From 48723f4db60f6f8a8ad8424ffe5e0262d30f397c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 28 Jun 2025 12:39:10 +0000 Subject: Rework gcm128 implementation selection for amd64/i386. Provide gcm128_amd64.c and gcm128_i386.c, which contain the appropriate gcm128 initialisation and CPU feature tests for the respective platform. This allows for all of the #define spagetti to be removed from gcm128.c and removes one of the two remaining consumers of crypto_cpu_caps_ia32(). ok tb@ --- src/lib/libcrypto/arch/amd64/Makefile.inc | 6 ++- src/lib/libcrypto/arch/amd64/crypto_arch.h | 4 +- src/lib/libcrypto/arch/i386/Makefile.inc | 7 ++- src/lib/libcrypto/arch/i386/crypto_arch.h | 4 +- src/lib/libcrypto/modes/gcm128.c | 70 ++++++------------------------ src/lib/libcrypto/modes/gcm128_amd64.c | 44 +++++++++++++++++++ src/lib/libcrypto/modes/gcm128_i386.c | 56 ++++++++++++++++++++++++ 7 files changed, 130 insertions(+), 61 deletions(-) create mode 100644 src/lib/libcrypto/modes/gcm128_amd64.c create mode 100644 src/lib/libcrypto/modes/gcm128_i386.c (limited to 'src') diff --git a/src/lib/libcrypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/arch/amd64/Makefile.inc index 5ecf8f1390..649c507189 100644 --- a/src/lib/libcrypto/arch/amd64/Makefile.inc +++ b/src/lib/libcrypto/arch/amd64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.40 2025/06/15 15:11:50 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.41 2025/06/28 12:39:10 jsing Exp $ # amd64-specific libcrypto build rules @@ -38,11 +38,15 @@ SRCS += word_clz.S # md5 CFLAGS+= -DMD5_ASM SRCS+= md5_amd64_generic.S + # modes CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-x86_64 +SRCS += gcm128_amd64.c + # rc4 SSLASM+= rc4 rc4-x86_64 + # ripemd # sha SRCS+= sha1_amd64.c diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h index 213a5d903e..9f292cc530 100644 --- a/src/lib/libcrypto/arch/amd64/crypto_arch.h +++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_arch.h,v 1.8 2025/06/28 12:20:39 jsing Exp $ */ +/* $OpenBSD: crypto_arch.h,v 1.9 2025/06/28 12:39:10 jsing Exp $ */ /* * Copyright (c) 2024 Joel Sing * @@ -40,6 +40,8 @@ extern uint64_t crypto_cpu_caps_amd64; #define HAVE_AES_CBC_ENCRYPT_INTERNAL #define HAVE_AES_CTR32_ENCRYPT_INTERNAL +#define HAVE_GCM128_INIT + #define HAVE_RC4_INTERNAL #define HAVE_RC4_SET_KEY_INTERNAL diff --git a/src/lib/libcrypto/arch/i386/Makefile.inc b/src/lib/libcrypto/arch/i386/Makefile.inc index 8747d389ac..bfc701687e 100644 --- a/src/lib/libcrypto/arch/i386/Makefile.inc +++ b/src/lib/libcrypto/arch/i386/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.30 2025/06/15 15:11:50 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.31 2025/06/28 12:39:10 jsing Exp $ # i386-specific libcrypto build rules @@ -18,14 +18,19 @@ SSLASM+= bn bn-586 SSLASM+= bn co-586 CFLAGS+= -DOPENSSL_BN_ASM_MONT SSLASM+= bn x86-mont + # md5 CFLAGS+= -DMD5_ASM SSLASM+= md5 md5-586 + # modes CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-x86 +SRCS += gcm128_i386.c + # rc4 SSLASM+= rc4 rc4-586 + # sha SSLASM+= sha sha1-586 SSLASM+= sha sha256-586 diff --git a/src/lib/libcrypto/arch/i386/crypto_arch.h b/src/lib/libcrypto/arch/i386/crypto_arch.h index 9a377e56a9..95d4cc468b 100644 --- a/src/lib/libcrypto/arch/i386/crypto_arch.h +++ b/src/lib/libcrypto/arch/i386/crypto_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_arch.h,v 1.7 2025/06/28 12:21:46 jsing Exp $ */ +/* $OpenBSD: crypto_arch.h,v 1.8 2025/06/28 12:39:10 jsing Exp $ */ /* * Copyright (c) 2024 Joel Sing * @@ -40,6 +40,8 @@ extern uint64_t crypto_cpu_caps_i386; #define HAVE_AES_CBC_ENCRYPT_INTERNAL #define HAVE_AES_CTR32_ENCRYPT_INTERNAL +#define HAVE_GCM128_INIT + #define HAVE_RC4_INTERNAL #define HAVE_RC4_SET_KEY_INTERNAL diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c index b989915c4a..b6874296e0 100644 --- a/src/lib/libcrypto/modes/gcm128.c +++ b/src/lib/libcrypto/modes/gcm128.