/src/boringssl/crypto/fipsmodule/sha/internal.h

Source
// Copyright 2018 The BoringSSL Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_SHA_INTERNAL_H
#define OPENSSL_HEADER_CRYPTO_FIPSMODULE_SHA_INTERNAL_H

#include <openssl/base.h>

#include "../../internal.h"


BSSL_NAMESPACE_BEGIN

// Define SHA{n}[_{variant}]_ASM if sha{n}_block_data_order[_{variant}] is
// defined in assembly.

#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM)

#define SHA1_ASM_NOHW
#define SHA256_ASM_NOHW
#define SHA512_ASM_NOHW

#define SHA1_ASM_HW
inline int sha1_hw_capable() { return CRYPTO_is_ARMv8_SHA1_capable(); }

#define SHA1_ASM_NEON
extern "C" void sha1_block_data_order_neon(uint32_t state[5],
                                           const uint8_t *data, size_t num);

#define SHA256_ASM_HW
inline int sha256_hw_capable() { return CRYPTO_is_ARMv8_SHA256_capable(); }

#define SHA256_ASM_NEON
extern "C" void sha256_block_data_order_neon(uint32_t state[8],
                                             const uint8_t *data, size_t num);

// Armv8.2 SHA-512 instructions are not available in 32-bit.
#define SHA512_ASM_NEON
extern "C" void sha512_block_data_order_neon(uint64_t state[8],
                                             const uint8_t *data, size_t num);

#elif !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64)

#define SHA1_ASM_NOHW
#define SHA256_ASM_NOHW
#define SHA512_ASM_NOHW

#define SHA1_ASM_HW
inline int sha1_hw_capable() { return CRYPTO_is_ARMv8_SHA1_capable(); }

#define SHA256_ASM_HW
inline int sha256_hw_capable() { return CRYPTO_is_ARMv8_SHA256_capable(); }

#define SHA512_ASM_HW
inline int sha512_hw_capable() { return CRYPTO_is_ARMv8_SHA512_capable(); }

#elif !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86)

#define SHA1_ASM_NOHW
#define SHA256_ASM_NOHW
#define SHA512_ASM_NOHW

#define SHA1_ASM_SSSE3
inline int sha1_ssse3_capable() { return CRYPTO_is_SSSE3_capable(); }
extern "C" void sha1_block_data_order_ssse3(uint32_t state[5],
                                            const uint8_t *data, size_t num);

#define SHA1_ASM_AVX
inline int sha1_avx_capable() {
  // AMD CPUs have slow SHLD/SHRD. See also the discussion in sha1-586.pl.
  //
  // TODO(crbug.com/42290564): Should we enable SHAEXT on 32-bit x86?
  return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu();
}
extern "C" void sha1_block_data_order_avx(uint32_t state[5],
                                          const uint8_t *data, size_t num);

#define SHA256_ASM_SSSE3
inline int sha256_ssse3_capable() { return CRYPTO_is_SSSE3_capable(); }
extern "C" void sha256_block_data_order_ssse3(uint32_t state[8],
                                              const uint8_t *data, size_t num);

#define SHA256_ASM_AVX
inline int sha256_avx_capable() {
  // AMD CPUs have slow SHLD/SHRD. See also the discussion in sha1-586.pl.
  //
  // TODO(crbug.com/42290564): Should we enable SHAEXT on 32-bit x86?
  return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu();
}
extern "C" void sha256_block_data_order_avx(uint32_t state[8],
                                            const uint8_t *data, size_t num);

#define SHA512_ASM_SSSE3
inline int sha512_ssse3_capable() { return CRYPTO_is_SSSE3_capable(); }
extern "C" void sha512_block_data_order_ssse3(uint64_t state[8],
                                              const uint8_t *data, size_t num);

#elif !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64)

#define SHA1_ASM_NOHW
#define SHA256_ASM_NOHW
#define SHA512_ASM_NOHW

#define SHA1_ASM_HW
inline int sha1_hw_capable() {
  return CRYPTO_is_x86_SHA_capable() && CRYPTO_is_SSSE3_capable();
}

