Use SSE2 or portable scrypt implementation according to what the CPU supports.

configure.ac

@@ -244,6 +244,7 @@ dnl Checks for headers
 
 AS_IF([test "x$EMSCRIPTEN" = "x"],[
   AC_CHECK_HEADERS([emmintrin.h], [], [], [#pragma GCC target("sse2")])
+  AC_CHECK_HEADERS([pmmintrin.h], [], [], [#pragma GCC target("sse3")])
   AC_CHECK_HEADERS([tmmintrin.h], [], [], [#pragma GCC target("ssse3")])
   AC_CHECK_HEADERS([smmintrin.h], [], [], [#pragma GCC target("sse4.1")])
   AC_CHECK_HEADERS([immintrin.h], [], [], [#pragma GCC target("avx")])

src/libsodium/crypto_pwhash/scryptxsalsa208sha256/crypto_scrypt-common.c

@@ -22,8 +22,7 @@
 #include <string.h>
 
 #include "crypto_scrypt.h"
-
-#define escrypt_kdf escrypt_kdf_nosse
+#include "runtime.h"
 
 #define BYTES2CHARS(bytes) \
         ((((bytes) * 8) + 5) / 6)
@@ -111,6 +110,7 @@ escrypt_r(escrypt_local_t * local,
     uint8_t * buf, size_t buflen)
 {
         uint8_t hash[HASH_SIZE];
+    escrypt_kdf_t escrypt_kdf;
         const uint8_t * src, * salt;
         uint8_t * dst;
         size_t prefixlen, saltlen, need;
@@ -150,9 +150,12 @@ escrypt_r(escrypt_local_t * local,
         if (need > buflen || need < saltlen)
                 return NULL;
 
+    escrypt_kdf =
+        sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
         if (escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
-	    N, r, p, hash, sizeof(hash)))
+            N, r, p, hash, sizeof(hash))) {
                 return NULL;
+    }
 
         dst = buf;
         memcpy(dst, setting, prefixlen + saltlen);
@@ -216,11 +219,14 @@ crypto_scrypt(const uint8_t * passwd, size_t passwdlen,
     const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t r, uint32_t p,
     uint8_t * buf, size_t buflen)
 {
+    escrypt_kdf_t escrypt_kdf;
         escrypt_local_t local;
         int retval;
 
         if (escrypt_init_local(&local))
                 return -1;
+    escrypt_kdf =
+        sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
         retval = escrypt_kdf(&local,
             passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen);
         if (escrypt_free_local(&local))

src/libsodium/crypto_pwhash/scryptxsalsa208sha256/crypto_scrypt.h

@@ -60,6 +60,12 @@ extern int escrypt_free_local(escrypt_local_t * __local);
 extern void *alloc_region(escrypt_region_t * region, size_t size);
 extern int free_region(escrypt_region_t * region);
 
+typedef int (*escrypt_kdf_t)(escrypt_local_t * __local,
+                             const uint8_t * __passwd, size_t __passwdlen,
+                             const uint8_t * __salt, size_t __saltlen,
+                             uint64_t __N, uint32_t __r, uint32_t __p,
+                             uint8_t * __buf, size_t __buflen);
+
 extern int escrypt_kdf_nosse(escrypt_local_t * __local,
     const uint8_t * __passwd, size_t __passwdlen,
     const uint8_t * __salt, size_t __saltlen,

src/libsodium/crypto_pwhash/scryptxsalsa208sha256/scrypt_platform.c

@@ -25,6 +25,7 @@
 #include <stdlib.h>
 
 #include "crypto_scrypt.h"
+#include "runtime.h"
 
 void *
 alloc_region(escrypt_region_t * region, size_t size)

src/libsodium/sodium/runtime.c

@@ -66,8 +66,18 @@ _sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features)
         return -1;
     }
     _cpuid(cpu_info, 0x00000001);
+
+#ifndef HAVE_EMMINTRIN_H
     cpu_features->has_sse2 = ((cpu_info[3] & CPUID_SSE2) != 0x0);
+#else
+    cpu_features->has_sse2 = 0;
+#endif
+
+#ifndef HAVE_PMMINTRIN_H
     cpu_features->has_sse3 = ((cpu_info[2] & CPUIDECX_SSE3) != 0x0);
+#else
+    cpu_features->has_sse3 = 0;
+#endif
 
     return 0;
 }