The diff below should enable aarch64 hardware crypto support in security/nss.
The regression tests for NSS_TESTS=cipher run successfully on my OverDrive 1000 (cpu0: CRC32,SHA2,SHA1,AES+PMULL,ASID16). I can't really verify that the crypto instructions are actually used, though. Index: Makefile =================================================================== RCS file: /cvs/ports/security/nss/Makefile,v retrieving revision 1.152 diff -u -p -r1.152 Makefile --- Makefile 29 Mar 2022 07:38:43 -0000 1.152 +++ Makefile 2 Apr 2022 18:31:54 -0000 @@ -4,6 +4,7 @@ VERSION= 3.76.1 # from https://hg.mozilla.org/projects/nss/file/tip/automation/release/nspr-version.txt NSPR_VERSION= 4.32 DISTNAME= nss-${VERSION} +REVISION= 0 SO_VERSION= 58.9 .for _lib in freebl3 nss3 nssckbi nssckbi-testlib nssdbm3 nssutil3 smime3 softokn3 ssl3 Index: patches/patch-nss_lib_freebl_blinit_c =================================================================== RCS file: patches/patch-nss_lib_freebl_blinit_c diff -N patches/patch-nss_lib_freebl_blinit_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-nss_lib_freebl_blinit_c 2 Apr 2022 18:31:54 -0000 @@ -0,0 +1,36 @@ +Index: nss/lib/freebl/blinit.c + +Enable aarch64 hardware crypto support. + +--- nss/lib/freebl/blinit.c.orig ++++ nss/lib/freebl/blinit.c +@@ -205,6 +205,12 @@ static unsigned long getauxval(unsigned long type) + #endif + #endif /* defined(__FreeBSD__) */ + ++#if defined(__OpenBSD__) ++#include <sys/sysctl.h> ++#include <machine/cpu.h> ++#include <machine/armreg.h> ++#endif /* defined(__OpenBSD__) */ ++ + void + CheckARMSupport() + { +@@ -231,6 +237,16 @@ CheckARMSupport() + arm_sha1_support_ = ID_AA64ISAR0_SHA1_VAL(isar0) >= ID_AA64ISAR0_SHA1_BASE; + arm_sha2_support_ = ID_AA64ISAR0_SHA2_VAL(isar0) >= ID_AA64ISAR0_SHA2_BASE; + } ++#elif defined(__OpenBSD__) ++ const int isar0_mib[] = { CTL_MACHDEP, CPU_ID_AA64ISAR0 }; ++ uint64_t isar0; ++ size_t len = sizeof(isar0); ++ if (sysctl(isar0_mib, 2, &isar0, &len, NULL, 0) < 0) ++ return; ++ arm_aes_support_ = ID_AA64ISAR0_AES(isar0) >= ID_AA64ISAR0_AES_BASE; ++ arm_pmull_support_ = ID_AA64ISAR0_AES(isar0) >= ID_AA64ISAR0_AES_PMULL; ++ arm_sha1_support_ = ID_AA64ISAR0_SHA1(isar0) >= ID_AA64ISAR0_SHA1_BASE; ++ arm_sha2_support_ = ID_AA64ISAR0_SHA2(isar0) >= ID_AA64ISAR0_SHA2_BASE; + #elif defined(__ARM_FEATURE_CRYPTO) + /* + * Although no feature detection, default compiler option allows ARM -- Christian "naddy" Weisgerber [email protected]
