Enable avx2 implementation of sha1.
Before:
Did 19655000 SHA-1 (16 bytes) operations in 2000053us (157.2 MB/sec)
Did 5112000 SHA-1 (256 bytes) operations in 2000126us (654.3 MB/sec)
Did 1280000 SHA-1 (1350 bytes) operations in 2000559us (863.8 MB/sec)
Did 229000 SHA-1 (8192 bytes) operations in 2004784us (935.7 MB/sec)
Did 116000 SHA-1 (16384 bytes) operations in 2008224us (946.4 MB/sec)
After:
Did 20506000 SHA-1 (16 bytes) operations in 2000062us (164.0 MB/sec) [+4.3%]
Did 5659000 SHA-1 (256 bytes) operations in 2000100us (724.3 MB/sec) [+10.7%]
Did 1454000 SHA-1 (1350 bytes) operations in 2000739us (981.1 MB/sec) [+13.6%]
Did 255000 SHA-1 (8192 bytes) operations in 2000733us (1044.1 MB/sec) [+11.6%]
Did 129000 SHA-1 (16384 bytes) operations in 2009483us (1051.8 MB/sec) [+11.1%]
Change-Id: Idaf75e92b2da4d83b597771aca1123f2884d7687
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41284
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/sha/asm/sha1-x86_64.pl b/crypto/fipsmodule/sha/asm/sha1-x86_64.pl
index df7cbc3..5e98962 100755
--- a/crypto/fipsmodule/sha/asm/sha1-x86_64.pl
+++ b/crypto/fipsmodule/sha/asm/sha1-x86_64.pl
@@ -107,16 +107,11 @@
# In upstream, this is controlled by shelling out to the compiler to check
# versions, but BoringSSL is intended to be used with pre-generated perlasm
# output, so this isn't useful anyway.
-#
-# TODO(davidben): Enable AVX2 code after testing by setting $avx to 2. Is it
-# necessary to disable AVX2 code when SHA Extensions code is disabled? Upstream
-# did not tie them together until after $shaext was added.
-$avx = 1;
+$avx = 2;
# TODO(davidben): Consider enabling the Intel SHA Extensions code once it's
# been tested.
$shaext=0; ### set to zero if compiling for 1.0.1
-$avx=1 if (!$shaext && $avx);
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
