From 48723f4db60f6f8a8ad8424ffe5e0262d30f397c Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 28 Jun 2025 12:39:10 +0000
Subject: Rework gcm128 implementation selection for amd64/i386.

Provide gcm128_amd64.c and gcm128_i386.c, which contain the appropriate
gcm128 initialisation and CPU feature tests for the respective platform.
This allows for all of the #define spagetti to be removed from gcm128.c
and removes one of the two remaining consumers of crypto_cpu_caps_ia32().

ok tb@
---
 src/lib/libcrypto/modes/gcm128.c       | 70 +++++++---------------------------
 src/lib/libcrypto/modes/gcm128_amd64.c | 44 +++++++++++++++++++++
 src/lib/libcrypto/modes/gcm128_i386.c  | 56 +++++++++++++++++++++++++++
 3 files changed, 113 insertions(+), 57 deletions(-)
 create mode 100644 src/lib/libcrypto/modes/gcm128_amd64.c
 create mode 100644 src/lib/libcrypto/modes/gcm128_i386.c

(limited to 'src/lib/libcrypto/modes')

diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index b989915c4a..b6874296e0 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.53 2025/06/28 12:32:27 jsing Exp $ */
+/* $OpenBSD: gcm128.c,v 1.54 2025/06/28 12:39:10 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
  *
@@ -55,7 +55,7 @@
 #include "crypto_internal.h"
 #include "modes_local.h"
 
-static void
+void
 gcm_init_4bit(u128 Htable[16], uint64_t H[2])
 {
 	u128 V;
@@ -196,35 +196,17 @@ gcm_ghash(GCM128_CONTEXT *ctx, const uint8_t *in, size_t len)
 	ctx->ghash(ctx->Xi.u, ctx->Htable, in, len);
 }
 
-#if	defined(GHASH_ASM) &&						\
-	(defined(__i386)	|| defined(__i386__)	||		\
-	 defined(__x86_64)	|| defined(__x86_64__)	||		\
-	 defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64))
-#include "x86_arch.h"
-#endif
-
-#if	defined(GHASH_ASM)
-# if	(defined(__i386)	|| defined(__i386__)	||		\
-	 defined(__x86_64)	|| defined(__x86_64__)	||		\
-	 defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64))
-#  define GHASH_ASM_X86_OR_64
+#ifdef HAVE_GCM128_INIT
+void gcm128_init(GCM128_CONTEXT *ctx);
 
-void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]);
-void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]);
-void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
-    size_t len);
-
-#  if	defined(__i386) || defined(__i386__) || defined(_M_IX86)
-#   define GHASH_ASM_X86
-void gcm_gmult_4bit_mmx(uint64_t Xi[2], const u128 Htable[16]);
-void gcm_ghash_4bit_mmx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
-    size_t len);
-
-void gcm_gmult_4bit_x86(uint64_t Xi[2], const u128 Htable[16]);
-void gcm_ghash_4bit_x86(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
-    size_t len);
-#  endif
-# endif
+#else
+static void
+gcm128_init(GCM128_CONTEXT *ctx)
+{
+	gcm_init_4bit(ctx->Htable, ctx->H.u);
+	ctx->gmult = gcm_gmult_4bit;
+	ctx->ghash = gcm_ghash_4bit;
+}
 #endif
 
 void
@@ -240,33 +222,7 @@ CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
 	ctx->H.u[0] = be64toh(ctx->H.u[0]);
 	ctx->H.u[1] = be64toh(ctx->H.u[1]);
 
