From fe7294a5c93bf90f080d28c3a7684b6e91757a35 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 16 Nov 2024 13:05:35 +0000
Subject: Add CPU capability detection for the Intel SHA extensions (aka
 SHA-NI).

This also provides a crypto_cpu_caps_amd64 variable that can be checked
for CRYPTO_CPU_CAPS_AMD64_SHA.

ok tb@
---
 src/lib/libcrypto/arch/amd64/crypto_arch.h     | 10 +++++++++-
 src/lib/libcrypto/arch/amd64/crypto_cpu_caps.c | 22 ++++++++++++++++++----
 2 files changed, 27 insertions(+), 5 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h
index 64b2da587b..7546fb0dfd 100644
--- a/src/lib/libcrypto/arch/amd64/crypto_arch.h
+++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_arch.h,v 1.3 2024/10/19 13:06:11 jsing Exp $ */
+/*	$OpenBSD: crypto_arch.h,v 1.4 2024/11/16 13:05:35 jsing Exp $ */
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -15,12 +15,20 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include <stdint.h>
+
 #ifndef HEADER_CRYPTO_ARCH_H
 #define HEADER_CRYPTO_ARCH_H
 
 #define HAVE_CRYPTO_CPU_CAPS_INIT
 #define HAVE_CRYPTO_CPU_CAPS_IA32
 
+#ifndef __ASSEMBLER__
+extern uint64_t crypto_cpu_caps_amd64;
+#endif
+
+#define CRYPTO_CPU_CAPS_AMD64_SHA	(1ULL << 0)
+
 #ifndef OPENSSL_NO_ASM
 
 #define HAVE_AES_CBC_ENCRYPT_INTERNAL
diff --git a/src/lib/libcrypto/arch/amd64/crypto_cpu_caps.c b/src/lib/libcrypto/arch/amd64/crypto_cpu_caps.c
index 6bb77411af..63b7b64cda 100644
--- a/src/lib/libcrypto/arch/amd64/crypto_cpu_caps.c
+++ b/src/lib/libcrypto/arch/amd64/crypto_cpu_caps.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_cpu_caps.c,v 1.3 2024/11/12 13:14:57 jsing Exp $ */
+/*	$OpenBSD: crypto_cpu_caps.c,v 1.4 2024/11/16 13:05:35 jsing Exp $ */
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -19,11 +19,15 @@
 
 #include <openssl/crypto.h>
 
+#include "crypto_arch.h"
 #include "x86_arch.h"
 
 /* Legacy architecture specific capabilities, used by perlasm. */
 uint64_t OPENSSL_ia32cap_P;
 
+/* Machine dependent CPU capabilities. */
+uint64_t crypto_cpu_caps_amd64;
+
 /* Machine independent CPU capabilities. */
 extern uint64_t crypto_cpu_caps;
 
@@ -67,19 +71,21 @@ xgetbv(uint32_t ecx, uint32_t *out_eax, uint32_t *out_edx)
 void
 crypto_cpu_caps_init(void)
 {
-	uint32_t eax, ebx, ecx, edx;
+	uint32_t eax, ebx, ecx, edx, max_cpuid;
 	uint64_t caps = 0;
 
 	cpuid(0, &eax, &ebx, &ecx, &edx);
 
+	max_cpuid = eax;
+
 	/* "GenuineIntel" in little endian. */
 	if (ebx == 0x756e6547 && edx == 0x49656e69 && ecx == 0x6c65746e)
 		caps |= CPUCAP_MASK_INTEL;
 
-	if (eax < 1)
+	if (max_cpuid < 1)
 		return;
 
-	cpuid(1, &eax, &ebx, &ecx, &edx);
+	cpuid(1, &eax, NULL, &ecx, &edx);
 
 	if ((edx & IA32CAP_MASK0_FXSR) != 0)
 		caps |= CPUCAP_MASK_FXSR;
@@ -106,6 +112,14 @@ crypto_cpu_caps_init(void)
 			caps |= CPUCAP_MASK_AVX;
 	}
 
+	if (max_cpuid >= 7) {
+		cpuid(7, NULL, &ebx, NULL, NULL);
+
+		/* Intel SHA extensions feature bit - ebx[29]. */
+		if (((ebx >> 29) & 1) != 0)
+			crypto_cpu_caps_amd64 |= CRYPTO_CPU_CAPS_AMD64_SHA;
+	}
+
 	/* Set machine independent CPU capabilities. */
 	if ((caps & CPUCAP_MASK_AESNI) != 0)
 		crypto_cpu_caps |= CRYPTO_CPU_CAPS_ACCELERATED_AES;
-- 
cgit v1.2.3-55-g6feb