|
|
|
|
# Copyright (c) 2016, Google Inc.
|
|
|
|
|
#
|
|
|
|
|
# Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
|
# purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
# copyright notice and this permission notice appear in all copies.
|
|
|
|
|
#
|
|
|
|
|
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
|
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
|
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
|
|
|
# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
|
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
|
|
|
# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
|
|
|
# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
|
|
|
|
|
|
load("@rules_cc//cc:defs.bzl", "cc_binary", "cc_library")
|
|
|
|
|
load(
|
|
|
|
|
":BUILD.generated.bzl",
|
|
|
|
|
"crypto_headers",
|
|
|
|
|
"crypto_internal_headers",
|
|
|
|
|
"crypto_sources",
|
|
|
|
|
"crypto_sources_apple_aarch64",
|
|
|
|
|
"crypto_sources_apple_x86_64",
|
|
|
|
|
"crypto_sources_linux_aarch64",
|
|
|
|
|
"crypto_sources_linux_ppc64le",
|
|
|
|
|
"crypto_sources_linux_x86_64",
|
|
|
|
|
"fips_fragments",
|
|
|
|
|
"ssl_headers",
|
|
|
|
|
"ssl_internal_headers",
|
|
|
|
|
"ssl_sources",
|
|
|
|
|
"tool_headers",
|
|
|
|
|
"tool_sources",
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
licenses(["notice"])
|
|
|
|
|
|
|
|
|
|
exports_files(["LICENSE"])
|
|
|
|
|
|
|
|
|
|
config_setting(
|
|
|
|
|
name = "linux_aarch64",
|
|
|
|
|
constraint_values = [
|
|
|
|
|
"@platforms//os:linux",
|
|
|
|
|
"@platforms//cpu:aarch64",
|
|
|
|
|
],
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
config_setting(
|
|
|
|
|
name = "linux_x86_64",
|
|
|
|
|
constraint_values = [
|
|
|
|
|
"@platforms//os:linux",
|
|
|
|
|
"@platforms//cpu:x86_64",
|
|
|
|
|
],
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
config_setting(
|
|
|
|
|
name = "linux_ppc64le",
|
|
|
|
|
constraint_values = [
|
|
|
|
|
"@platforms//os:linux",
|
|
|
|
|
"@platforms//cpu:ppc",
|
|
|
|
|
],
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
config_setting(
|
|
|
|
|
name = "macos_aarch64",
|
|
|
|
|
constraint_values = [
|
|
|
|
|
"@platforms//os:macos",
|
|
|
|
|
"@platforms//cpu:aarch64",
|
|
|
|
|
],
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
config_setting(
|
|
|
|
|
name = "macos_x86_64",
|
|
|
|
|
constraint_values = [
|
|
|
|
|
"@platforms//os:macos",
|
|
|
|
|
"@platforms//cpu:x86_64",
|
|
|
|
|
],
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
posix_copts = [
|
|
|
|
|
# Assembler option --noexecstack adds .note.GNU-stack to each object to
|
|
|
|
|
# ensure that binaries can be built with non-executable stack.
|
|
|
|
|
"-Wa,--noexecstack",
|
|
|
|
|
|
|
|
|
|
# This list of warnings should match those in the top-level CMakeLists.txt.
|
|
|
|
|
"-Wall",
|
|
|
|
|
"-Werror",
|
|
|
|
|
"-Wformat=2",
|
|
|
|
|
"-Wsign-compare",
|
|
|
|
|
"-Wmissing-field-initializers",
|
|
|
|
|
"-Wwrite-strings",
|
|
|
|
|
"-Wshadow",
|
|
|
|
|
"-fno-common",
|
|
|
|
|
]
|
|
|
|
|
|
Enable SHA-512 ARM acceleration when available.
This imports the changes to sha512-armv8.pl from
upstream's af0fcf7b4668218b24d9250b95e0b96939ccb4d1.
Tweaks needed:
- Add an explicit .text because we put .LK$BITS in .rodata for XOM
- .LK$bits and code are in separate sections, so use adrp/add instead of
plain adr
- Where glibc needs feature flags to *enable* pthread_rwlock, Apple
interprets _XOPEN_SOURCE as a request to *disable* Apple extensions.
Tighten the condition on the _XOPEN_SOURCE check.
Added support for macOS and Linux, tested manually on an ARM Mac and a
VM, respectively. Fuchsia and Windows do not currently have APIs to
expose this bit, so I've left in TODOs. Benchmarks from an Apple M1 Max:
Before:
Did 4647000 SHA-512 (16 bytes) operations in 1000103us (74.3 MB/sec)
Did 1614000 SHA-512 (256 bytes) operations in 1000379us (413.0 MB/sec)
Did 439000 SHA-512 (1350 bytes) operations in 1001694us (591.6 MB/sec)
Did 76000 SHA-512 (8192 bytes) operations in 1011821us (615.3 MB/sec)
Did 39000 SHA-512 (16384 bytes) operations in 1024311us (623.8 MB/sec)
After:
Did 10369000 SHA-512 (16 bytes) operations in 1000088us (165.9 MB/sec) [+123.1%]
Did 3650000 SHA-512 (256 bytes) operations in 1000079us (934.3 MB/sec) [+126.2%]
Did 1029000 SHA-512 (1350 bytes) operations in 1000521us (1388.4 MB/sec) [+134.7%]
Did 175000 SHA-512 (8192 bytes) operations in 1001874us (1430.9 MB/sec) [+132.5%]
Did 89000 SHA-512 (16384 bytes) operations in 1010314us (1443.3 MB/sec) [+131.4%]
(This doesn't seem to change the overall SHA-256 vs SHA-512 performance
question on ARM, when hashing perf matters. SHA-256 on the same chip
gets up to 2454.6 MB/s.)
