1 /*
2 * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <setjmp.h>
14 #include <signal.h>
15 #include <openssl/crypto.h>
16 #ifdef __APPLE__
17 #include <sys/sysctl.h>
18 #endif
19 #include "internal/cryptlib.h"
20
21 #include "arm_arch.h"
22
23 unsigned int OPENSSL_armcap_P = 0;
24 unsigned int OPENSSL_arm_midr = 0;
25 unsigned int OPENSSL_armv8_rsa_neonized = 0;
26
27 #if __ARM_MAX_ARCH__<7
OPENSSL_cpuid_setup(void)28 void OPENSSL_cpuid_setup(void)
29 {
30 }
31
OPENSSL_rdtsc(void)32 uint32_t OPENSSL_rdtsc(void)
33 {
34 return 0;
35 }
36 #else
37 static sigset_t all_masked;
38
39 static sigjmp_buf ill_jmp;
ill_handler(int sig)40 static void ill_handler(int sig)
41 {
42 siglongjmp(ill_jmp, sig);
43 }
44
45 /*
46 * Following subroutines could have been inlined, but it's not all
47 * ARM compilers support inline assembler...
48 */
49 void _armv7_neon_probe(void);
50 void _armv8_aes_probe(void);
51 void _armv8_sha1_probe(void);
52 void _armv8_sha256_probe(void);
53 void _armv8_pmull_probe(void);
54 # ifdef __aarch64__
55 void _armv8_sha512_probe(void);
56 unsigned int _armv8_cpuid_probe(void);
57 # endif
58 uint32_t _armv7_tick(void);
59
OPENSSL_rdtsc(void)60 uint32_t OPENSSL_rdtsc(void)
61 {
62 if (OPENSSL_armcap_P & ARMV7_TICK)
63 return _armv7_tick();
64 else
65 return 0;
66 }
67
68 # if defined(__GNUC__) && __GNUC__>=2
69 void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
70 # endif
71
72 # if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
73 # if __GLIBC_PREREQ(2, 16)
74 # include <sys/auxv.h>
75 # define OSSL_IMPLEMENT_GETAUXVAL
76 # endif
77 # elif defined(__ANDROID_API__)
78 /* see https://developer.android.google.cn/ndk/guides/cpu-features */
79 # if __ANDROID_API__ >= 18
80 # include <sys/auxv.h>
81 # define OSSL_IMPLEMENT_GETAUXVAL
82 # endif
83 # endif
84 # if defined(__FreeBSD__)
85 # include <sys/param.h>
86 # if __FreeBSD_version >= 1200000
87 # include <sys/auxv.h>
88 # define OSSL_IMPLEMENT_GETAUXVAL
89
getauxval(unsigned long key)90 static unsigned long getauxval(unsigned long key)
91 {
92 unsigned long val = 0ul;
93
94 if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
95 return 0ul;
96
97 return val;
98 }
99 # endif
100 # endif
101
102 /*
103 * Android: according to https://developer.android.com/ndk/guides/cpu-features,
104 * getauxval is supported starting with API level 18
105 */
106 # if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18
107 # include <sys/auxv.h>
108 # define OSSL_IMPLEMENT_GETAUXVAL
109 # endif
110
111 /*
112 * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
113 * AArch64 used AT_HWCAP.
114 */
115 # ifndef AT_HWCAP
116 # define AT_HWCAP 16
117 # endif
118 # ifndef AT_HWCAP2
119 # define AT_HWCAP2 26
120 # endif
121 # if defined(__arm__) || defined (__arm)
122 # define HWCAP AT_HWCAP
123 # define HWCAP_NEON (1 << 12)
124
125 # define HWCAP_CE AT_HWCAP2
126 # define HWCAP_CE_AES (1 << 0)
127 # define HWCAP_CE_PMULL (1 << 1)
128 # define HWCAP_CE_SHA1 (1 << 2)
129 # define HWCAP_CE_SHA256 (1 << 3)
130 # elif defined(__aarch64__)
131 # define HWCAP AT_HWCAP
132 # define HWCAP_NEON (1 << 1)
133
134 # define HWCAP_CE HWCAP
135 # define HWCAP_CE_AES (1 << 3)
136 # define HWCAP_CE_PMULL (1 << 4)
137 # define HWCAP_CE_SHA1 (1 << 5)
138 # define HWCAP_CE_SHA256 (1 << 6)
139 # define HWCAP_CPUID (1 << 11)
140 # define HWCAP_CE_SHA512 (1 << 21)
141 # endif
142
OPENSSL_cpuid_setup(void)143 void OPENSSL_cpuid_setup(void)
144 {
145 const char *e;
146 struct sigaction ill_oact, ill_act;
147 sigset_t oset;
148 static int trigger = 0;
149
150 if (trigger)
151 return;
152 trigger = 1;
153
154 OPENSSL_armcap_P = 0;
155
156 if ((e = getenv("OPENSSL_armcap"))) {
157 OPENSSL_armcap_P = (unsigned int)strtoul(e, NULL, 0);
158 return;
159 }
160
161 #ifdef __LITEOS_A__
162 return;
163 #endif
164
165 # if defined(__APPLE__)
166 # if !defined(__aarch64__)
167 /*
168 * Capability probing by catching SIGILL appears to be problematic
169 * on iOS. But since Apple universe is "monocultural", it's actually
170 * possible to simply set pre-defined processor capability mask.
