Fix performance regression of x86_64 GCM with rustc 1.87

graviola/src/low/x86_64/aes_gcm.rs

@@ -204,22 +204,20 @@ unsafe fn _cipher<const ENC: bool>(
 struct Counter(__m128i);
 
 impl Counter {
-    fn new(bytes: &[u8; 16]) -> Self {
-        // SAFETY: `bytes` is a 128-bits and can be loaded from
-        Self(unsafe {
-            let c = _mm_lddqu_si128(bytes.as_ptr() as *const _);
-            _mm_shuffle_epi8(c, BYTESWAP_EPI64)
-        })
+    #[target_feature(enable = "sse3,ssse3")]
+    #[inline]
+    unsafe fn new(bytes: &[u8; 16]) -> Self {
+        // SAFETY: `bytes` is 128-bits and can be loaded from
+        let c = _mm_lddqu_si128(bytes.as_ptr() as *const _);
+        Self(_mm_shuffle_epi8(c, BYTESWAP_EPI64))
     }
 
+    #[target_feature(enable = "sse3,ssse3")]
     #[must_use]
     #[inline]
-    fn next(&mut self) -> __m128i {
-        // SAFETY: this crate requires the `avx` feature
-        unsafe {
-            self.0 = _mm_add_epi32(self.0, COUNTER_1);
-            _mm_shuffle_epi8(self.0, BYTESWAP_EPI64)
-        }
+    unsafe fn next(&mut self) -> __m128i {
+        self.0 = _mm_add_epi32(self.0, COUNTER_1);
+        _mm_shuffle_epi8(self.0, BYTESWAP_EPI64)
     }
 }
 

graviola/src/low/x86_64/ghash.rs

@@ -112,12 +112,15 @@ impl<'a> Ghash<'a> {
     }
 
     pub(crate) fn into_bytes(self) -> [u8; 16] {
+        // SAFETY: this crate requires the `sse2` and `ssse3` cpu features
+        unsafe { self._into_bytes() }
+    }
+
+    #[target_feature(enable = "sse2,ssse3")]
+    unsafe fn _into_bytes(self) -> [u8; 16] {
         let mut out: i128 = 0;
-        // SAFETY: this crate requires the `avx` cpu feature
-        unsafe {
-            let reverse = _mm_shuffle_epi8(self.current, BYTESWAP);
-            _mm_store_si128(&mut out as *mut i128 as *mut __m128i, reverse)
-        };
+        let reverse = _mm_shuffle_epi8(self.current, BYTESWAP);
+        _mm_store_si128(&mut out as *mut i128 as *mut __m128i, reverse);
         out.to_le_bytes()
     }