In terms of build coverage, for now, we'll have build coverage
everywhere and test coverage on Chromium, which runs this code on macOS
CI. We should request a macOS ARM64 bot for our standalone CI. Longer
term, we need a QEMU-based builder to test various features. QEMU seems
to have pretty good coverage of all this, which will at least give us
Linux.
I haven't added an OPENSSL_STATIC_ARMCAP_SHA512 for now. Instead, we
just look at the standard __ARM_FEATURE_SHA512 define. Strangely, the
corresponding -march tag is not sha512. Neither GCC and nor Clang have
-march=armv8-a+sha512. Instead, -march=armv8-a+sha3 implies both
__ARM_FEATURE_SHA3 and __ARM_FEATURE_SHA512! Yet everything else seems
to describe the SHA512 extension as separate from SHA3.
https://developer.arm.com/architectures/system-architectures/software-standards/acle
Update-Note: Consumers with a different build setup may need to
limit -D_XOPEN_SOURCE=700 to Linux or non-Apple platforms. Otherwise,
<sys/types.h> won't define some typedef needed by <sys/sysctl.h>. If you
see a build error about u_char, etc., being undefined in some system
header, that is probably the cause.
Change-Id: Ia213d3796b84c71b7966bb68e0aec92e5d7d26f0
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50807
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
3 years ago
|
|
|
linux_copts = posix_copts + [
|
|
|
|
|
# This is needed on Linux systems (at least) to get rwlock in pthread, but
|
|
|
|
|
# it should not be set on Apple platforms, where it instead disables APIs
|
|
|
|
|
# we use. See compat(5) and sys/cdefs.h.
|
|
|
|
|
"-D_XOPEN_SOURCE=700",
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
boringssl_copts = select({
|
|
|
|
|
"@platforms//os:linux": linux_copts,
|
|
|
|
|
"@platforms//os:macos": posix_copts,
|
|
|
|
|
"@platforms//os:windows": ["-DWIN32_LEAN_AND_MEAN"],
|
|
|
|
|
"//conditions:default": [],
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
# These selects must be kept in sync.
|
|
|
|
|
crypto_sources_asm = select({
|
|
|
|
|
":linux_aarch64": crypto_sources_linux_aarch64,
|
|
|
|
|
":linux_ppc64le": crypto_sources_linux_ppc64le,
|
|
|
|
|
":linux_x86_64": crypto_sources_linux_x86_64,
|
|
|
|
|
":macos_aarch64": crypto_sources_apple_aarch64,
|
|
|
|
|
":macos_x86_64": crypto_sources_apple_x86_64,
|
|
|
|
|
"//conditions:default": [],
|
|
|
|
|
})
|
|
|
|
|
boringssl_copts += select({
|
|
|
|
|
":linux_aarch64": [],
|
|
|
|
|
":linux_ppc64le": [],
|
|
|
|
|
":linux_x86_64": [],
|
|
|
|
|
":macos_aarch64": [],
|
|
|
|
|
":macos_x86_64": [],
|
|
|
|
|
"//conditions:default": ["-DOPENSSL_NO_ASM"],
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
# For C targets only (not C++), compile with C11 support.
|
|
|
|
|
posix_copts_c11 = [
|
|
|
|
|
"-std=c11",
|
|
|
|
|
"-Wmissing-prototypes",
|
|
|
|
|
"-Wold-style-definition",
|
|
|
|
|
"-Wstrict-prototypes",
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
boringssl_copts_c11 = boringssl_copts + select({
|
|
|
|
|
"@platforms//os:linux": posix_copts_c11,
|
|
|
|
|
"@platforms//os:macos": posix_copts_c11,
|
|
|
|
|
"//conditions:default": [],
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
# For C++ targets only (not C), compile with C++14 support.
|
|
|
|
|
posix_copts_cxx = [
|
|
|
|
|
"-std=c++14",
|
|
|
|
|
"-Wmissing-declarations",
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
boringssl_copts_cxx = boringssl_copts + select({
|
|
|
|
|
"@platforms//os:linux": posix_copts_cxx,
|
|
|
|
|
"@platforms//os:macos": posix_copts_cxx,
|
|
|
|
|
"//conditions:default": [],
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
|
name = "crypto",
|
|
|
|
|
srcs = crypto_sources + crypto_internal_headers + crypto_sources_asm,
|
|
|
|
|
hdrs = crypto_headers + fips_fragments,
|
|
|
|
|
copts = boringssl_copts_c11,
|
|
|
|
|
includes = ["src/include"],
|
|
|
|
|
linkopts = select({
|
|
|
|
|
# Android supports pthreads, but does not provide a libpthread
|
|
|
|
|
# to link against.
|
|
|
|
|
"@platforms//os:android": [],
|
|
|
|
|
"@platforms//os:macos": [],
|
|
|
|
|
"@platforms//os:windows": ["-defaultlib:advapi32.lib"],
|
|
|
|
|
"//conditions:default": ["-lpthread"],
|
|
|
|
|
}),
|
|
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
|
name = "ssl",
|
|
|
|
|
srcs = ssl_sources + ssl_internal_headers,
|
|
|
|
|
hdrs = ssl_headers,
|
|
|
|
|
copts = boringssl_copts_cxx,
|
|
|
|
|
includes = ["src/include"],
|
|
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
|
deps = [
|
|
|
|
|
":crypto",
|
|
|
|
|
],
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
cc_binary(
|
|
|
|
|
name = "bssl",
|
|
|
|
|
srcs = tool_sources + tool_headers,
|
|
|
|
|
copts = boringssl_copts_cxx,
|
|
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
|
deps = [":ssl"],
|
|
|
|
|
)
|
