Gate CLMUL AES-GCM on SSSE3 It uses PSHUFB. That no one's noticed this across OpenSSL and BoringSSL suggests very strongly that no x86 CPUs exist with CLMUL and not SSSE3, but in principle we should check both. Change-Id: I79242316d2ab793f9f8d2e016d2a80d52fe1afdf Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/77047 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>

commit: a57d1b883707d1246f7e6fe4488c8dc4eba0ee00 [log] [tgz]
author: David Benjamin <davidben@google.com> Wed Mar 05 12:05:29 2025 -0500
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Mar 05 09:33:49 2025 -0800
tree: efa864989d63d6b6569a1656397c7d6875f79879
parent: 920bad63ec4934fb161552a02b9c172000c6dde8 [diff]
diff --git a/crypto/fipsmodule/aes/gcm.cc.inc b/crypto/fipsmodule/aes/gcm.cc.inc
index 87ef5b8..0b9b2ac 100644
--- a/crypto/fipsmodule/aes/gcm.cc.inc
+++ b/crypto/fipsmodule/aes/gcm.cc.inc

@@ -596,7 +596,7 @@
 #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
 int crypto_gcm_clmul_enabled(void) {
 #if defined(GHASH_ASM_X86) || defined(GHASH_ASM_X86_64)
-  return CRYPTO_is_PCLMUL_capable();
+  return CRYPTO_is_PCLMUL_capable() && CRYPTO_is_SSSE3_capable();
 #else
   return 0;
 #endif
commit	a57d1b883707d1246f7e6fe4488c8dc4eba0ee00	[log] [tgz]
author	David Benjamin <davidben@google.com>	Wed Mar 05 12:05:29 2025 -0500
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Wed Mar 05 09:33:49 2025 -0800
tree	efa864989d63d6b6569a1656397c7d6875f79879
parent	920bad63ec4934fb161552a02b9c172000c6dde8 [diff]