Adding a runtime dis/enabler of DIT Capability on AArch64.

[nebeid]

Issues:

Addresses #CryptoAlg-2503

Description of changes:

• Provide runtime functions that mask out (and back in) the DIT CPU capability by clearing (setting) an additional bit in OPENSSL_armcap_P. This mechanism was chosen for the following reasons:

  • It does not require an additional global variable.
  • It avoids extra checks on the path of setting/resetting the DIT bit.
  • It avoids re-evaluating the CPU capability if we were to clear the DIT capability bit itself. That latter bit is now left intact.
    There were write locks added around changing OPENSSL_armcap_P. However, Thread Sanitizer warned about data race possibilities when trying to run a test with concurrent threads where one disables DIT at runtime and the other tries to check for the capability. Therefore, they are documented with a warning to use them only in initialization contexts.

• Make the DIT functions (enable/disable and set/restore) available regardless of whether the build flag DENABLE_DATA_INDEPENDENT_TIMING=ON was used or not.

  • If the build flag was not used, then the DIT flag is not set and reset with every function and the instructions used for setting it and resetting after checking the capability are omitted and don't incur extra cost.
  • The user now has the choice, regardless of the build flag, to place armv8_set/restore_dit in the user's code.

Call-outs:

• The (external) API armv8_enable_dit is renamed to armv8_set_dit.
• armv8_enable_dit now means enable back the capability at runtime.
• The build flag was renamed to ENABLE_DATA_INDEPENDENT_TIMING (removing _AARCH64).

Testing:

• The new functions armv8_disable_dit() and arm_enable_dit() were placed in Speed(), the benchmarking function, and their effects were confirmed on Apple M2.
• There are also thread tests to confirm that the CPU DIT bit is context-switched at the thread level. The runtime dis/enabler is at the process scope because it manipulates OPENSSL_armcap_P.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.48%. Comparing base (266228a) to head (856fe71).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1783   +/-   ##
=======================================
  Coverage   78.48%   78.48%           
=======================================
  Files         585      585           
  Lines       99524    99524           
  Branches    14249    14246    -3     
=======================================
+ Hits        78112    78114    +2     
+ Misses      20776    20775    -1     
+ Partials      636      635    -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[WillChilds-Klein]

I see changes to cpu_aarch64_linux.c and cpu_aarch64_apple.c. do we need to udpate cpu_aarch64_win.c as well?