Since LibreSSL-portable does not support assembly for minority architectures such as POWER and Aarch64, this repo aims to re-add those to get better performance - on systems with hardware crypto, such as POWER8 and newer, the difference can be as much as 20x in some cases.

The assembly files are taken from CRYPTOGAMS by Andy Polyakov (dot-asm), see https://github.com/dot-asm/cryptogams and LICENSE.cryptogams.

• CRYPTOGAMS commit: 1d27e4fefa7bf058e6ac921eb75b6d3b4b84bfc9

The following files are taken from OpenSSL and are subject to the OpenSSL license; pre-Apache 2.0 commits were used:

• aes-armv4.pl: b0edda11cbfe91e8b99b09909a80a810d0143891
• bsaes-armv7.pl: b0edda11cbfe91e8b99b09909a80a810d0143891
• vpaes-armv8.pl: 46f4e1bec51dc96fa275c168752aa34359d9ee51
• armv8-mont.pl: 6aa36e8e5a062e31543e7796f0351ff9628832ce
• ghash-armv4.pl: 1212818eb07add297fe562eba80ac46a9893781e
• sha256-armv4.pl: 1212818eb07add297fe562eba80ac46a9893781e
• sha512-armv4.pl: 1212818eb07add297fe562eba80ac46a9893781e
• arm64cpuid.pl: 9a708bf982da1d2c9739339d16d7b021da955e00, just CPU probes
• ppc-mont.pl: 774ff8fed67e19d4f5f0df2f59050f2737abab2a
• ppccpuid.pl: OpenSSL 1.1.1g, just CPU probes

See LICENSE.openssl for those.

For LibreSSL version: 3.2.4

CRYPTOGAMS uses a perlasm system to deal with assembly preprocessing. That means assembly files are Perl scripts. You can run those, it will generate stuff for your particular system flavor, and then they get compiled in, with logic to pick up the right stuff at runtime.

LibreSSL-portable lacks this system, instead using already generated assembly files. Therefore, we have to run the perlasm generation externally, and then provide these files to LibreSSL.

Fortunately, for most part they are already compatible. All that was necessary to do was pretty much to add the right runtime CPU detection logic, and in a few places patch things a little (hwaes, gcm128), and feed the results to the build system.

Keep in mind that not all assembly stuff is imported. There are things that LibreSSL doesn't have assembly for even on x86_64, as well as things OpenSSL has and LibreSSL lacks entirely, and so on.

This project consists of:

• Assembly files (perlasm) from the CRYPTOGAMS project
• Assembly files (perlasm) from the OpenSSL project where not in the above
• Generated assembly files (.S) using the above sources
• CPU feature checkers (new)
• Makefiles for assembly platforms
• LibreSSL patches
• Scripts to put it all together

• 64-bit little endian POWER, ELFv2 ABI
• 64-bit big endian POWER, ELFv2 or ELFv1 ABI
• 32-bit big endian PowerPC
• Aarch64 little endian (plus associated support for 32-bit with ARMv8)

The project ships with pre-generated assembly files. You can re-generate them using generate.sh if you want or don't trust that I'm not a malicious entity :). You will need perl installed if you want to do that.

Otherwise, to patch a LibreSSL distribution, run patch_libressl.sh with a path to LibreSSL as the only argument.

After that, regenerate the autotools buildsystem and build as usual. Assembly is enabled by default for all supported architectures.