#define SHA1_ASM_AVX2
inline int sha1_avx2_capable() {
  return CRYPTO_is_AVX2_capable() && CRYPTO_is_BMI2_capable() &&
         CRYPTO_is_BMI1_capable();
}
extern "C" void sha1_block_data_order_avx2(uint32_t state[5],
                                           const uint8_t *data, size_t num);

#define SHA1_ASM_AVX
inline int sha1_avx_capable() {
  // AMD CPUs have slow SHLD/SHRD. See also the discussion in sha1-586.pl. Zen
  // added the SHA extension, so this is moot on newer AMD CPUs.
  return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu();
}
extern "C" void sha1_block_data_order_avx(uint32_t state[5],
                                          const uint8_t *data, size_t num);

#define SHA1_ASM_SSSE3
inline int sha1_ssse3_capable() { return CRYPTO_is_SSSE3_capable(); }
extern "C" void sha1_block_data_order_ssse3(uint32_t state[5],
                                            const uint8_t *data, size_t num);

#define SHA256_ASM_HW
inline int sha256_hw_capable() {
  // Note that the original assembly did not check SSSE3.
  return CRYPTO_is_x86_SHA_capable() && CRYPTO_is_SSSE3_capable();
}

#define SHA256_ASM_AVX
inline int sha256_avx_capable() {
  // AMD CPUs have slow SHLD/SHRD. See also the discussion in sha1-586.pl. Zen
  // added the SHA extension, so this is moot on newer AMD CPUs.
  return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu();
}
extern "C" void sha256_block_data_order_avx(uint32_t state[8],
                                            const uint8_t *data, size_t num);

#define SHA256_ASM_SSSE3
inline int sha256_ssse3_capable() { return CRYPTO_is_SSSE3_capable(); }
extern "C" void sha256_block_data_order_ssse3(uint32_t state[8],
                                              const uint8_t *data, size_t num);

#define SHA512_ASM_AVX
inline int sha512_avx_capable() {
  // AMD CPUs have slow SHLD/SHRD. See also the discussion in sha1-586.pl.
  //
  // TODO(crbug.com/42290564): Fixing and enabling the AVX2 implementation would
  // mitigate this on newer AMD CPUs.
  return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu();
}
extern "C" void sha512_block_data_order_avx(uint64_t state[8],
                                            const uint8_t *data, size_t num);

#endif

#if defined(SHA1_ASM_HW)
extern "C" void sha1_block_data_order_hw(uint32_t state[5], const uint8_t *data,
                                         size_t num);
#endif
#if defined(SHA1_ASM_NOHW)
extern "C" void sha1_block_data_order_nohw(uint32_t state[5],
                                           const uint8_t *data, size_t num);
#endif

#if defined(SHA256_ASM_HW)
extern "C" void sha256_block_data_order_hw(uint32_t state[8],
                                           const uint8_t *data, size_t num);
#endif
#if defined(SHA256_ASM_NOHW)
extern "C" void sha256_block_data_order_nohw(uint32_t state[8],
                                             const uint8_t *data, size_t num);
#endif

#if defined(SHA512_ASM_HW)
extern "C" void sha512_block_data_order_hw(uint64_t state[8],
                                           const uint8_t *data, size_t num);
#endif

#if defined(SHA512_ASM_NOHW)
extern "C" void sha512_block_data_order_nohw(uint64_t state[8],
                                             const uint8_t *data, size_t num);
#endif

