4467e59bc8
This change adds AES and GHASH assembly from upstream, with the aim of
speeding up AES-GCM.
The PPC64LE assembly matches the interface of the ARMv8 assembly so I've
changed the prefix of both sets of asm functions to be the same
("aes_hw_").
Otherwise, the new assmebly files and Perlasm match exactly those from
upstream's c536b6be1a (from their master branch).
Before:
Did 1879000 AES-128-GCM (16 bytes) seal operations in 1000428us (1878196.1 ops/sec): 30.1 MB/s
Did 61000 AES-128-GCM (1350 bytes) seal operations in 1006660us (60596.4 ops/sec): 81.8 MB/s
Did 11000 AES-128-GCM (8192 bytes) seal operations in 1072649us (10255.0 ops/sec): 84.0 MB/s
Did 1665000 AES-256-GCM (16 bytes) seal operations in 1000591us (1664016.6 ops/sec): 26.6 MB/s
Did 52000 AES-256-GCM (1350 bytes) seal operations in 1006971us (51640.0 ops/sec): 69.7 MB/s
Did 8840 AES-256-GCM (8192 bytes) seal operations in 1013294us (8724.0 ops/sec): 71.5 MB/s
After:
Did 4994000 AES-128-GCM (16 bytes) seal operations in 1000017us (4993915.1 ops/sec): 79.9 MB/s
Did 1389000 AES-128-GCM (1350 bytes) seal operations in 1000073us (1388898.6 ops/sec): 1875.0 MB/s
Did 319000 AES-128-GCM (8192 bytes) seal operations in 1000101us (318967.8 ops/sec): 2613.0 MB/s
Did 4668000 AES-256-GCM (16 bytes) seal operations in 1000149us (4667304.6 ops/sec): 74.7 MB/s
Did 1202000 AES-256-GCM (1350 bytes) seal operations in 1000646us (1201224.0 ops/sec): 1621.7 MB/s
Did 269000 AES-256-GCM (8192 bytes) seal operations in 1002804us (268247.8 ops/sec): 2197.5 MB/s
Change-Id: Id848562bd4e1aa79a4683012501dfa5e6c08cfcc
Reviewed-on: https://boringssl-review.googlesource.com/11262
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
182 lines
6.6 KiB
C
182 lines
6.6 KiB
C
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|
* All rights reserved.
|
|
*
|
|
* This package is an SSL implementation written
|
|
* by Eric Young (eay@cryptsoft.com).
|
|
* The implementation was written so as to conform with Netscapes SSL.
|
|
*
|
|
* This library is free for commercial and non-commercial use as long as
|
|
* the following conditions are aheared to. The following conditions
|
|
* apply to all code found in this distribution, be it the RC4, RSA,
|
|
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
|
* included with this distribution is covered by the same copyright terms
|
|
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
|
*
|
|
* Copyright remains Eric Young's, and as such any Copyright notices in
|
|
* the code are not to be removed.
|
|
* If this package is used in a product, Eric Young should be given attribution
|
|
* as the author of the parts of the library used.
|
|
* This can be in the form of a textual message at program startup or
|
|
* in documentation (online or textual) provided with the package.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* "This product includes cryptographic software written by
|
|
* Eric Young (eay@cryptsoft.com)"
|
|
* The word 'cryptographic' can be left out if the rouines from the library
|
|
* being used are not cryptographic related :-).
|
|
* 4. If you include any Windows specific code (or a derivative thereof) from
|
|
* the apps directory (application code) you must include an acknowledgement:
|
|
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* The licence and distribution terms for any publically available version or
|
|
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
|
* copied and put under another distribution licence
|
|
* [including the GNU Public Licence.]
|
|
*
|
|
* This product includes cryptographic software written by Eric Young
|
|
* (eay@cryptsoft.com). This product includes software written by Tim
|
|
* Hudson (tjh@cryptsoft.com). */
|
|
|
|
#ifndef OPENSSL_HEADER_CPU_H
|
|
#define OPENSSL_HEADER_CPU_H
|
|
|
|
#include <openssl/base.h>
|
|
|
|
#if defined(__cplusplus)
|
|
extern "C" {
|
|
#endif
|
|
|
|
|
|
/* Runtime CPU feature support */
|
|
|
|
|
|
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
|
|
/* OPENSSL_ia32cap_P contains the Intel CPUID bits when running on an x86 or
|
|
* x86-64 system.
