From 1a12fc8399638223feca8f853e2ac2cc22eeb471 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Fri, 4 Nov 2016 17:30:30 +0000
Subject: Replace all uses of magic numbers when operating on OPENSSL_ia32_P[]
 by meaningful constants in a private header file, so that reviewers can
 actually get a chance to figure out what the code is attempting to do without
 knowing all cpuid bits.

While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.

Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.

i386 tests and ok jsing@
---
 src/lib/libcrypto/evp/e_aes.c               |  8 ++++----
 src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c | 11 +++++------
 src/lib/libcrypto/evp/e_rc4_hmac_md5.c      |  8 ++++----
 3 files changed, 13 insertions(+), 14 deletions(-)

(limited to 'src/lib/libcrypto/evp')

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 25199dca36..b20543a90c 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.30 2016/11/04 13:56:05 miod Exp $ */
+/* $OpenBSD: e_aes.c,v 1.31 2016/11/04 17:30:30 miod Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -150,10 +150,10 @@ void AES_xts_decrypt(const char *inp, char *out, size_t len,
 	defined(_M_AMD64)	|| defined(_M_X64)	|| \
 	defined(__INTEL__)				)
 
-extern unsigned int OPENSSL_ia32cap_P[];
+#include "x86_arch.h"
 
 #ifdef VPAES_ASM
-#define VPAES_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+#define VPAES_CAPABLE	(OPENSSL_cpu_caps() & CPUCAP_MASK_SSSE3)
 #endif
 #ifdef BSAES_ASM
 #define BSAES_CAPABLE	VPAES_CAPABLE
@@ -161,7 +161,7 @@ extern unsigned int OPENSSL_ia32cap_P[];
 /*
  * AES-NI section
  */
-#define	AESNI_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+#define	AESNI_CAPABLE	(OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI)
 
 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
     AES_KEY *key);
diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
index 8574823aed..3f82cf5967 100644
--- a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.12 2016/05/04 15:01:33 tedu Exp $ */
+/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.13 2016/11/04 17:30:30 miod Exp $ */
 /* ====================================================================
  * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
  *
@@ -87,13 +87,12 @@ typedef struct {
 	defined(_M_AMD64)	|| defined(_M_X64)	|| \
 	defined(__INTEL__)	)
 
+#include "x86_arch.h"
+
 #if defined(__GNUC__) && __GNUC__>=2
 # define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; })
 #endif
 
-extern unsigned int OPENSSL_ia32cap_P[2];
-#define AESNI_CAPABLE   (1<<(57-32))
-
 int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);
 int aesni_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);
 
@@ -578,14 +577,14 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
 const EVP_CIPHER *
 EVP_aes_128_cbc_hmac_sha1(void)
 {
-	return OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+	return (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) ?
 	    &aesni_128_cbc_hmac_sha1_cipher : NULL;
 }
 
 const EVP_CIPHER *
 EVP_aes_256_cbc_hmac_sha1(void)
 {
-	return OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+	return (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) ?
 	    &aesni_256_cbc_hmac_sha1_cipher : NULL;
 }
 #else
diff --git a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
index 1f085af403..39527cafe6 100644
--- a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
+++ b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc4_hmac_md5.c,v 1.5 2014/08/11 13:29:43 bcook Exp $ */
+/* $OpenBSD: e_rc4_hmac_md5.c,v 1.6 2016/11/04 17:30:30 miod Exp $ */
 /* ====================================================================
  * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
  *
@@ -105,6 +105,7 @@ rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey,
 	defined(__INTEL__)		) && \
 	!(defined(__APPLE__) && defined(__MACH__))
 #define	STITCHED_CALL
+#include "x86_arch.h"
 #endif
 
 #if !defined(STITCHED_CALL)
@@ -122,7 +123,6 @@ rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	md5_off = MD5_CBLOCK - key->md.num,
 	    blocks;
 	unsigned int l;
-	extern unsigned int OPENSSL_ia32cap_P[];
 #endif
 	size_t	plen = key->payload_length;
 
@@ -139,7 +139,7 @@ rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 		if (plen > md5_off &&
 		    (blocks = (plen - md5_off) / MD5_CBLOCK) &&
-		    (OPENSSL_ia32cap_P[0]&(1 << 20)) == 0) {
+		    (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) {
 			MD5_Update(&key->md, in, md5_off);
 			RC4(&key->ks, rc4_off, in, out);
 
@@ -187,7 +187,7 @@ rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			rc4_off += MD5_CBLOCK;
 
 		if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) &&
-		    (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
+		    (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) {
 			RC4(&key->ks, rc4_off, in, out);
 			MD5_Update(&key->md, out, md5_off);
 
-- 
cgit v1.2.3-55-g6feb