New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RISC-V support for the SHA256 #16710
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I know we already approved and merged the SHA-512 support. My question is - for other architectures that add new instructions for algorithm acceleration or any other extra instruction sets we usually support building "full featured" assembler code which contains fallback code paths for CPUs which do not support these instructions. Do these RISC-V PRs effectively make the asm build for RISC-V depending on these special instructions being supported? Please note I do not know almost anything about RISC-V so it is possible that these instructions are widely available and for the rest building with no-asm is sufficient. |
@t8m To some point compiler generates more or less efficient code depending on what exact subset is supported. My patches should help it in that cases where it can not generate the most efficient code by itself. Sorry if I misunderstood your question. |
I try to ask differently - Other asm implementations for different architectures (such as x86, arm, ppc, or s390x) do runtime selection of the codepath (and thus extra instructions) used. So the code can be built once and run on different CPU models with different extra instructions (AVX2, SSSE3,....). Your patches do not do that, if I understand them correctly. They are just build-time and once you build so the instructions are used you cannot use the binaries on CPUs which do not support these sha512 or sha256 instructions. |
Yes, you understand my patches correctly. The problem is: RISC-V currently has no consensus about the discovery mechanism. Previously it should be done by checking the machine-ISA register. Currently, both bit-manipulation and cryptographic extensions marked their MISA bits as deprecated (they now should be hard-wired to zero). Here is the quote from the pre-release version: So now there is no consensual adequate discovery mechanism at this exact moment.
But now it is impossible. The only way it is possible to provide run-time fallbacks is to execute some instruction and then to catch an exception. |
OK, thanks for the explanation. I think I can approve this now. |
Some platforms do exactly this. It's hideous. |
Yeah that approach is causing multiple problems, let's not do it here. |
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
At least one approach we use on some platforms, is that the OS can provide that information. On linux this would be using getauxval(). |
Good point @kroeckx |
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #16710)
Merged to master. Thanks for the contribution. |
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#16710) (cherry picked from commit 657d192)
No description provided.