7 files changed, 130 insertions, 61 deletions
diff --git a/src/lib/libcrypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/arch/amd64/Makefile.inc
index 5ecf8f1390..649c507189 100644
--- a/src/lib/libcrypto/arch/amd64/Makefile.inc
+++ b/src/lib/libcrypto/arch/amd64/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.40 2025/06/15 15:11:50 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.41 2025/06/28 12:39:10 jsing Exp $
 # amd64-specific libcrypto build rules
@@ -38,11 +38,15 @@ SRCS += word_clz.S
 # md5
 CFLAGS+= -DMD5_ASM
 SRCS+= md5_amd64_generic.S
 # modes
 CFLAGS+= -DGHASH_ASM
 SSLASM+= modes ghash-x86_64
+SRCS += gcm128_amd64.c
 # rc4
 SSLASM+= rc4 rc4-x86_64
 # ripemd
 # sha
 SRCS+= sha1_amd64.c
diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h
index 213a5d903e..9f292cc530 100644
--- a/src/lib/libcrypto/arch/amd64/crypto_arch.h
+++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: crypto_arch.h,v 1.8 2025/06/28 12:20:39 jsing Exp $ */
+/*      $OpenBSD: crypto_arch.h,v 1.9 2025/06/28 12:39:10 jsing Exp $ */
 /*
 * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
 *
@@ -40,6 +40,8 @@ extern uint64_t crypto_cpu_caps_amd64;
 #define HAVE_AES_CBC_ENCRYPT_INTERNAL
 #define HAVE_AES_CTR32_ENCRYPT_INTERNAL
+#define HAVE_GCM128_INIT
 #define HAVE_RC4_INTERNAL
 #define HAVE_RC4_SET_KEY_INTERNAL
diff --git a/src/lib/libcrypto/arch/i386/Makefile.inc b/src/lib/libcrypto/arch/i386/Makefile.inc
index 8747d389ac..bfc701687e 100644
--- a/src/lib/libcrypto/arch/i386/Makefile.inc
+++ b/src/lib/libcrypto/arch/i386/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.30 2025/06/15 15:11:50 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.31 2025/06/28 12:39:10 jsing Exp $
 # i386-specific libcrypto build rules
@@ -18,14 +18,19 @@ SSLASM+= bn bn-586
 SSLASM+= bn co-586
 CFLAGS+= -DOPENSSL_BN_ASM_MONT
 SSLASM+= bn x86-mont
 # md5
 CFLAGS+= -DMD5_ASM
 SSLASM+= md5 md5-586
 # modes
 CFLAGS+= -DGHASH_ASM
 SSLASM+= modes ghash-x86
+SRCS += gcm128_i386.c
 # rc4
 SSLASM+= rc4 rc4-586
 # sha
 SSLASM+= sha sha1-586
 SSLASM+= sha sha256-586
diff --git a/src/lib/libcrypto/arch/i386/crypto_arch.h b/src/lib/libcrypto/arch/i386/crypto_arch.h
index 9a377e56a9..95d4cc468b 100644
--- a/src/lib/libcrypto/arch/i386/crypto_arch.h
+++ b/src/lib/libcrypto/arch/i386/crypto_arch.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: crypto_arch.h,v 1.7 2025/06/28 12:21:46 jsing Exp $ */
+/*      $OpenBSD: crypto_arch.h,v 1.8 2025/06/28 12:39:10 jsing Exp $ */
 /*
 * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
 *
@@ -40,6 +40,8 @@ extern uint64_t crypto_cpu_caps_i386;
 #define HAVE_AES_CBC_ENCRYPT_INTERNAL
 #define HAVE_AES_CTR32_ENCRYPT_INTERNAL
+#define HAVE_GCM128_INIT
 #define HAVE_RC4_INTERNAL
 #define HAVE_RC4_SET_KEY_INTERNAL
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index b989915c4a..b6874296e0 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.53 2025/06/28 12:32:27 jsing Exp $ */
+/* $OpenBSD: gcm128.c,v 1.54 2025/06/28 12:39:10 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
@@ -55,7 +55,7 @@
 #include "crypto_internal.h"
 #include "modes_local.h"
-static void
+void
 gcm_init_4bit(u128 Htable[16], uint64_t H[2])
 {
        u128 V;