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gcm128.c,v 1.53 2025/06/28 12:32:27 jsing Exp $ */ +/* $OpenBSD: gcm128.c,v 1.54 2025/06/28 12:39:10 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2010 The OpenSSL Project. All rights reserved. * @@ -55,7 +55,7 @@ #include "crypto_internal.h" #include "modes_local.h" -static void +void gcm_init_4bit(u128 Htable[16], uint64_t H[2]) { u128 V; @@ -196,35 +196,17 @@ gcm_ghash(GCM128_CONTEXT *ctx, const uint8_t *in, size_t len) ctx->ghash(ctx->Xi.u, ctx->Htable, in, len); } -#if defined(GHASH_ASM) && \ - (defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -#include "x86_arch.h" -#endif - -#if defined(GHASH_ASM) -# if (defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define GHASH_ASM_X86_OR_64 +#ifdef HAVE_GCM128_INIT +void gcm128_init(GCM128_CONTEXT *ctx); -void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]); -void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]); -void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len); - -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define GHASH_ASM_X86 -void gcm_gmult_4bit_mmx(uint64_t Xi[2], const u128 Htable[16]); -void gcm_ghash_4bit_mmx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len); - -void gcm_gmult_4bit_x86(uint64_t Xi[2], const u128 Htable[16]); -void gcm_ghash_4bit_x86(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len); -# endif -# endif +#else +static void +gcm128_init(GCM128_CONTEXT *ctx) +{ + gcm_init_4bit(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_4bit; + ctx->ghash = gcm_ghash_4bit; +} #endif void @@ -240,33 +222,7 @@ CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) ctx->H.u[0] = be64toh(ctx->H.u[0]); ctx->H.u[1] = be64toh(ctx->H.u[1]); -# if defined(GHASH_ASM_X86_OR_64) - /* check FXSR and PCLMULQDQ bits */ - if ((crypto_cpu_caps_ia32() & (CPUCAP_MASK_FXSR | CPUCAP_MASK_PCLMUL)) == - (CPUCAP_MASK_FXSR | CPUCAP_MASK_PCLMUL)) { - gcm_init_clmul(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_clmul; - ctx->ghash = gcm_ghash_clmul; - return; - } - gcm_init_4bit(ctx->Htable, ctx->H.u); -# if defined(GHASH_ASM_X86) /* x86 only */ - if (crypto_cpu_caps_ia32() & CPUCAP_MASK_MMX) { /* check MMX bit */ - ctx->gmult = gcm_gmult_4bit_mmx; - ctx->ghash = gcm_ghash_4bit_mmx; - } else { - ctx->gmult = gcm_gmult_4bit_x86; - ctx->ghash = gcm_ghash_4bit_x86; - } -# else - ctx->gmult = gcm_gmult_4bit; - ctx->ghash = gcm_ghash_4bit; -# endif -# else - gcm_init_4bit(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_4bit; - ctx->ghash = gcm_ghash_4bit; -# endif + gcm128_init(ctx); } LCRYPTO_ALIAS(CRYPTO_gcm128_init); diff --git a/src/lib/libcrypto/modes/gcm128_amd64.c b/src/lib/libcrypto/modes/gcm128_amd64.c new file mode 100644 index 0000000000..eaa66fb32f --- /dev/null +++ b/src/lib/libcrypto/modes/gcm128_amd64.c @@ -0,0 +1,44 @@ +/* $OpenBSD: gcm128_amd64.c,v 1.1 2025/06/28 12:39:10 jsing Exp $ */ +/* + * Copyright (c) 2025 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "crypto_arch.h" +#include "modes_local.h" + +void gcm_init_4bit(u128 Htable[16], uint64_t H[2]); +void gcm_gmult_4bit(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); + +void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]); +void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); + +void +gcm128_init(GCM128_CONTEXT *ctx) +{ + if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_CLMUL) != 0) { + gcm_init_clmul(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_clmul; + ctx->ghash = gcm_ghash_clmul; + return; + } + + gcm_init_4bit(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_4bit; + ctx->ghash = gcm_ghash_4bit; +} diff --git a/src/lib/libcrypto/modes/gcm128_i386.c b/src/lib/libcrypto/modes/gcm128_i386.c new file mode 100644 index 0000000000..ac517fdb04 --- /dev/null +++ b/src/lib/libcrypto/modes/gcm128_i386.c @@ -0,0 +1,56 @@ +/* $OpenBSD: gcm128_i386.c,v 1.1 2025/06/28 12:39:10 jsing Exp $ */ +/* + * Copyright (c) 2025 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "crypto_arch.h" +#include "modes_local.h" + +void gcm_init_4bit(u128 Htable[16], uint64_t H[2]); + +void gcm_gmult_4bit_mmx(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_4bit_mmx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); + +void gcm_gmult_4bit_x86(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_4bit_x86(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); + +void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]); +void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); + +void +gcm128_init(GCM128_CONTEXT *ctx) +{ + if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_CLMUL) != 0) { + gcm_init_clmul(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_clmul; + ctx->ghash = gcm_ghash_clmul; + return; + } + + if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_MMX) != 0) { + gcm_init_4bit(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_4bit_mmx; + ctx->ghash = gcm_ghash_4bit_mmx; + return; + } + + gcm_init_4bit(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_4bit_x86; + ctx->ghash = gcm_ghash_4bit_x86; +} -- cgit v1.2.3-55-g6feb