171 */
172 if (1) {
173 OPENSSL_armcap_P = ARMV7_NEON;
174 return;
175 }
176 /*
177 * One could do same even for __aarch64__ iOS builds. It's not done
178 * exclusively for reasons of keeping code unified across platforms.
179 * Unified code works because it never triggers SIGILL on Apple
180 * devices...
181 */
182 # else
183 {
184 unsigned int sha512;
185 size_t len = sizeof(sha512);
186
187 if (sysctlbyname("hw.optional.armv8_2_sha512", &sha512, &len, NULL, 0) == 0 && sha512 == 1)
188 OPENSSL_armcap_P |= ARMV8_SHA512;
189 }
190 # endif
191 # endif
192
193 # ifdef OSSL_IMPLEMENT_GETAUXVAL
194 if (getauxval(HWCAP) & HWCAP_NEON) {
195 unsigned long hwcap = getauxval(HWCAP_CE);
196
197 OPENSSL_armcap_P |= ARMV7_NEON;
198
199 if (hwcap & HWCAP_CE_AES)
200 OPENSSL_armcap_P |= ARMV8_AES;
201
202 if (hwcap & HWCAP_CE_PMULL)
203 OPENSSL_armcap_P |= ARMV8_PMULL;
204
205 if (hwcap & HWCAP_CE_SHA1)
206 OPENSSL_armcap_P |= ARMV8_SHA1;
207
208 if (hwcap & HWCAP_CE_SHA256)
209 OPENSSL_armcap_P |= ARMV8_SHA256;
210
211 # ifdef __aarch64__
212 if (hwcap & HWCAP_CE_SHA512)
213 OPENSSL_armcap_P |= ARMV8_SHA512;
214
215 if (hwcap & HWCAP_CPUID)
216 OPENSSL_armcap_P |= ARMV8_CPUID;
217 # endif
218 }
219 # endif
220
221 sigfillset(&all_masked);
222 sigdelset(&all_masked, SIGILL);
223 sigdelset(&all_masked, SIGTRAP);
224 sigdelset(&all_masked, SIGFPE);
225 sigdelset(&all_masked, SIGBUS);
226 sigdelset(&all_masked, SIGSEGV);
227
228 memset(&ill_act, 0, sizeof(ill_act));
229 ill_act.sa_handler = ill_handler;
230 ill_act.sa_mask = all_masked;
231
232 sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
233 sigaction(SIGILL, &ill_act, &ill_oact);
234
235 /* If we used getauxval, we already have all the values */
236 # ifndef OSSL_IMPLEMENT_GETAUXVAL
237 if (sigsetjmp(ill_jmp, 1) == 0) {
238 _armv7_neon_probe();
239 OPENSSL_armcap_P |= ARMV7_NEON;
240 if (sigsetjmp(ill_jmp, 1) == 0) {
241 _armv8_pmull_probe();
242 OPENSSL_armcap_P |= ARMV8_PMULL | ARMV8_AES;
243 } else if (sigsetjmp(ill_jmp, 1) == 0) {
244 _armv8_aes_probe();
245 OPENSSL_armcap_P |= ARMV8_AES;
246 }
247 if (sigsetjmp(ill_jmp, 1) == 0) {
248 _armv8_sha1_probe();
249 OPENSSL_armcap_P |= ARMV8_SHA1;
250 }
251 if (sigsetjmp(ill_jmp, 1) == 0) {
252 _armv8_sha256_probe();
253 OPENSSL_armcap_P |= ARMV8_SHA256;
254 }
255 # if defined(__aarch64__) && !defined(__APPLE__)
256 if (sigsetjmp(ill_jmp, 1) == 0) {
257 _armv8_sha512_probe();
258 OPENSSL_armcap_P |= ARMV8_SHA512;
259 }
260 # endif
261 }
262 # endif
263
264 /*
265 * Probing for ARMV7_TICK is known to produce unreliable results,
266 * so we will only use the feature when the user explicitly enables
267 * it with OPENSSL_armcap.
268 */
269
270 sigaction(SIGILL, &ill_oact, NULL);
271 sigprocmask(SIG_SETMASK, &oset, NULL);
272
273 # ifdef __aarch64__
274 if (OPENSSL_armcap_P & ARMV8_CPUID)
275 OPENSSL_arm_midr = _armv8_cpuid_probe();
276
277 if ((MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) ||
278 MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N1)) &&
279 (OPENSSL_armcap_P & ARMV7_NEON)) {
280 OPENSSL_armv8_rsa_neonized = 1;
281 }
282 # endif
283 }
284 #endif
285