Replace mbedtls entirely with OpenSSL as the single crypto dependency.
All AES-128/256 operations now dispatch through aes_ni.h at runtime:
VAES-512 → VAES-256 → SSE4 → OpenSSL EVP fallback, selected by CPUID
at first call with no global ISA flags required.
The OpenSSL fallback path in Ctr128 fires only on hardware without
AES-NI; on any x86-64 built after 2011 the intrinsic paths are taken
exclusively. All paths produce byte-identical output, verified against
NIST SP 800-38A (CTR) and SP 800-38B (CMAC) test vectors.
Changes:
- aes_ni.h: new four-tier CTR dispatch with CPUID detection via <cpuid.h>;
VAES-512/256 paths for Zen 4 / Sapphire Rapids (~19 GB/s) and
Zen 3+ / Tiger Lake+ (~15 GB/s)
- aes_util.cpp: CipherContext stores raw_key[16] for the OpenSSL fallback
- key_manager.cpp: CMAC → intrinsics, SHA-256 → EVP_Digest, bignum → BN_*
- amiibo_crypto.cpp/h: AES-CTR → intrinsics, HMAC → EVP_MAC
- xts_archive.cpp, registered_cache.cpp, nca.cpp, ro.cpp,
delivery_cache_directory_service.cpp: SHA-256/MD5 → EVP_Digest
- citron_room.cpp: base64 → EVP_EncodeBlock/EVP_DecodeBlock
- verify_user_jwt.cpp: RS256 verification → EVP_DigestVerify*
- web_service CMakeLists: drop cpp-jwt, link OpenSSL::Crypto
- dependencies.cmake: remove mbedtls and cpp-jwt CPM blocks
- externals CMakeLists: remove add_subdirectory(mbedtls)
- openssl_build.cmake: require NASM; remove no-asm
OpenSSL compiles correctly from source for Windows /Linux native and Linux to Windows cross compiling scenarios
Added -mtls-dialect=gnu2 to linux compile flags
Added commented out -march=native for easy self-compile use.
Fixed linux binary lib path resolution, so running the binaries works without AppImage packaging.