- !$disabled{asm} -}]
   $ECASM_parisc20_64=
 
   $ECASM_ppc32=
-  $ECASM_ppc64=ecp_nistz256.c ecp_nistz256-ppc64.s x25519-ppc64.s
+  $ECASM_ppc64=ecp_nistz256.c ecp_ppc.c ecp_nistz256-ppc64.s x25519-ppc64.s
   $ECDEF_ppc64=ECP_NISTZ256_ASM X25519_ASM
   IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
     $ECASM_ppc64=$ECASM_ppc64 ecp_nistp521-ppc64.s

crypto/ec/ecp_nistp521.c

@@ -688,7 +688,7 @@ void p521_felem_square(largefelem out, const felem in);
 void p521_felem_mul(largefelem out, const felem in1, const felem in2);
 
 # if defined(_ARCH_PPC64)
-#  include "ppc_arch.h"
+#  include "crypto/ppc_arch.h"
 # endif
 
 void felem_select(void)

crypto/ec/ecp_ppc.c

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "crypto/ppc_arch.h"
+#include "ec_local.h"
+
+void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4],
+                           const unsigned long b[4]);
+
+void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4]);
+void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4])
+{
+    static const unsigned long RR[] = { 0x0000000000000003U,
+                                        0xfffffffbffffffffU,
+                                        0xfffffffffffffffeU,
+                                        0x00000004fffffffdU };
+
+    ecp_nistz256_mul_mont(res, in, RR);
+}
+
+void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4]);
+void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4])
+{
+    static const unsigned long one[] = { 1, 0, 0, 0 };
+
+    ecp_nistz256_mul_mont(res, in, one);
+}

crypto/modes/gcm128.c

@@ -683,7 +683,7 @@ void gcm_gmult_vis3(u64 Xi[2], const u128 Htable[16]);
 void gcm_ghash_vis3(u64 Xi[2], const u128 Htable[16], const u8 *inp,
                     size_t len);
 # elif defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
-#  include "ppc_arch.h"
+#  include "crypto/ppc_arch.h"
 #  define GHASH_ASM_PPC
 #  define GCM_FUNCREF_4BIT
 void gcm_init_p8(u128 Htable[16], const u64 Xi[2]);

crypto/poly1305/build.info

@@ -16,7 +16,7 @@ IF[{- !$disabled{asm} -}]
   $POLY1305ASM_armv4=poly1305-armv4.S
   $POLY1305ASM_aarch64=poly1305-armv8.S
 
-  $POLY1305ASM_ppc32=poly1305-ppc.s poly1305-ppcfp.s
+  $POLY1305ASM_ppc32=poly1305_ppc.c poly1305-ppc.s poly1305-ppcfp.s
   $POLY1305ASM_ppc64=$POLY1305ASM_ppc32
 
   $POLY1305ASM_c64xplus=poly1305-c64xplus.s

crypto/poly1305/poly1305_ppc.c

@@ -0,0 +1,47 @@
+/*
+ * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <openssl/types.h>
+#include "crypto/poly1305.h"
+#include "crypto/ppc_arch.h"
+
+void poly1305_init_int(void *ctx, const unsigned char key[16]);
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                         unsigned int padbit);
+void poly1305_emit(void *ctx, unsigned char mac[16],
+                       const unsigned int nonce[4]);
+void poly1305_init_fpu(void *ctx, const unsigned char key[16]);
+void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len,
+                         unsigned int padbit);
+void poly1305_emit_fpu(void *ctx, unsigned char mac[16],
+                       const unsigned int nonce[4]);
+void poly1305_init_vsx(void *ctx, const unsigned char key[16]);
+void poly1305_blocks_vsx(void *ctx, const unsigned char *inp, size_t len,
+                         unsigned int padbit);
+void poly1305_emit_vsx(void *ctx, unsigned char mac[16],
+                       const unsigned int nonce[4]);
+int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]);
+int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
+{
+    if (OPENSSL_ppccap_P & PPC_CRYPTO207) {
+        poly1305_init_int(ctx, key);
+        func[0] = (void*)(uintptr_t)poly1305_blocks_vsx;
+        func[1] = (void*)(uintptr_t)poly1305_emit;
+    } else if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) {
+        poly1305_init_fpu(ctx, key);
+        func[0] = (void*)(uintptr_t)poly1305_blocks_fpu;
+        func[1] = (void*)(uintptr_t)poly1305_emit_fpu;
+    } else {
+        poly1305_init_int(ctx, key);
+        func[0] = (void*)(uintptr_t)poly1305_blocks;
+        func[1] = (void*)(uintptr_t)poly1305_emit;
+    }
+    return 1;
+}