@@ -196,35 +196,17 @@ gcm_ghash(GCM128_CONTEXT *ctx, const uint8_t *in, size_t len)
        ctx->ghash(ctx->Xi.u, ctx->Htable, in, len);
 }
-#if     defined(GHASH_ASM) &&                                           \
+#ifdef HAVE_GCM128_INIT
-        (defined(__i386)        || defined(__i386__)    ||              \
+void gcm128_init(GCM128_CONTEXT *ctx);
-         defined(__x86_64)      || defined(__x86_64__)  ||              \
-         defined(_M_IX86)       || defined(_M_AMD64)    || defined(_M_X64))
-#include "x86_arch.h"
-#endif
-#if     defined(GHASH_ASM)
-# if    (defined(__i386)        || defined(__i386__)    ||              \
-         defined(__x86_64)      || defined(__x86_64__)  ||              \
-         defined(_M_IX86)       || defined(_M_AMD64)    || defined(_M_X64))
-#  define GHASH_ASM_X86_OR_64
-void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]);
+#else
-void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]);
+static void
-void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+gcm128_init(GCM128_CONTEXT *ctx)
-    size_t len);
+{
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
-#  if   defined(__i386) || defined(__i386__) || defined(_M_IX86)
+        ctx->gmult = gcm_gmult_4bit;
-#   define GHASH_ASM_X86
+        ctx->ghash = gcm_ghash_4bit;
-void gcm_gmult_4bit_mmx(uint64_t Xi[2], const u128 Htable[16]);
+}
-void gcm_ghash_4bit_mmx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
-    size_t len);
-void gcm_gmult_4bit_x86(uint64_t Xi[2], const u128 Htable[16]);
-void gcm_ghash_4bit_x86(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
-    size_t len);
-#  endif
-# endif
 #endif
 void
@@ -240,33 +222,7 @@ CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
        ctx->H.u[0] = be64toh(ctx->H.u[0]);
        ctx->H.u[1] = be64toh(ctx->H.u[1]);
-# if    defined(GHASH_ASM_X86_OR_64)
+        gcm128_init(ctx);
-        /* check FXSR and PCLMULQDQ bits */
-        if ((crypto_cpu_caps_ia32() & (CPUCAP_MASK_FXSR | CPUCAP_MASK_PCLMUL)) ==
-            (CPUCAP_MASK_FXSR | CPUCAP_MASK_PCLMUL)) {
-                gcm_init_clmul(ctx->Htable, ctx->H.u);
-                ctx->gmult = gcm_gmult_clmul;
-                ctx->ghash = gcm_ghash_clmul;
-                return;
-        }
-        gcm_init_4bit(ctx->Htable, ctx->H.u);
-#  if   defined(GHASH_ASM_X86)                  /* x86 only */
-        if (crypto_cpu_caps_ia32() & CPUCAP_MASK_MMX) { /* check MMX bit */
-                ctx->gmult = gcm_gmult_4bit_mmx;
-                ctx->ghash = gcm_ghash_4bit_mmx;
-        } else {
-                ctx->gmult = gcm_gmult_4bit_x86;
-                ctx->ghash = gcm_ghash_4bit_x86;
-        }
-#  else
-        ctx->gmult = gcm_gmult_4bit;
-        ctx->ghash = gcm_ghash_4bit;
-#  endif
-# else
-        gcm_init_4bit(ctx->Htable, ctx->H.u);
-        ctx->gmult = gcm_gmult_4bit;
-        ctx->ghash = gcm_ghash_4bit;
-# endif
 }
 LCRYPTO_ALIAS(CRYPTO_gcm128_init);
diff --git a/src/lib/libcrypto/modes/gcm128_amd64.c b/src/lib/libcrypto/modes/gcm128_amd64.c
new file mode 100644
index 0000000000..eaa66fb32f
--- /dev/null
+++ b/src/lib/libcrypto/modes/gcm128_amd64.c
@@ -0,0 +1,44 @@
+/* $OpenBSD: gcm128_amd64.c,v 1.1 2025/06/28 12:39:10 jsing Exp $ */
+/*
+ * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "crypto_arch.h"
+#include "modes_local.h"
+void gcm_init_4bit(u128 Htable[16], uint64_t H[2]);
+void gcm_gmult_4bit(uint64_t Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+    size_t len);
+void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]);
+void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]);
+void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+    size_t len);
+void
+gcm128_init(GCM128_CONTEXT *ctx)
+{
+        if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_CLMUL) != 0) {
+                gcm_init_clmul(ctx->Htable, ctx->H.u);
+                ctx->gmult = gcm_gmult_clmul;
+                ctx->ghash = gcm_ghash_clmul;
+                return;
+        }
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit;
+        ctx->ghash = gcm_ghash_4bit;
+}
diff --git a/src/lib/libcrypto/modes/gcm128_i386.c b/src/lib/libcrypto/modes/gcm128_i386.c
new file mode 100644
index 0000000000..ac517fdb04
--- /dev/null
+++ b/src/lib/libcrypto/modes/gcm128_i386.c
@@ -0,0 +1,56 @@
+/* $OpenBSD: gcm128_i386.c,v 1.1 2025/06/28 12:39:10 jsing Exp $ */
+/*
+ * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "crypto_arch.h"
+#include "modes_local.h"
+void gcm_init_4bit(u128 Htable[16], uint64_t H[2]);
+void gcm_gmult_4bit_mmx(uint64_t Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit_mmx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+    size_t len);
+void gcm_gmult_4bit_x86(uint64_t Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit_x86(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+    size_t len);
+void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]);
+void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]);
+void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+    size_t len);
+void
+gcm128_init(GCM128_CONTEXT *ctx)
+{
+        if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_CLMUL) != 0) {
+                gcm_init_clmul(ctx->Htable, ctx->H.u);
+                ctx->gmult = gcm_gmult_clmul;
+                ctx->ghash = gcm_ghash_clmul;
+                return;
+        }
+        if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_MMX) != 0) {
+                gcm_init_4bit(ctx->Htable, ctx->H.u);
+                ctx->gmult = gcm_gmult_4bit_mmx;
+                ctx->ghash = gcm_ghash_4bit_mmx;
+                return;
+        }
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit_x86;
+        ctx->ghash = gcm_ghash_4bit_x86;
+}

diff --git a/src/lib/libcrypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/arch/amd64/Makefile.inc index 5ecf8f1390..649c507189 100644 --- a/src/lib/libcrypto/arch/amd64/Makefile.inc +++ b/src/lib/libcrypto/arch/amd64/Makefile.inc
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile.inc,v 1.40 2025/06/15 15:11:50 jsing Exp $	1	# $OpenBSD: Makefile.inc,v 1.41 2025/06/28 12:39:10 jsing Exp $
2		2
3	# amd64-specific libcrypto build rules	3	# amd64-specific libcrypto build rules
4		4
@@ -38,11 +38,15 @@ SRCS += word_clz.S
38	# md5	38	# md5
39	CFLAGS+= -DMD5_ASM	39	CFLAGS+= -DMD5_ASM
40	SRCS+= md5_amd64_generic.S	40	SRCS+= md5_amd64_generic.S
		41
41	# modes	42	# modes
42	CFLAGS+= -DGHASH_ASM	43	CFLAGS+= -DGHASH_ASM
