MDEV-19684 enable intel assembly (AESNI etc) and fastmath when compiling WolfSSL

Using different recommended speedup options for WolfSSL. - Enable x64 assembly code on Intel. - in my_crypt.cc, align EVP_CIPHER_CTX buffer, since some members need alignment of 16 (for AESNI instructions), when assembler is enabled. - Adjust MY_AES_CTX_SIZE - Enable fastmath in wolfssl (large integer math).

MDEV-19684 enable intel assembly (AESNI etc) and fastmath when compiling WolfSSL
Using different recommended speedup options for WolfSSL. - Enable x64 assembly code on Intel. - in my_crypt.cc, align EVP_CIPHER_CTX buffer, since some members need alignment of 16 (for AESNI instructions), when assembler is enabled. - Adjust MY_AES_CTX_SIZE - Enable fastmath in wolfssl (large integer math).
c5beac68 · Vladislav Vaintroub · 92df31df · c5beac68 · c5beac68 · c5beac68
Commit c5beac68 authored Jun 04, 2019 by Vladislav Vaintroub
Showing with 82 additions and 8 deletions

extra/wolfssl/CMakeLists.txt extra/wolfssl/CMakeLists.txt +61 -2

include/mysql/service_my_crypt.h include/mysql/service_my_crypt.h +1 -1

mysys_ssl/my_crypt.cc mysys_ssl/my_crypt.cc +20 -5

No files found.
--- a/extra/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/CMakeLists.txt
+IF(MSVC)
+  PROJECT(wolfssl C ASM_MASM)
+ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64")
+   PROJECT(wolfssl C ASM)
+ELSE()
+  PROJECT(wolfssl C)
+ENDIF()
+IF(MSVC AND (CMAKE_SIZEOF_VOID_P MATCHES 8))
+  SET(WOLFSSL_INTELASM ON)
+ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64")
+  IF(CMAKE_C_COMPILER_ID MATCHES GNU  AND CMAKE_C_COMPILER_VERSION VERSION_LESS 4.9)
+    MESSAGE_ONCE(NO_INTEL_ASSEMBLY "Disable Intel assembly for WolfSSL - compiler is too old")
+  ELSE()
+    MY_CHECK_C_COMPILER_FLAG(-maes)
+    MY_CHECK_C_COMPILER_FLAG(-msse4)
+    MY_CHECK_C_COMPILER_FLAG(-mpclmul)
+  ENDIF()
+  IF(have_C__maes AND have_C__msse4 AND have_C__mpclmul)
+    SET(WOLFSSL_INTELASM ON)
+  ENDIF()
+ENDIF()
 SET(WOLFSSL_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/src)
 ADD_DEFINITIONS(${SSL_DEFINES})
 ADD_DEFINITIONS(
@@ -32,7 +55,7 @@ ADD_DEFINITIONS(-DWOLFSSL_LIB)
 INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl)
 IF(MSVC)
  # size_t to long truncation warning
-  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267")
+  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267 -wd4334")
  IF(CMAKE_C_COMPILER_ID MATCHES Clang)
    # Workaround a bug with clang-cl, see https://github.com/wolfSSL/wolfssl/pull/2090
    ADD_DEFINITIONS(-DMP_16BIT)
@@ -66,7 +89,6 @@ ${WOLFCRYPT_SRCDIR}/dsa.c
 ${WOLFCRYPT_SRCDIR}/ecc.c
 ${WOLFCRYPT_SRCDIR}/error.c
 ${WOLFCRYPT_SRCDIR}/hmac.c
-${WOLFCRYPT_SRCDIR}/integer.c
 ${WOLFCRYPT_SRCDIR}/logging.c
 ${WOLFCRYPT_SRCDIR}/md4.c
 ${WOLFCRYPT_SRCDIR}/md5.c
@@ -85,5 +107,42 @@ ${WOLFCRYPT_SRCDIR}/hash.c
 ${WOLFCRYPT_SRCDIR}/wolfmath.c
 )
+# Use fastmath large number math library.
+IF(NOT (MSVC AND CMAKE_C_COMPILER_ID MATCHES Clang)
+   AND (CMAKE_SIZEOF_VOID_P EQUAL 8))
+  SET(WOLFSSL_FASTMATH 1)
+ENDIF()
+IF(WOLFSSL_FASTMATH)
+ ADD_DEFINITIONS(-DUSE_FAST_MATH)
+ # FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test
+ # WolfSSL will use more stack space with it
+ ADD_DEFINITIONS(-DFP_MAX_BITS=16384)
+ SET(WOLFCRYPT_SOURCES  ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/tfm.c)
+ELSE()
+ SET(WOLFCRYPT_SOURCES  ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/integer.c)
+ENDIF()
+IF(WOLFSSL_INTELASM)
+  ADD_DEFINITIONS(-DWOLFSSL_AESNI)
+  SET(SSL_DEFINES "${SSL_DEFINES} -DWOLFSSL_AESNI" PARENT_SCOPE)
+  LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/cpuid.c)
+  IF(MSVC)
+    LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/aes_asm.asm)
+    IF(CMAKE_C_COMPILER_ID MATCHES Clang)
+      SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -maes")
+    ELSE()
+      ADD_DEFINITIONS(-DHAVE_INTEL_RDSEED -DWOLFSSL_X86_64_BUILD)
+    ENDIF()
+  ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64")
+    ADD_DEFINITIONS(-DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP)
+    LIST(APPEND WOLFCRYPT_SOURCES
+        ${WOLFCRYPT_SRCDIR}/aes_asm.S
+        ${WOLFCRYPT_SRCDIR}/sha512_asm.S
+        ${WOLFCRYPT_SRCDIR}/sha256_asm.S)
+    ADD_DEFINITIONS(-maes -msse4 -mpclmul)
+  ENDIF()
+ENDIF()
 ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES})
--- a/include/mysql/service_my_crypt.h
+++ b/include/mysql/service_my_crypt.h
@@ -45,7 +45,7 @@ extern "C" {
 /* The max key length of all supported algorithms */
 #define MY_AES_MAX_KEY_LENGTH 32
-#define MY_AES_CTX_SIZE 560
+#define MY_AES_CTX_SIZE 600
 enum my_aes_mode {
    MY_AES_ECB, MY_AES_CBC