crypto/ppccap.c

@@ -27,159 +27,13 @@
 # include <sys/sysctl.h>
 #endif
 #include <openssl/crypto.h>
-#include <openssl/bn.h>
 #include "internal/cryptlib.h"
-#include "crypto/chacha.h"
-#include "bn/bn_local.h"
-
-#include "ppc_arch.h"
+#include "crypto/ppc_arch.h"
 
 unsigned int OPENSSL_ppccap_P = 0;
 
 static sigset_t all_masked;
 
-
-#ifdef OPENSSL_BN_ASM_MONT
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                const BN_ULONG *np, const BN_ULONG *n0, int num)
-{
-    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                        const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                          const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
-                             const BN_ULONG *bp, const BN_ULONG *np,
-                             const BN_ULONG *n0, int num);
-    int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
-                                 const BN_ULONG *bp, const BN_ULONG *np,
-                                 const BN_ULONG *n0, int num);
-
-    if (num < 4)
-        return 0;
-
-    if ((num & 3) == 0)
-        return bn_mul4x_mont_int(rp, ap, bp, np, n0, num);
-
-    /*
-     * There used to be [optional] call to bn_mul_mont_fpu64 here,
-     * but above subroutine is faster on contemporary processors.
-     * Formulation means that there might be old processors where
-     * FPU code path would be faster, POWER6 perhaps, but there was
-     * no opportunity to figure it out...
-     */
-
-    if (num == 6) {
-        if (OPENSSL_ppccap_P & PPC_MADD300)
-            return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
-        else
-            return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
-    }
-
-    return bn_mul_mont_int(rp, ap, bp, np, n0, num);
-}
-#endif
-void sha256_block_p8(void *ctx, const void *inp, size_t len);
-void sha256_block_ppc(void *ctx, const void *inp, size_t len);
-void sha256_block_data_order(void *ctx, const void *inp, size_t len);
-void sha256_block_data_order(void *ctx, const void *inp, size_t len)
-{
-    OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) :
-        sha256_block_ppc(ctx, inp, len);
-}
-
-void sha512_block_p8(void *ctx, const void *inp, size_t len);
-void sha512_block_ppc(void *ctx, const void *inp, size_t len);
-void sha512_block_data_order(void *ctx, const void *inp, size_t len);
-void sha512_block_data_order(void *ctx, const void *inp, size_t len)
-{
-    OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) :
-        sha512_block_ppc(ctx, inp, len);
-}
-
-#ifndef FIPS_MODULE
-# ifndef OPENSSL_NO_CHACHA
-void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
-                        size_t len, const unsigned int key[8],
-                        const unsigned int counter[4]);
-void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp,
-                        size_t len, const unsigned int key[8],
-                        const unsigned int counter[4]);
-void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp,
-                        size_t len, const unsigned int key[8],
-                        const unsigned int counter[4]);
-void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
-                    size_t len, const unsigned int key[8],
-                    const unsigned int counter[4])
-{
-    OPENSSL_ppccap_P & PPC_CRYPTO207
-        ? ChaCha20_ctr32_vsx(out, inp, len, key, counter)
-        : OPENSSL_ppccap_P & PPC_ALTIVEC
-            ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
-            : ChaCha20_ctr32_int(out, inp, len, key, counter);
-}
-# endif
-
-# ifndef OPENSSL_NO_POLY1305
-void poly1305_init_int(void *ctx, const unsigned char key[16]);
-void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
-                         unsigned int padbit);
-void poly1305_emit(void *ctx, unsigned char mac[16],
-                       const unsigned int nonce[4]);
-void poly1305_init_fpu(void *ctx, const unsigned char key[16]);
-void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len,
-                         unsigned int padbit);
-void poly1305_emit_fpu(void *ctx, unsigned char mac[16],
-                       const unsigned int nonce[4]);
-void poly1305_init_vsx(void *ctx, const unsigned char key[16]);
-void poly1305_blocks_vsx(void *ctx, const unsigned char *inp, size_t len,
-                         unsigned int padbit);
-void poly1305_emit_vsx(void *ctx, unsigned char mac[16],
-                       const unsigned int nonce[4]);
-int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]);
-int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
-{
-    if (OPENSSL_ppccap_P & PPC_CRYPTO207) {
-        poly1305_init_int(ctx, key);
-        func[0] = (void*)(uintptr_t)poly1305_blocks_vsx;
-        func[1] = (void*)(uintptr_t)poly1305_emit;
-    } else if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) {
-        poly1305_init_fpu(ctx, key);
-        func[0] = (void*)(uintptr_t)poly1305_blocks_fpu;
-        func[1] = (void*)(uintptr_t)poly1305_emit_fpu;
-    } else {
-        poly1305_init_int(ctx, key);
-        func[0] = (void*)(uintptr_t)poly1305_blocks;
-        func[1] = (void*)(uintptr_t)poly1305_emit;
-    }
-    return 1;
-}
-# endif
-#endif /* FIPS_MODULE */
-
-#ifdef ECP_NISTZ256_ASM
-void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4],
-                           const unsigned long b[4]);
-
-void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4]);
-void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4])
-{
-    static const unsigned long RR[] = { 0x0000000000000003U,
-                                        0xfffffffbffffffffU,
-                                        0xfffffffffffffffeU,
-                                        0x00000004fffffffdU };
-
-    ecp_nistz256_mul_mont(res, in, RR);
-}
-
-void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4]);
-void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4])
-{
-    static const unsigned long one[] = { 1, 0, 0, 0 };
-
-    ecp_nistz256_mul_mont(res, in, one);
-}
-#endif
-
 static sigjmp_buf ill_jmp;
 static void ill_handler(int sig)
 {

