Since LibreSSL-portable does not support assembly for minority architectures such as POWER and Aarch64, this repo aims to re-add those to get better performance - on systems with hardware crypto, such as POWER8 and newer, the difference can be as much as 20x in some cases.
The assembly files are taken from CRYPTOGAMS by Andy Polyakov (dot-asm),
see https://github.com/dot-asm/cryptogams and LICENSE.cryptogams
.
- CRYPTOGAMS commit:
1d27e4fefa7bf058e6ac921eb75b6d3b4b84bfc9
The following files are taken from OpenSSL and are subject to the OpenSSL license; pre-Apache 2.0 commits were used:
aes-armv4.pl
:b0edda11cbfe91e8b99b09909a80a810d0143891
bsaes-armv7.pl
:b0edda11cbfe91e8b99b09909a80a810d0143891
vpaes-armv8.pl
:46f4e1bec51dc96fa275c168752aa34359d9ee51
armv8-mont.pl
:6aa36e8e5a062e31543e7796f0351ff9628832ce
ghash-armv4.pl
:1212818eb07add297fe562eba80ac46a9893781e
sha256-armv4.pl
:1212818eb07add297fe562eba80ac46a9893781e
sha512-armv4.pl
:1212818eb07add297fe562eba80ac46a9893781e
arm64cpuid.pl
:9a708bf982da1d2c9739339d16d7b021da955e00
, just CPU probesppc-mont.pl
:774ff8fed67e19d4f5f0df2f59050f2737abab2a
ppccpuid.pl
: OpenSSL 1.1.1g, just CPU probes
See LICENSE.openssl
for those.
For LibreSSL version: 3.2.4
CRYPTOGAMS uses a perlasm
system to deal with assembly preprocessing. That
means assembly files are Perl scripts. You can run those, it will generate
stuff for your particular system flavor, and then they get compiled in, with
logic to pick up the right stuff at runtime.
LibreSSL-portable lacks this system, instead using already generated assembly
files. Therefore, we have to run the perlasm
generation externally, and then
provide these files to LibreSSL.
Fortunately, for most part they are already compatible. All that was necessary
to do was pretty much to add the right runtime CPU detection logic, and in a
few places patch things a little (hwaes
, gcm128
), and feed the results
to the build system.
Keep in mind that not all assembly stuff is imported. There are things that
LibreSSL doesn't have assembly for even on x86_64
, as well as things OpenSSL
has and LibreSSL lacks entirely, and so on.
This project consists of:
- Assembly files (
perlasm
) from the CRYPTOGAMS project - Assembly files (
perlasm
) from the OpenSSL project where not in the above - Generated assembly files (
.S
) using the above sources - CPU feature checkers (new)
- Makefiles for assembly platforms
- LibreSSL patches
- Scripts to put it all together
- 64-bit little endian POWER, ELFv2 ABI
- 64-bit big endian POWER, ELFv2 or ELFv1 ABI
- 32-bit big endian PowerPC
- Aarch64 little endian (plus associated support for 32-bit with ARMv8)
The project ships with pre-generated assembly files. You can re-generate
them using generate.sh
if you want or don't trust that I'm not a malicious
entity :). You will need perl
installed if you want to do that.
Otherwise, to patch a LibreSSL distribution, run patch_libressl.sh
with
a path to LibreSSL as the only argument.
After that, regenerate the autotools buildsystem and build as usual. Assembly is enabled by default for all supported architectures.