-
Notifications
You must be signed in to change notification settings - Fork 10.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conditionally enable OPENSSL_NO_ASM for Visual Studio #21427
Conversation
The concern is whether I need to install |
We could use CheckLanguage from within |
I tried on a machine that doesn't have NASM installed and got this error:
|
I don't have experience with CheckLanguage, but it could work. |
From the BoringSSL side, consider the assembly all but mandatory. It may be worth breaking builds with an explicit opt-out. Cryptography has more complex correctness requirements than most code. It's performance-sensitive and needs to meet some odd "constant-time" security requirements. Two of the most important symmetric algorithms, AES and GHASH (the hash in AES-GCM), do not map well to portable C. Meeting constant-time security requirements takes performance tradeoffs. With assembly, we can use dedicated hardware instructions on modern CPUs. Assembly also lets us use SIMD instructions for a middle tier of fallback: given SSSE3 (x86) or NEON (arm), we can build AES and GHASH out of byte shuffle operations.
The TLS library will prioritize ChaCha20-Poly1305 when AES hardware is unavailable (either due to the hardware itself or |
@davidben thanks for the input, we will consider this, but I'd like to consider it separately from this PR. |
This configuration variable was originally set due to a bug in CMake. We now build BoringSSL with assembly optimizations on Visual Studio provided that the version of CMake we're using is "new enough" (3.13+) and the NASM assembler is installed.
20fa511
to
5f073ed
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM once tests pass.
@veblush need another Googler's LGTM. |
This configuration variable was originally disabled due to a bug
in CMake. If we are using a "new enough" version of CMake (3.13+)
we can now enable this flag for Visual Studio builds.
@karthikravis
@jtattermusch
see #16376