crypto/sha/build.info

@@ -37,7 +37,8 @@ IF[{- !$disabled{asm} -}]
   $SHA1DEF_parisc20_64=$SHA1DEF_parisc11
 
   $SHA1ASM_ppc32=\
-        sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s
+        sha_ppc.c sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s \
+        sha512p8-ppc.s
   $SHA1DEF_ppc32=SHA1_ASM SHA256_ASM SHA512_ASM
   $SHA1ASM_ppc64=$SHA1ASM_ppc32
   $SHA1DEF_ppc64=$SHA1DEF_ppc32

crypto/sha/sha_ppc.c

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/sha.h>
+#include "crypto/ppc_arch.h"
+
+void sha256_block_p8(void *ctx, const void *inp, size_t len);
+void sha256_block_ppc(void *ctx, const void *inp, size_t len);
+void sha256_block_data_order(void *ctx, const void *inp, size_t len);
+void sha256_block_data_order(void *ctx, const void *inp, size_t len)
+{
+    OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) :
+        sha256_block_ppc(ctx, inp, len);
+}
+
+void sha512_block_p8(void *ctx, const void *inp, size_t len);
+void sha512_block_ppc(void *ctx, const void *inp, size_t len);
+void sha512_block_data_order(void *ctx, const void *inp, size_t len);
+void sha512_block_data_order(void *ctx, const void *inp, size_t len)
+{
+    OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) :
+        sha512_block_ppc(ctx, inp, len);
+}