[gnutls-devel] Quick questions re: creating new crypto acceleration patch

Wood, Matthew D matthew.d.wood at intel.com
Fri Mar 7 00:26:10 CET 2014

I¹m investigating creating a patch that would add support for the upcoming
Intel(R) SHA Extensions acceleration
(http://software.intel.com/en-us/articles/intel-sha-extensions) to GuTLS.
The instructions accelerate SHA-1 and SHA-256 in upcoming processors (e.g.
Goldmont). I wanted to confirm my strategy and get your advice prior to
heavy investment.

1. Create patch from the git master vs. the current stable branch
(gnutls_3_2_x). I want to confirm this because I have not been able to
successfully build the master without changes, while the stable branch
builds without issues. I am using Ubuntu 13.10 64bit with all patches.

note: The build on master fails related to ocsptool-args.h not having a
build rule. Porting the src/Makefile.in change to the BUILT_SOURCES
variable in the latest stable branch (removing headers in the list) solves
the issue.

2. It appears that much of the assembly is linked in from OpenSSL. It
doesn¹t appear that the Intel SHA Extensions contributions to OpenSSL have
made it into their release tree yet. Would you prefer to wait for a patch
that follows this inclusion pattern or to have GnuTLS specific assembly
code submitted? There is reference code from Intel at
ns that would serve as my starting point if I were to create GnuTLS
specific assembly.

3. When registering the optimized SHA implementations, the priority would
be 70. The implementations optimized for SSE3 are currently 80, and the
versions using the SHA extensions would be preferred.

I would also need to make the following adjustment to current code:

- gnutls_cpuid() would change to set ECX=0 prior to the cpuid instruction.
Detecting support for the SHA instructions uses CPUID leaf 7, sub-leaf 0
(eax=7,ecx=0) and any other value in ecx returns zeros in all response
registers. It would not change the interface to gnutls_cpuid(), just make
it more robust.

The timing of the patch would be sometime after the release of GCC 4.9.x
and prior to the release of the supporting hardware. GCC 4.9.x supports
the new SHA extensions, and is estimated to be released sometime around
the end of this month.

Matt Wood

More information about the Gnutls-devel mailing list