[gnutls-devel] Quick questions re: creating new crypto acceleration patch

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Mar 7 08:29:39 CET 2014

On Thu, 2014-03-06 at 23:26 +0000, Wood, Matthew D wrote:
> I¹m investigating creating a patch that would add support for the upcoming
> Intel(R) SHA Extensions acceleration
> (http://software.intel.com/en-us/articles/intel-sha-extensions) to GuTLS.
> The instructions accelerate SHA-1 and SHA-256 in upcoming processors (e.g.
> Goldmont). I wanted to confirm my strategy and get your advice prior to
> heavy investment.

Hello Matthew,
 I think the best would be to have the additions in nettle directly, so
that other projects using nettle benefit as well. If I remember well,
the idea there was to have a constructor that will check for specific
processor capabilities and set a variable (e.g., cpuid flags) which will
be used during the execution to divert to the assembly optimized

But for details you'll have to talk directly with the author (Niels).

> 3. When registering the optimized SHA implementations, the priority would
> be 70. The implementations optimized for SSE3 are currently 80, and the
> versions using the SHA extensions would be preferred.

The cipher overriding part in gnutls was created as an interim solution
until nettle supports overriding ciphers at runtime. I'd like to add new
ciphers in that, only if adding that capability to nettle isn't possible
(or practical). In that case we can fallback to using the cipher
overriding api in gnutls for the SHA optimizations.


More information about the Gnutls-devel mailing list