BSSL_NAMESPACE_END

#endif  // OPENSSL_HEADER_CRYPTO_FIPSMODULE_SHA_INTERNAL_H

Coverage Report

Created: 2026-06-15 07:04

Line	Count	Source
1		// Copyright 2018 The BoringSSL Authors
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// https://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_SHA_INTERNAL_H
16		#define OPENSSL_HEADER_CRYPTO_FIPSMODULE_SHA_INTERNAL_H
17
18		#include <openssl/base.h>
19
20		#include "../../internal.h"
21
22
23		BSSL_NAMESPACE_BEGIN
24
25		// Define SHA{n}[_{variant}]_ASM if sha{n}_block_data_order[_{variant}] is
26		// defined in assembly.
27
28		#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM)
29
30		#define SHA1_ASM_NOHW
31		#define SHA256_ASM_NOHW
32		#define SHA512_ASM_NOHW
33
34		#define SHA1_ASM_HW
35		inline int sha1_hw_capable() { return CRYPTO_is_ARMv8_SHA1_capable(); }
36
37		#define SHA1_ASM_NEON
38		extern "C" void sha1_block_data_order_neon(uint32_t state[5],
39		const uint8_t *data, size_t num);
40
41		#define SHA256_ASM_HW
42		inline int sha256_hw_capable() { return CRYPTO_is_ARMv8_SHA256_capable(); }
43
44		#define SHA256_ASM_NEON
45		extern "C" void sha256_block_data_order_neon(uint32_t state[8],
46		const uint8_t *data, size_t num);
47
48		// Armv8.2 SHA-512 instructions are not available in 32-bit.
49		#define SHA512_ASM_NEON
50		extern "C" void sha512_block_data_order_neon(uint64_t state[8],
51		const uint8_t *data, size_t num);
52
53		#elif !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64)
54
55		#define SHA1_ASM_NOHW
56		#define SHA256_ASM_NOHW
57		#define SHA512_ASM_NOHW
58
59		#define SHA1_ASM_HW
60		inline int sha1_hw_capable() { return CRYPTO_is_ARMv8_SHA1_capable(); }
61
62		#define SHA256_ASM_HW
63		inline int sha256_hw_capable() { return CRYPTO_is_ARMv8_SHA256_capable(); }
64
65		#define SHA512_ASM_HW
66		inline int sha512_hw_capable() { return CRYPTO_is_ARMv8_SHA512_capable(); }
67
68		#elif !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86)
69
70		#define SHA1_ASM_NOHW
71		#define SHA256_ASM_NOHW
72		#define SHA512_ASM_NOHW
73
74		#define SHA1_ASM_SSSE3
75		inline int sha1_ssse3_capable() { return CRYPTO_is_SSSE3_capable(); }
76		extern "C" void sha1_block_data_order_ssse3(uint32_t state[5],
77		const uint8_t *data, size_t num);
78
79		#define SHA1_ASM_AVX
80		inline int sha1_avx_capable() {
81		// AMD CPUs have slow SHLD/SHRD. See also the discussion in sha1-586.pl.
82		//
83		// TODO(crbug.com/42290564): Should we enable SHAEXT on 32-bit x86?
84		return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu();
85		}
86		extern "C" void sha1_block_data_order_avx(uint32_t state[5],
87		const uint8_t *data, size_t num);
88
89		#define SHA256_ASM_SSSE3
90		inline int sha256_ssse3_capable() { return CRYPTO_is_SSSE3_capable(); }
91		extern "C" void sha256_block_data_order_ssse3(uint32_t state[8],
92		const uint8_t *data, size_t num);
93
94		#define SHA256_ASM_AVX
95		inline int sha256_avx_capable() {
96		// AMD CPUs have slow SHLD/SHRD. See also the discussion in sha1-586.pl.
97		//
98		// TODO(crbug.com/42290564): Should we enable SHAEXT on 32-bit x86?
99		return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu();
100		}
101		extern "C" void sha256_block_data_order_avx(uint32_t state[8],
102		const uint8_t *data, size_t num);
103
104		#define SHA512_ASM_SSSE3
105		inline int sha512_ssse3_capable() { return CRYPTO_is_SSSE3_capable(); }
106		extern "C" void sha512_block_data_order_ssse3(uint64_t state[8],
107		const uint8_t *data, size_t num);
108
109		#elif !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64)
