Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by

meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.

While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.

Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.

i386 tests and ok jsing@

3 files changed, 13 insertions, 14 deletions

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 25199dca36..b20543a90c 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.30 2016/11/04 13:56:05 miod Exp $ */
+/* $OpenBSD: e_aes.c,v 1.31 2016/11/04 17:30:30 miod Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -150,10 +150,10 @@ void AES_xts_decrypt(const char *inp, char *out, size_t len,
         defined(_M_AMD64)       || defined(_M_X64)      || \
         defined(__INTEL__)                              )
 
-extern unsigned int OPENSSL_ia32cap_P[];
+#include "x86_arch.h"
 
 #ifdef VPAES_ASM
-#define VPAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+#define VPAES_CAPABLE   (OPENSSL_cpu_caps() & CPUCAP_MASK_SSSE3)
 #endif
 #ifdef BSAES_ASM
 #define BSAES_CAPABLE   VPAES_CAPABLE
@@ -161,7 +161,7 @@ extern unsigned int OPENSSL_ia32cap_P[];
 /*
  * AES-NI section
  */
-#define AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+#define AESNI_CAPABLE   (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI)
 
 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
     AES_KEY *key);
diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
index 8574823aed..3f82cf5967 100644
--- a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.12 2016/05/04 15:01:33 tedu Exp $ */
+/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.13 2016/11/04 17:30:30 miod Exp $ */
 /* ====================================================================
  * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
  *
@@ -87,13 +87,12 @@ typedef struct {
         defined(_M_AMD64)       || defined(_M_X64)      || \
         defined(__INTEL__)      )
 
+#include "x86_arch.h"
+
 #if defined(__GNUC__) && __GNUC__>=2
 # define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; })
 #endif
 
-extern unsigned int OPENSSL_ia32cap_P[2];
-#define AESNI_CAPABLE   (1<<(57-32))
-
 int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);
 int aesni_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);
 
@@ -578,14 +577,14 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
 const EVP_CIPHER *
 EVP_aes_128_cbc_hmac_sha1(void)
 {
-        return OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+        return (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) ?
             &aesni_128_cbc_hmac_sha1_cipher : NULL;
 }
 
 const EVP_CIPHER *
 EVP_aes_256_cbc_hmac_sha1(void)
 {
-        return OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+        return (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) ?
             &aesni_256_cbc_hmac_sha1_cipher : NULL;
 }
 #else
diff --git a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
index 1f085af403..39527cafe6 100644
--- a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
+++ b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc4_hmac_md5.c,v 1.5 2014/08/11 13:29:43 bcook Exp $ */
+/* $OpenBSD: e_rc4_hmac_md5.c,v 1.6 2016/11/04 17:30:30 miod Exp $ */
 /* ====================================================================
  * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
  *
@@ -105,6 +105,7 @@ rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey,
         defined(__INTEL__)              ) && \
         !(defined(__APPLE__) && defined(__MACH__))
 #define STITCHED_CALL
+#include "x86_arch.h"
 #endif
 
 #if !defined(STITCHED_CALL)
@@ -122,7 +123,6 @@ rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         md5_off = MD5_CBLOCK - key->md.num,
             blocks;
         unsigned int l;
-        extern unsigned int OPENSSL_ia32cap_P[];
 #endif
         size_t  plen = key->payload_length;
 
@@ -139,7 +139,7 @@ rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
                 if (plen > md5_off &&
                     (blocks = (plen - md5_off) / MD5_CBLOCK) &&
-                    (OPENSSL_ia32cap_P[0]&(1 << 20)) == 0) {
+                    (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) {
                         MD5_Update(&key->md, in, md5_off);
                         RC4(&key->ks, rc4_off, in, out);
 
@@ -187,7 +187,7 @@ rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                         rc4_off += MD5_CBLOCK;
 
                 if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) &&
-                    (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
+                    (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) {
                         RC4(&key->ks, rc4_off, in, out);
                         MD5_Update(&key->md, out, md5_off);