Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

P-384/521 runtime check for s2n-bignum on aarch64 #983

Merged
merged 1 commit into from
Apr 26, 2023
Merged

P-384/521 runtime check for s2n-bignum on aarch64 #983

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 3 additions & 11 deletions crypto/fipsmodule/ec/p384.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
#include <openssl/mem.h>

#include "../bn/internal.h"
#include "../cpucap/internal.h"
#include "../delocate.h"
#include "internal.h"

Expand Down Expand Up @@ -77,25 +78,16 @@ static const p384_felem p384_felem_one = {
// every x86 CPU so we have to check if they are available and in case
// they are not we fallback to slightly slower but generic implementation.
static inline uint8_t p384_use_s2n_bignum_alt(void) {
return ((OPENSSL_ia32cap_get()[2] & (1u << 8)) == 0) || // bmi2
((OPENSSL_ia32cap_get()[2] & (1u << 19)) == 0); // adx
return (!CRYPTO_is_BMI2_capable() || !CRYPTO_is_ADX_capable());
}
#else
// On aarch64 platforms s2n-bignum has two implementations of certain
// functions -- the default one and the alternative (suffixed _alt).
// Depending on the architecture one version is faster than the other.
// Generally, the "_alt" functions are faster on architectures with higher
// multiplier throughput, for example, Graviton 3, Apple's M1 and iPhone chips.
// Until we find a clear way to determine in runtime which architecture we
// are running on we stick with the default s2n-bignum functions. Except in
// the case of Apple, because we know that on Apple's Arm chips the "_alt"
// functions are faster.
static inline uint8_t p384_use_s2n_bignum_alt(void) {
#if defined(OPENSSL_APPLE)
return 1;
#else
return 0;
#endif
return CRYPTO_is_ARMv8_wide_multiplier_capable();
}
#endif

Expand Down
14 changes: 3 additions & 11 deletions crypto/fipsmodule/ec/p521.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
#include <openssl/mem.h>

#include "../bn/internal.h"
#include "../cpucap/internal.h"
#include "../delocate.h"
#include "internal.h"

Expand Down Expand Up @@ -80,25 +81,16 @@ static const p521_limb_t p521_felem_p[P521_NLIMBS] = {
// every x86 CPU so we have to check if they are available and in case
// they are not we fallback to slightly slower but generic implementation.
static inline uint8_t p521_use_s2n_bignum_alt(void) {
return ((OPENSSL_ia32cap_get()[2] & (1u << 8)) == 0) || // bmi2
((OPENSSL_ia32cap_get()[2] & (1u << 19)) == 0); // adx
return (!CRYPTO_is_BMI2_capable() || !CRYPTO_is_ADX_capable());
}
#else
// On aarch64 platforms s2n-bignum has two implementations of certain
// functions -- the default one and the alternative (suffixed _alt).
// Depending on the architecture one version is faster than the other.
// Generally, the "_alt" functions are faster on architectures with higher
// multiplier throughput, for example, Graviton 3, Apple's M1 and iPhone chips.
// Until we find a clear way to determine in runtime which architecture we
// are running on we stick with the default s2n-bignum functions. Except in
// the case of Apple, because we know that on Apple's Arm chips the "_alt"
// functions are faster.
static inline uint8_t p521_use_s2n_bignum_alt(void) {
#if defined(OPENSSL_APPLE)
return 1;
#else
return 0;
#endif
return CRYPTO_is_ARMv8_wide_multiplier_capable();
}
#endif

Expand Down