From c428e90254a413522494afa11ee590a01bac3aa5 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Sat, 19 Apr 2025 09:10:58 -0400
Subject: [PATCH] Detect correct polyval implementation (mostly)

I'm saying "mostly" because this will be wrong on really old intel;
we'll need a cpuid workaround if we need to support those.
---
 src/ext/polyval/polyval.h | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/ext/polyval/polyval.h b/src/ext/polyval/polyval.h
index 8ad48d8770..5072f05619 100644
--- a/src/ext/polyval/polyval.h
+++ b/src/ext/polyval/polyval.h
@@ -12,13 +12,38 @@
 #include "orconfig.h"
 #include "lib/cc/torint.h"
 
+/* Decide which implementation to use. */
+#if defined(__amd64__) || defined(__amd64) || defined(__x86_64__) \
+  || defined(_M_X64) || defined(_M_IX86) || defined(__i486)       \
+  || defined(__i386__)
+/* Use intel intrinsics for carryless multiply.
+ *
+ * TODO: In theory we should detect whether we have the relevant instructions,
+ * but they are all at least 15 years old.
+ */
 #define PV_USE_PCLMUL
+#elif SIZEOF_VOID_P >= 8
+/* It's a 64-bit architecture; use the generic 64-bit constant-time
+ * implementation.
+ */
+#define PV_USE_CTMUL64
+#elif SIZEOF_VOID_P == 4
+/* It's a 64-bit architecture; use the generic 32-bit constant-time
+ * implementation.
+ */
+#define PV_USE_CTMUL
+#else
+#error "sizeof(void*) is implausibly weird."
+#endif
 
+/**
+ * Declare a 128 bit integer type.
+ # The exact representation will depend on which implementation we've chosen.
+ */
 #ifdef PV_USE_PCLMUL
 #include <emmintrin.h>
 typedef __m128i pv_u128_;
 #elif defined(PV_USE_CTMUL64)
-/** A 128-bit integer represented as its low and high portion. */
 typedef struct pv_u128_ {
   uint64_t lo;
   uint64_t hi;
-- 
2.47.2