|
|
*
|
|
* Index 0:
|
|
* EDX for CPUID where EAX = 1
|
|
* Bit 20 is always zero
|
|
* Bit 28 is adjusted to reflect whether the data cache is shared between
|
|
* multiple logical cores
|
|
* Bit 30 is used to indicate an Intel CPU
|
|
* Index 1:
|
|
* ECX for CPUID where EAX = 1
|
|
* Bit 11 is used to indicate AMD XOP support, not SDBG
|
|
* Index 2:
|
|
* EBX for CPUID where EAX = 7
|
|
* Index 3 is set to zero.
|
|
*
|
|
* Note: the CPUID bits are pre-adjusted for the OSXSAVE bit and the YMM and XMM
|
|
* bits in XCR0, so it is not necessary to check those. */
|
|
extern uint32_t OPENSSL_ia32cap_P[4];
|
|
#endif
|
|
|
|
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
|
|
|
|
#if defined(OPENSSL_APPLE)
|
|
/* iOS builds use the static ARM configuration. */
|
|
#define OPENSSL_STATIC_ARMCAP
|
|
#endif
|
|
|
|
#if !defined(OPENSSL_STATIC_ARMCAP)
|
|
|
|
/* CRYPTO_is_NEON_capable_at_runtime returns true if the current CPU has a NEON
|
|
* unit. Note that |OPENSSL_armcap_P| also exists and contains the same
|
|
* information in a form that's easier for assembly to use. */
|
|
OPENSSL_EXPORT char CRYPTO_is_NEON_capable_at_runtime(void);
|
|
|
|
/* CRYPTO_is_NEON_capable returns true if the current CPU has a NEON unit. If
|
|
* this is known statically then it returns one immediately. */
|
|
static inline int CRYPTO_is_NEON_capable(void) {
|
|
/* Only statically skip the runtime lookup on aarch64. On arm, one CPU is
|
|
* known to have a broken NEON unit which is known to fail with on some
|
|
* hand-written NEON assembly. For now, continue to apply the workaround even
|
|
* when the compiler is instructed to freely emit NEON code. See
|
|
* https://crbug.com/341598 and https://crbug.com/606629. */
|
|
#if defined(__ARM_NEON__) && !defined(OPENSSL_ARM)
|
|
return 1;
|
|
#else
|
|
return CRYPTO_is_NEON_capable_at_runtime();
|
|
#endif
|
|
}
|
|
|
|
#if defined(OPENSSL_ARM)
|
|
/* CRYPTO_has_broken_NEON returns one if the current CPU is known to have a
|
|
* broken NEON unit. See https://crbug.com/341598. */
|
|
OPENSSL_EXPORT int CRYPTO_has_broken_NEON(void);
|
|
#endif
|
|
|
|
/* CRYPTO_is_ARMv8_AES_capable returns true if the current CPU supports the
|
|
* ARMv8 AES instruction. */
|
|
int CRYPTO_is_ARMv8_AES_capable(void);
|
|
|
|
/* CRYPTO_is_ARMv8_PMULL_capable returns true if the current CPU supports the
|
|
* ARMv8 PMULL instruction. */
|
|
int CRYPTO_is_ARMv8_PMULL_capable(void);
|
|
|
|
#else
|
|
|
|
static inline int CRYPTO_is_NEON_capable(void) {
|
|
#if defined(OPENSSL_STATIC_ARMCAP_NEON) || defined(__ARM_NEON__)
|
|
return 1;
|
|
#else
|
|
return 0;
|
|
#endif
|
|
}
|
|
|
|
static inline int CRYPTO_is_ARMv8_AES_capable(void) {
|
|
#if defined(OPENSSL_STATIC_ARMCAP_AES)
|
|
return 1;
|
|
#else
|
|
return 0;
|
|
#endif
|
|
}
|
|
|
|
static inline int CRYPTO_is_ARMv8_PMULL_capable(void) {
|
|
#if defined(OPENSSL_STATIC_ARMCAP_PMULL)
|
|
return 1;
|
|
#else
|
|
return 0;
|
|
#endif
|
|
}
|
|
|
|
#endif /* OPENSSL_STATIC_ARMCAP */
|
|
#endif /* OPENSSL_ARM || OPENSSL_AARCH64 */
|
|
|
|
#if defined(OPENSSL_PPC64LE)
|
|
|
|
/* CRYPTO_is_PPC64LE_vcrypto_capable returns true iff the current CPU supports
|
|
* the Vector.AES category of instructions. */
|
|
int CRYPTO_is_PPC64LE_vcrypto_capable(void);
|
|
|
|
#endif /* OPENSSL_PPC64LE */
|
|
|
|
|
|
#if defined(__cplusplus)
|
|
} /* extern C */
|
|
#endif
|
|
|
|
#endif /* OPENSSL_HEADER_CPU_H */
|