Measured on a SkyLake processor: Before: Did 11373750 AES-128-GCM (16 bytes) seal operations in 1016000us (11194635.8 ops/sec): 179.1 MB/s Did 2253000 AES-128-GCM (1350 bytes) seal operations in 1016000us (2217519.7 ops/sec): 2993.7 MB/s Did 453750 AES-128-GCM (8192 bytes) seal operations in 1015000us (447044.3 ops/sec): 3662.2 MB/s Did 10753500 AES-256-GCM (16 bytes) seal operations in 1016000us (10584153.5 ops/sec): 169.3 MB/s Did 1898750 AES-256-GCM (1350 bytes) seal operations in 1015000us (1870689.7 ops/sec): 2525.4 MB/s Did 374000 AES-256-GCM (8192 bytes) seal operations in 1016000us (368110.2 ops/sec): 3015.6 MB/s After: Did 11074000 AES-128-GCM (16 bytes) seal operations in 1015000us (10910344.8 ops/sec): 174.6 MB/s Did 3178250 AES-128-GCM (1350 bytes) seal operations in 1016000us (3128198.8 ops/sec): 4223.1 MB/s Did 734500 AES-128-GCM (8192 bytes) seal operations in 1016000us (722933.1 ops/sec): 5922.3 MB/s Did 10394750 AES-256-GCM (16 bytes) seal operations in 1015000us (10241133.0 ops/sec): 163.9 MB/s Did 2502250 AES-256-GCM (1350 bytes) seal operations in 1016000us (2462844.5 ops/sec): 3324.8 MB/s Did 544500 AES-256-GCM (8192 bytes) seal operations in 1015000us (536453.2 ops/sec): 4394.6 MB/s Change-Id: If058935796441ed4e577b9a72d3aa43422edba58 Reviewed-on: https://boringssl-review.googlesource.com/7273 Reviewed-by: Adam Langley <alangley@gmail.com>
6.4 KiB
Building BoringSSL
Build Prerequisites
-
CMake 2.8.10 or later is required.
-
Perl 5.6.1 or later is required. On Windows, Active State Perl has been reported to work, as has MSYS Perl. Strawberry Perl also works but it adds GCC to
PATH
, which can confuse some build tools when identifying the compiler (removingC:\Strawberry\c\bin
fromPATH
should resolve any problems). If Perl is not found by CMake, it may be configured explicitly by settingPERL_EXECUTABLE
. -
On Windows you currently must use Ninja to build; on other platforms, it is not required, but recommended, because it makes builds faster.
-
If you need to build Ninja from source, then a recent version of Python is required (Python 2.7.5 works).
-
On Windows only, Yasm is required. If not found by CMake, it may be configured explicitly by setting
CMAKE_ASM_NASM_COMPILER
. -
A C compiler is required. On Windows, MSVC 14 (Visual Studio 2015) or later with Platform SDK 8.1 or later are supported. Recent versions of GCC (4.8+) and Clang should work on non-Windows platforms, and maybe on Windows too. To build the tests, you also need a C++ compiler with C++11 support.
-
Go is required. If not found by CMake, the go executable may be configured explicitly by setting
GO_EXECUTABLE
. -
To build the x86 and x86_64 assembly, your assembler must support AVX2 instructions and MOVBE. If using GNU binutils, you must have 2.22 or later.
Building
Using Ninja (note the 'N' is capitalized in the cmake invocation):
mkdir build
cd build
cmake -GNinja ..
ninja
Using Make (does not work on Windows):
mkdir build
cd build
cmake ..
make
You usually don't need to run cmake
again after changing CMakeLists.txt
files because the build scripts will detect changes to them and rebuild
themselves automatically.
Note that the default build flags in the top-level CMakeLists.txt
are for
debugging—optimisation isn't enabled. Pass -DCMAKE_BUILD_TYPE=Release
to
cmake
to configure a release build.
If you want to cross-compile then there is an example toolchain file for 32-bit
Intel in util/
. Wipe out the build directory, recreate it and run cmake
like
this:
cmake -DCMAKE_TOOLCHAIN_FILE=../util/32-bit-toolchain.cmake -GNinja ..
If you want to build as a shared library, pass -DBUILD_SHARED_LIBS=1
. On
Windows, where functions need to be tagged with dllimport
when coming from a
shared library, define BORINGSSL_SHARED_LIBRARY
in any code which #include
s
the BoringSSL headers.
In order to serve environments where code-size is important as well as those
where performance is the overriding concern, OPENSSL_SMALL
can be defined to
remove some code that is especially large.
See CMake's documentation for other variables which may be used to configure the build.
Building for Android
It's possible to build BoringSSL with the Android NDK using CMake. This has been tested with version 10d of the NDK.
Unpack the Android NDK somewhere and export ANDROID_NDK
to point to the
directory. Then make a build directory as above and run CMake like this:
cmake -DANDROID_ABI=armeabi-v7a \
-DCMAKE_TOOLCHAIN_FILE=../third_party/android-cmake/android.toolchain.cmake \
-DANDROID_NATIVE_API_LEVEL=16 \
-GNinja ..
Once you've run that, Ninja should produce Android-compatible binaries. You
can replace armeabi-v7a
in the above with arm64-v8a
and use API level 21 or
higher to build aarch64 binaries.
For other options, see android-cmake's documentation.
Known Limitations on Windows
-
Versions of CMake since 3.0.2 have a bug in its Ninja generator that causes yasm to output warnings
yasm: warning: can open only one input file, only the last file will be processed
These warnings can be safely ignored. The cmake bug is http://www.cmake.org/Bug/view.php?id=15253.
-
CMake can generate Visual Studio projects, but the generated project files don't have steps for assembling the assembly language source files, so they currently cannot be used to build BoringSSL.
Embedded ARM
ARM, unlike Intel, does not have an instruction that allows applications to discover the capabilities of the processor. Instead, the capability information has to be provided by the operating system somehow.
BoringSSL will try to use getauxval
to discover the capabilities and, failing
that, will probe for NEON support by executing a NEON instruction and handling
any illegal-instruction signal. But some environments don't support that sort
of thing and, for them, it's possible to configure the CPU capabilities
at compile time.
If you define OPENSSL_STATIC_ARMCAP
then you can define any of the following
to enabling the corresponding ARM feature.
OPENSSL_STATIC_ARMCAP_NEON
or__ARM_NEON__
(note that the latter is set by compilers when NEON support is enabled).OPENSSL_STATIC_ARMCAP_AES
OPENSSL_STATIC_ARMCAP_SHA1
OPENSSL_STATIC_ARMCAP_SHA256
OPENSSL_STATIC_ARMCAP_PMULL
Note that if a feature is enabled in this way, but not actually supported at run-time, BoringSSL will likely crash.
Assembling ARMv8 with Clang
In order to support the ARMv8 crypto instructions, Clang requires that the
architecture be armv8-a+crypto
. However, setting that as a general build flag
would allow the compiler to assume that crypto instructions are always
supported, even without testing for them.
It's possible to set the architecture in an assembly file using the .arch
directive, but only very recent versions of Clang support this. If
BORINGSSL_CLANG_SUPPORTS_DOT_ARCH
is defined then .arch
directives will be
used with Clang, otherwise you may need to craft acceptable assembler flags.
Running tests
There are two sets of tests: the C/C++ tests and the blackbox tests. For former
are built by Ninja and can be run from the top-level directory with go run util/all_tests.go
. The latter have to be run separately by running go test
from within ssl/test/runner
.
Both sets of tests may also be run with ninja -C build run_tests
, but CMake
3.2 or later is required to avoid Ninja's output buffering.