43	SSLASM+= modes ghash-x86_64	44	SSLASM+= modes ghash-x86_64
		45	SRCS += gcm128_amd64.c
		46
44	# rc4	47	# rc4
45	SSLASM+= rc4 rc4-x86_64	48	SSLASM+= rc4 rc4-x86_64
		49
46	# ripemd	50	# ripemd
47	# sha	51	# sha
48	SRCS+= sha1_amd64.c	52	SRCS+= sha1_amd64.c


diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h index 213a5d903e..9f292cc530 100644 --- a/src/lib/libcrypto/arch/amd64/crypto_arch.h +++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: crypto_arch.h,v 1.8 2025/06/28 12:20:39 jsing Exp $ */	1	/* $OpenBSD: crypto_arch.h,v 1.9 2025/06/28 12:39:10 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2024 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -40,6 +40,8 @@ extern uint64_t crypto_cpu_caps_amd64;
40	#define HAVE_AES_CBC_ENCRYPT_INTERNAL	40	#define HAVE_AES_CBC_ENCRYPT_INTERNAL
41	#define HAVE_AES_CTR32_ENCRYPT_INTERNAL	41	#define HAVE_AES_CTR32_ENCRYPT_INTERNAL
42		42
		43	#define HAVE_GCM128_INIT
		44
43	#define HAVE_RC4_INTERNAL	45	#define HAVE_RC4_INTERNAL
44	#define HAVE_RC4_SET_KEY_INTERNAL	46	#define HAVE_RC4_SET_KEY_INTERNAL
45		47


diff --git a/src/lib/libcrypto/arch/i386/Makefile.inc b/src/lib/libcrypto/arch/i386/Makefile.inc index 8747d389ac..bfc701687e 100644 --- a/src/lib/libcrypto/arch/i386/Makefile.inc +++ b/src/lib/libcrypto/arch/i386/Makefile.inc
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile.inc,v 1.30 2025/06/15 15:11:50 jsing Exp $	1	# $OpenBSD: Makefile.inc,v 1.31 2025/06/28 12:39:10 jsing Exp $
2		2
3	# i386-specific libcrypto build rules	3	# i386-specific libcrypto build rules
4		4
@@ -18,14 +18,19 @@ SSLASM+= bn bn-586
18	SSLASM+= bn co-586	18	SSLASM+= bn co-586
19	CFLAGS+= -DOPENSSL_BN_ASM_MONT	19	CFLAGS+= -DOPENSSL_BN_ASM_MONT
20	SSLASM+= bn x86-mont	20	SSLASM+= bn x86-mont
		21
21	# md5	22	# md5
22	CFLAGS+= -DMD5_ASM	23	CFLAGS+= -DMD5_ASM
23	SSLASM+= md5 md5-586	24	SSLASM+= md5 md5-586
		25
24	# modes	26	# modes
25	CFLAGS+= -DGHASH_ASM	27	CFLAGS+= -DGHASH_ASM
26	SSLASM+= modes ghash-x86	28	SSLASM+= modes ghash-x86
		29	SRCS += gcm128_i386.c
		30
27	# rc4	31	# rc4
28	SSLASM+= rc4 rc4-586	32	SSLASM+= rc4 rc4-586
		33
29	# sha	34	# sha
30	SSLASM+= sha sha1-586	35	SSLASM+= sha sha1-586
31	SSLASM+= sha sha256-586	36	SSLASM+= sha sha256-586


diff --git a/src/lib/libcrypto/arch/i386/crypto_arch.h b/src/lib/libcrypto/arch/i386/crypto_arch.h index 9a377e56a9..95d4cc468b 100644 --- a/src/lib/libcrypto/arch/i386/crypto_arch.h +++ b/src/lib/libcrypto/arch/i386/crypto_arch.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: crypto_arch.h,v 1.7 2025/06/28 12:21:46 jsing Exp $ */	1	/* $OpenBSD: crypto_arch.h,v 1.8 2025/06/28 12:39:10 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2024 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -40,6 +40,8 @@ extern uint64_t crypto_cpu_caps_i386;
40	#define HAVE_AES_CBC_ENCRYPT_INTERNAL	40	#define HAVE_AES_CBC_ENCRYPT_INTERNAL
41	#define HAVE_AES_CTR32_ENCRYPT_INTERNAL	41	#define HAVE_AES_CTR32_ENCRYPT_INTERNAL
42		42
		43	#define HAVE_GCM128_INIT
		44
43	#define HAVE_RC4_INTERNAL	45	#define HAVE_RC4_INTERNAL
44	#define HAVE_RC4_SET_KEY_INTERNAL	46	#define HAVE_RC4_SET_KEY_INTERNAL
45		47


diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c index b989915c4a..b6874296e0 100644 --- a/src/lib/libcrypto/modes/gcm128.c +++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: gcm128.c,v 1.53 2025/06/28 12:32:27 jsing Exp $ */	1	/* $OpenBSD: gcm128.c,v 1.54 2025/06/28 12:39:10 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2010 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2010 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -55,7 +55,7 @@
55	#include "crypto_internal.h"	55	#include "crypto_internal.h"
56	#include "modes_local.h"	56	#include "modes_local.h"
57		57
58	static void	58	void
59	gcm_init_4bit(u128 Htable[16], uint64_t H[2])	59	gcm_init_4bit(u128 Htable[16], uint64_t H[2])
60	{	60	{
61	u128 V;	61	u128 V;
@@ -196,35 +196,17 @@ gcm_ghash(GCM128_CONTEXT ctx, const uint8_t in, size_t len)
196	ctx->ghash(ctx->Xi.u, ctx->Htable, in, len);	196	ctx->ghash(ctx->Xi.u, ctx->Htable, in, len);
197	}	197	}
198		198
199	#if defined(GHASH_ASM) && \	199	#ifdef HAVE_GCM128_INIT
200	(defined(__i386) \|\| defined(__i386__) \|\| \	200	void gcm128_init(GCM128_CONTEXT *ctx);
201	defined(__x86_64) \|\| defined(__x86_64__) \|\| \
202	defined(_M_IX86) \|\| defined(_M_AMD64) \|\| defined(_M_X64))
203	#include "x86_arch.h"
204	#endif
205
206	#if defined(GHASH_ASM)
207	# if (defined(__i386) \|\| defined(__i386__) \|\| \
208	defined(__x86_64) \|\| defined(__x86_64__) \|\| \
209	defined(_M_IX86) \|\| defined(_M_AMD64) \|\| defined(_M_X64))
210	# define GHASH_ASM_X86_OR_64
211		201
212	void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]);	202	#else
213	void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]);	203	static void
214	void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,	204	gcm128_init(GCM128_CONTEXT *ctx)
215	size_t len);	205	{
216		206	gcm_init_4bit(ctx->Htable, ctx->H.u);
217	# if defined(__i386) \|\| defined(__i386__) \|\| defined(_M_IX86)	207	ctx->gmult = gcm_gmult_4bit;
218	# define GHASH_ASM_X86	208	ctx->ghash = gcm_ghash_4bit;
219	void gcm_gmult_4bit_mmx(uint64_t Xi[2], const u128 Htable[16]);	209	}
220	void gcm_ghash_4bit_mmx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
221	size_t len);
222
223	void gcm_gmult_4bit_x86(uint64_t Xi[2], const u128 Htable[16]);
224	void gcm_ghash_4bit_x86(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
225	size_t len);
226	# endif
227	# endif
228	#endif	210	#endif
229		211
230	void	212	void
@@ -240,33 +222,7 @@ CRYPTO_gcm128_init(GCM128_CONTEXT ctx, void key, block128_f block)
240	ctx->H.u[0] = be64toh(ctx->H.u[0]);	222	ctx->H.u[0] = be64toh(ctx->H.u[0]);
241	ctx->H.u[1] = be64toh(ctx->H.u[1]);	223	ctx->H.u[1] = be64toh(ctx->H.u[1]);
242		224
243	# if defined(GHASH_ASM_X86_OR_64)	225	gcm128_init(ctx);
244	/* check FXSR and PCLMULQDQ bits */
245	if ((crypto_cpu_caps_ia32() & (CPUCAP_MASK_FXSR \| CPUCAP_MASK_PCLMUL)) ==
246	(CPUCAP_MASK_FXSR \| CPUCAP_MASK_PCLMUL)) {
247	gcm_init_clmul(ctx->Htable, ctx->H.u);
248	ctx->gmult = gcm_gmult_clmul;
249	ctx->ghash = gcm_ghash_clmul;
250	return;
251	}
252	gcm_init_4bit(ctx->Htable, ctx->H.u);
253	# if defined(GHASH_ASM_X86) /* x86 only */
254	if (crypto_cpu_caps_ia32() & CPUCAP_MASK_MMX) { /* check MMX bit */
255	ctx->gmult = gcm_gmult_4bit_mmx;
256	ctx->ghash = gcm_ghash_4bit_mmx;
257	} else {
258	ctx->gmult = gcm_gmult_4bit_x86;