--- a/mysys_ssl/my_crypt.cc
+++ b/mysys_ssl/my_crypt.cc
@@ -25,16 +25,28 @@
 #include <my_crypt.h>
 #include <ssl_compat.h>
+#include <cstdint>
+#ifdef HAVE_WOLFSSL
+#define CTX_ALIGN 16
+#else
+#define CTX_ALIGN 0
+#endif
 class MyCTX
 {
 public:
-  char ctx_buf[EVP_CIPHER_CTX_SIZE];
+  char ctx_buf[EVP_CIPHER_CTX_SIZE + CTX_ALIGN];
-  EVP_CIPHER_CTX *ctx;
+  EVP_CIPHER_CTX* ctx;
  MyCTX()
  {
-    ctx= (EVP_CIPHER_CTX *)ctx_buf;
+#if CTX_ALIGN > 0
+    uintptr_t p= ((uintptr_t)ctx_buf + (CTX_ALIGN - 1)) & ~(CTX_ALIGN - 1);
+    ctx = reinterpret_cast<EVP_CIPHER_CTX*>(p);
+#else
+    ctx = (EVP_CIPHER_CTX*)ctx_buf;
+#endif
    EVP_CIPHER_CTX_init(ctx);
  }
  virtual ~MyCTX()
@@ -149,8 +161,11 @@ class MyCTX_nopad : public MyCTX
      uchar mask[MY_AES_BLOCK_SIZE];
      uint mlen;
-      my_aes_crypt(MY_AES_ECB, ENCRYPTION_FLAG_ENCRYPT | ENCRYPTION_FLAG_NOPAD,
+      int rc= my_aes_crypt(MY_AES_ECB, ENCRYPTION_FLAG_ENCRYPT | ENCRYPTION_FLAG_NOPAD,
                   oiv, sizeof(mask), mask, &mlen, key, klen, 0, 0);
+      DBUG_ASSERT(rc == MY_AES_OK);
+      if (rc)
+        return rc;
      DBUG_ASSERT(mlen == sizeof(mask));
      for (uint i=0; i < buf_len; i++)