--- a/crypto/fipsmodule/aes/gcm.cc.inc +++ b/crypto/fipsmodule/aes/gcm.cc.inc @@ -111,11 +111,13 @@ static size_t hw_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len, aes_gcm_enc_update_vaes_avx2(in, out, len, key, ivec, Htable, Xi); CRYPTO_store_u32_be(&ivec[12], CRYPTO_load_u32_be(&ivec[12]) + len / 16); return len; +#ifndef OPENSSL_NO_AVX512 case gcm_x86_vaes_avx512: len &= kSizeTWithoutLower4Bits; aes_gcm_enc_update_vaes_avx512(in, out, len, key, ivec, Htable, Xi); CRYPTO_store_u32_be(&ivec[12], CRYPTO_load_u32_be(&ivec[12]) + len / 16); return len; +#endif // OPENSSL_NO_AVX512 default: return aesni_gcm_encrypt(in, out, len, key, ivec, Htable, Xi); } @@ -131,11 +133,13 @@ static size_t hw_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len, aes_gcm_dec_update_vaes_avx2(in, out, len, key, ivec, Htable, Xi); CRYPTO_store_u32_be(&ivec[12], CRYPTO_load_u32_be(&ivec[12]) + len / 16); return len; +#ifndef OPENSSL_NO_AVX512 case gcm_x86_vaes_avx512: len &= kSizeTWithoutLower4Bits; aes_gcm_dec_update_vaes_avx512(in, out, len, key, ivec, Htable, Xi); CRYPTO_store_u32_be(&ivec[12], CRYPTO_load_u32_be(&ivec[12]) + len / 16); return len; +#endif // OPENSSL_NO_AVX512 default: return aesni_gcm_decrypt(in, out, len, key, ivec, Htable, Xi); } @@ -187,6 +191,7 @@ void bssl::CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, #if defined(GHASH_ASM_X86_64) if (crypto_gcm_clmul_enabled()) { if (CRYPTO_is_VPCLMULQDQ_capable() && CRYPTO_is_AVX2_capable()) { +#ifndef OPENSSL_NO_AVX512 if (CRYPTO_is_AVX512BW_capable() && CRYPTO_is_AVX512VL_capable() && CRYPTO_is_BMI2_capable() && !CRYPTO_cpu_avoid_zmm_registers()) { gcm_init_vpclmulqdq_avx512(out_table, H); @@ -194,6 +199,7 @@ void bssl::CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, *out_hash = gcm_ghash_vpclmulqdq_avx512; return; } +#endif // OPENSSL_NO_AVX512 gcm_init_vpclmulqdq_avx2(out_table, H); *out_mult = gcm_gmult_vpclmulqdq_avx2; *out_hash = gcm_ghash_vpclmulqdq_avx2; @@ -276,10 +282,14 @@ void bssl::CRYPTO_gcm128_init_aes_key(GCM128_KEY *gcm_key, const uint8_t *key, #if !defined(OPENSSL_NO_ASM) #if defined(OPENSSL_X86_64) +#ifndef OPENSSL_NO_AVX512 if (gcm_key->ghash == gcm_ghash_vpclmulqdq_avx512 && CRYPTO_is_VAES_capable()) { gcm_key->impl = gcm_x86_vaes_avx512; } else if (gcm_key->ghash == gcm_ghash_vpclmulqdq_avx2 && +#else + if (gcm_key->ghash == gcm_ghash_vpclmulqdq_avx2 && +#endif CRYPTO_is_VAES_capable()) { gcm_key->impl = gcm_x86_vaes_avx2; } else if (gcm_key->ghash == gcm_ghash_avx && is_hwaes) { --- a/crypto/fipsmodule/aes/internal.h +++ b/crypto/fipsmodule/aes/internal.h @@ -305,7 +305,9 @@ enum gcm_impl_t { gcm_separate = 0, // No combined AES-GCM, but may have AES-CTR and GHASH. gcm_x86_aesni, gcm_x86_vaes_avx2, +#ifndef OPENSSL_NO_AVX512 gcm_x86_vaes_avx512, +#endif gcm_arm64_aes, gcm_arm64_aes_eor3, }; @@ -452,6 +454,7 @@ extern "C" void aes_gcm_dec_update_vaes_avx2(const uint8_t *in, uint8_t *out, const u128 Htable[16], uint8_t Xi[16]); +#ifndef OPENSSL_NO_AVX512 extern "C" void gcm_init_vpclmulqdq_avx512(u128 Htable[16], const uint64_t H[2]); extern "C" void gcm_gmult_vpclmulqdq_avx512(uint8_t Xi[16], @@ -469,6 +472,7 @@ extern "C" void aes_gcm_dec_update_vaes_avx512(const uint8_t *in, uint8_t *out, const uint8_t ivec[16], const u128 Htable[16], uint8_t Xi[16]); +#endif // OPENSSL_NO_AVX512 #endif // OPENSSL_X86_64