110
111		#define SHA1_ASM_NOHW
112		#define SHA256_ASM_NOHW
113		#define SHA512_ASM_NOHW
114
115		#define SHA1_ASM_HW
116	468k	inline int sha1_hw_capable() {
117	468k	return CRYPTO_is_x86_SHA_capable() && CRYPTO_is_SSSE3_capable();
118	468k	}
119
120		#define SHA1_ASM_AVX2
121	468k	inline int sha1_avx2_capable() {
122	468k	return CRYPTO_is_AVX2_capable() && CRYPTO_is_BMI2_capable() &&
123	468k	CRYPTO_is_BMI1_capable();
124	468k	}
125		extern "C" void sha1_block_data_order_avx2(uint32_t state[5],
126		const uint8_t *data, size_t num);
127
128		#define SHA1_ASM_AVX
129	0	inline int sha1_avx_capable() {
130		// AMD CPUs have slow SHLD/SHRD. See also the discussion in sha1-586.pl. Zen
131		// added the SHA extension, so this is moot on newer AMD CPUs.
132	0	return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu();
133	0	}
134		extern "C" void sha1_block_data_order_avx(uint32_t state[5],
135		const uint8_t *data, size_t num);
136
137		#define SHA1_ASM_SSSE3
138	0	inline int sha1_ssse3_capable() { return CRYPTO_is_SSSE3_capable(); }
139		extern "C" void sha1_block_data_order_ssse3(uint32_t state[5],
140		const uint8_t *data, size_t num);
141
142		#define SHA256_ASM_HW
143	2.99M	inline int sha256_hw_capable() {
144		// Note that the original assembly did not check SSSE3.
145	2.99M	return CRYPTO_is_x86_SHA_capable() && CRYPTO_is_SSSE3_capable();
146	2.99M	}
147
148		#define SHA256_ASM_AVX
149	2.99M	inline int sha256_avx_capable() {
150		// AMD CPUs have slow SHLD/SHRD. See also the discussion in sha1-586.pl. Zen
151		// added the SHA extension, so this is moot on newer AMD CPUs.
152	2.99M	return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu();
153	2.99M	}
154		extern "C" void sha256_block_data_order_avx(uint32_t state[8],
155		const uint8_t *data, size_t num);
156
157		#define SHA256_ASM_SSSE3
158	0	inline int sha256_ssse3_capable() { return CRYPTO_is_SSSE3_capable(); }
159		extern "C" void sha256_block_data_order_ssse3(uint32_t state[8],
160		const uint8_t *data, size_t num);
161
162		#define SHA512_ASM_AVX
163	702k	inline int sha512_avx_capable() {
164		// AMD CPUs have slow SHLD/SHRD. See also the discussion in sha1-586.pl.
165		//
166		// TODO(crbug.com/42290564): Fixing and enabling the AVX2 implementation would
167		// mitigate this on newer AMD CPUs.
168	702k	return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu();
169	702k	}
170		extern "C" void sha512_block_data_order_avx(uint64_t state[8],
171		const uint8_t *data, size_t num);
172
173		#endif
174
175		#if defined(SHA1_ASM_HW)
176		extern "C" void sha1_block_data_order_hw(uint32_t state[5], const uint8_t *data,
177		size_t num);
178		#endif
179		#if defined(SHA1_ASM_NOHW)
180		extern "C" void sha1_block_data_order_nohw(uint32_t state[5],
181		const uint8_t *data, size_t num);
182		#endif
183
184		#if defined(SHA256_ASM_HW)
185		extern "C" void sha256_block_data_order_hw(uint32_t state[8],
186		const uint8_t *data, size_t num);
187		#endif
188		#if defined(SHA256_ASM_NOHW)
189		extern "C" void sha256_block_data_order_nohw(uint32_t state[8],
190		const uint8_t *data, size_t num);
191		#endif
192
193		#if defined(SHA512_ASM_HW)
194		extern "C" void sha512_block_data_order_hw(uint64_t state[8],
195		const uint8_t *data, size_t num);
196		#endif
197
198		#if defined(SHA512_ASM_NOHW)
199		extern "C" void sha512_block_data_order_nohw(uint64_t state[8],
200		const uint8_t *data, size_t num);
201		#endif
202
203		BSSL_NAMESPACE_END
204
205		#endif // OPENSSL_HEADER_CRYPTO_FIPSMODULE_SHA_INTERNAL_H