-# if	defined(GHASH_ASM_X86_OR_64)
-	/* check FXSR and PCLMULQDQ bits */
-	if ((crypto_cpu_caps_ia32() & (CPUCAP_MASK_FXSR | CPUCAP_MASK_PCLMUL)) ==
-	    (CPUCAP_MASK_FXSR | CPUCAP_MASK_PCLMUL)) {
-		gcm_init_clmul(ctx->Htable, ctx->H.u);
-		ctx->gmult = gcm_gmult_clmul;
-		ctx->ghash = gcm_ghash_clmul;
-		return;
-	}
-	gcm_init_4bit(ctx->Htable, ctx->H.u);
-#  if	defined(GHASH_ASM_X86)			/* x86 only */
-	if (crypto_cpu_caps_ia32() & CPUCAP_MASK_MMX) {	/* check MMX bit */
-		ctx->gmult = gcm_gmult_4bit_mmx;
-		ctx->ghash = gcm_ghash_4bit_mmx;
-	} else {
-		ctx->gmult = gcm_gmult_4bit_x86;
-		ctx->ghash = gcm_ghash_4bit_x86;
-	}
-#  else
-	ctx->gmult = gcm_gmult_4bit;
-	ctx->ghash = gcm_ghash_4bit;
-#  endif
-# else
-	gcm_init_4bit(ctx->Htable, ctx->H.u);
-	ctx->gmult = gcm_gmult_4bit;
-	ctx->ghash = gcm_ghash_4bit;
-# endif
+	gcm128_init(ctx);
 }
 LCRYPTO_ALIAS(CRYPTO_gcm128_init);
 
diff --git a/src/lib/libcrypto/modes/gcm128_amd64.c b/src/lib/libcrypto/modes/gcm128_amd64.c
new file mode 100644
index 0000000000..eaa66fb32f
--- /dev/null
+++ b/src/lib/libcrypto/modes/gcm128_amd64.c
@@ -0,0 +1,44 @@
+/* $OpenBSD: gcm128_amd64.c,v 1.1 2025/06/28 12:39:10 jsing Exp $ */
+/*
+ * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "crypto_arch.h"
+#include "modes_local.h"
+
+void gcm_init_4bit(u128 Htable[16], uint64_t H[2]);
+void gcm_gmult_4bit(uint64_t Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+    size_t len);
+
+void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]);
+void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]);
+void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+    size_t len);
+
+void
+gcm128_init(GCM128_CONTEXT *ctx)
+{
+	if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_CLMUL) != 0) {
+		gcm_init_clmul(ctx->Htable, ctx->H.u);
+		ctx->gmult = gcm_gmult_clmul;
+		ctx->ghash = gcm_ghash_clmul;
+		return;
+	}
+
+	gcm_init_4bit(ctx->Htable, ctx->H.u);
+	ctx->gmult = gcm_gmult_4bit;
+	ctx->ghash = gcm_ghash_4bit;
+}
diff --git a/src/lib/libcrypto/modes/gcm128_i386.c b/src/lib/libcrypto/modes/gcm128_i386.c
new file mode 100644
index 0000000000..ac517fdb04
--- /dev/null
+++ b/src/lib/libcrypto/modes/gcm128_i386.c
@@ -0,0 +1,56 @@
+/* $OpenBSD: gcm128_i386.c,v 1.1 2025/06/28 12:39:10 jsing Exp $ */
+/*
+ * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "crypto_arch.h"
+#include "modes_local.h"
+
+void gcm_init_4bit(u128 Htable[16], uint64_t H[2]);
+
+void gcm_gmult_4bit_mmx(uint64_t Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit_mmx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+    size_t len);
+
+void gcm_gmult_4bit_x86(uint64_t Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit_x86(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+    size_t len);
+
+void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]);
+void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]);
+void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+    size_t len);
+
+void
+gcm128_init(GCM128_CONTEXT *ctx)
+{
+	if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_CLMUL) != 0) {
+		gcm_init_clmul(ctx->Htable, ctx->H.u);
+		ctx->gmult = gcm_gmult_clmul;
+		ctx->ghash = gcm_ghash_clmul;
+		return;
+	}
+
+	if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_MMX) != 0) {
+		gcm_init_4bit(ctx->Htable, ctx->H.u);
+		ctx->gmult = gcm_gmult_4bit_mmx;
+		ctx->ghash = gcm_ghash_4bit_mmx;
+		return;
+	}
+
+	gcm_init_4bit(ctx->Htable, ctx->H.u);
+	ctx->gmult = gcm_gmult_4bit_x86;
+	ctx->ghash = gcm_ghash_4bit_x86;
+}
-- 
cgit v1.2.3-55-g6feb