ossl: Add GCM support on powerpc64/powerpc64le (POWER8+)
Needs ReviewPublic
Actions

Authored by sanastasio_raptorengineering.com on Mar 7 2024, 9:02 PM.

Details

Reviewers

jhb
jhibbits

Summary

Separate ossl's existing AES-NI GCM implementation into a common
ossl_aes_gcm.c and add conditionals to switch between OpenSSL's AES-NI
and POWER8 GCM routines depending on the architecture. Since the
existing AVX-512 implementation is less agnostic, move it into a
separate ossl_aes_gcm_avx512.c.

Additionally, import the required POWER8 GCM routines for both powerpc64
and powerpc64le from OpenSSL 3.1.2.

Test Plan

Tested using tools/tools/cryptocheck as well as through an IPSec VPN configured for aes-gcm

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

sanastasio_raptorengineering.com requested review of this revision.Mar 7 2024, 9:02 PM

sanastasio_raptorengineering.com created this revision.

Whitespace/formatting cleanup
Use powerpc64 compiler conditional instead of PPC
Drop ppc_aes_gcm_{de,en}crypt_ wrapper functions in favor of macros

Hi all, sorry for the ping. If anybody had time to review this, it would be greatly appreciated. We've deployed this patch internally on some of our production systems and in addition to the massive performance improvement, it has proven stable under various workloads.

In D44274#1017742, @sanastasio_raptorengineering.com wrote:

Hi all, sorry for the ping. If anybody had time to review this, it would be greatly appreciated. We've deployed this patch internally on some of our production systems and in addition to the massive performance improvement, it has proven stable under various workloads.

Hi @sanastasio_raptorengineering.com It looks fine from my (rather limited) perspective, but I would really like @jhb to review it, since he's played a lot in the OSSL module space.

@markj worked on the avx512 bits for ossl for AES-GCM so probably should look as well

It looks like the ARM NEON implementation could be deduplicated too, but it isn't. Is there a reason?

sys/crypto/openssl/ossl_aes_gcm.c
54
83	Please follow style(9) for the prototype, i.e., the return type should be its own line and continuing lines should be indented by four spaces.
119	Please fix the style here.
sys/modules/ossl/Makefile
29	Do we now have two ossl_aes_gcm.c files? i.e., the one you added and the one under arm/? The latter should perhaps be called ossl_aes_gcm_neon.c or similar.