259	ctx->ghash = gcm_ghash_4bit_x86;
260	}
261	# else
262	ctx->gmult = gcm_gmult_4bit;
263	ctx->ghash = gcm_ghash_4bit;
264	# endif
265	# else
266	gcm_init_4bit(ctx->Htable, ctx->H.u);
267	ctx->gmult = gcm_gmult_4bit;
268	ctx->ghash = gcm_ghash_4bit;
269	# endif
270	}	226	}
271	LCRYPTO_ALIAS(CRYPTO_gcm128_init);	227	LCRYPTO_ALIAS(CRYPTO_gcm128_init);
272		228


diff --git a/src/lib/libcrypto/modes/gcm128_amd64.c b/src/lib/libcrypto/modes/gcm128_amd64.c new file mode 100644 index 0000000000..eaa66fb32f --- /dev/null +++ b/src/lib/libcrypto/modes/gcm128_amd64.c
@@ -0,0 +1,44 @@
		1	/* $OpenBSD: gcm128_amd64.c,v 1.1 2025/06/28 12:39:10 jsing Exp $ */
		2	/*
		3	* Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include "crypto_arch.h"
		19	#include "modes_local.h"
		20
		21	void gcm_init_4bit(u128 Htable[16], uint64_t H[2]);
		22	void gcm_gmult_4bit(uint64_t Xi[2], const u128 Htable[16]);
		23	void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
		24	size_t len);
		25
		26	void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]);
		27	void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]);
		28	void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
		29	size_t len);
		30
		31	void
		32	gcm128_init(GCM128_CONTEXT *ctx)
		33	{
		34	if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_CLMUL) != 0) {
		35	gcm_init_clmul(ctx->Htable, ctx->H.u);
		36	ctx->gmult = gcm_gmult_clmul;
		37	ctx->ghash = gcm_ghash_clmul;
		38	return;
		39	}
		40
		41	gcm_init_4bit(ctx->Htable, ctx->H.u);
		42	ctx->gmult = gcm_gmult_4bit;
		43	ctx->ghash = gcm_ghash_4bit;
		44	}


diff --git a/src/lib/libcrypto/modes/gcm128_i386.c b/src/lib/libcrypto/modes/gcm128_i386.c new file mode 100644 index 0000000000..ac517fdb04 --- /dev/null +++ b/src/lib/libcrypto/modes/gcm128_i386.c
@@ -0,0 +1,56 @@
		1	/* $OpenBSD: gcm128_i386.c,v 1.1 2025/06/28 12:39:10 jsing Exp $ */
		2	/*
		3	* Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include "crypto_arch.h"
		19	#include "modes_local.h"
		20
		21	void gcm_init_4bit(u128 Htable[16], uint64_t H[2]);
		22
		23	void gcm_gmult_4bit_mmx(uint64_t Xi[2], const u128 Htable[16]);
		24	void gcm_ghash_4bit_mmx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
		25	size_t len);
		26
		27	void gcm_gmult_4bit_x86(uint64_t Xi[2], const u128 Htable[16]);
		28	void gcm_ghash_4bit_x86(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
		29	size_t len);
		30
		31	void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]);
		32	void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]);
		33	void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
		34	size_t len);
		35
		36	void
		37	gcm128_init(GCM128_CONTEXT *ctx)
		38	{
		39	if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_CLMUL) != 0) {
		40	gcm_init_clmul(ctx->Htable, ctx->H.u);
		41	ctx->gmult = gcm_gmult_clmul;
		42	ctx->ghash = gcm_ghash_clmul;
		43	return;
		44	}
		45
		46	if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_MMX) != 0) {
		47	gcm_init_4bit(ctx->Htable, ctx->H.u);
		48	ctx->gmult = gcm_gmult_4bit_mmx;
		49	ctx->ghash = gcm_ghash_4bit_mmx;
		50	return;
		51	}
		52
		53	gcm_init_4bit(ctx->Htable, ctx->H.u);
		54	ctx->gmult = gcm_gmult_4bit_x86;
		55	ctx->ghash = gcm_ghash_4bit_x86;
		56	}