1 /* Copyright (C) 1995-1998 Eric Young ([email protected])
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young ([email protected]).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson ([email protected]).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young ([email protected])"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson ([email protected])"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57 /* ====================================================================
58 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * [email protected].
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * ([email protected]). This product includes software written by Tim
107 * Hudson ([email protected]). */
108
109 #ifndef OPENSSL_HEADER_CRYPTO_INTERNAL_H
110 #define OPENSSL_HEADER_CRYPTO_INTERNAL_H
111
112 #include <ring-core/base.h> // Must be first.
113
114 #include "ring-core/check.h"
115
116 #if defined(__clang__)
117 // Don't require prototypes for functions defined in C that are only
118 // used from Rust.
119 #pragma GCC diagnostic ignored "-Wmissing-prototypes"
120 #endif
121
122 #if defined(__GNUC__) && \
123 (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) < 40800
124 // |alignas| and |alignof| were added in C11. GCC added support in version 4.8.
125 // Testing for __STDC_VERSION__/__cplusplus doesn't work because 4.7 already
126 // reports support for C11.
127 #define alignas(x) __attribute__ ((aligned (x)))
128 #elif defined(_MSC_VER) && !defined(__clang__)
129 #define alignas(x) __declspec(align(x))
130 #else
131 #include <stdalign.h>
132 #endif
133
134 // Some C compilers require a useless cast when dealing with arrays for the
135 // reason explained in
136 // https://gustedt.wordpress.com/2011/02/12/const-and-arrays/
137 #if defined(__clang__) || defined(_MSC_VER)
138 #define RING_CORE_POINTLESS_ARRAY_CONST_CAST(cast)
139 #else
140 #define RING_CORE_POINTLESS_ARRAY_CONST_CAST(cast) cast
141 #endif
142
143 // `uint8_t` isn't guaranteed to be 'unsigned char' and only 'char' and
144 // 'unsigned char' are allowed to alias according to ISO C.
145 typedef unsigned char aliasing_uint8_t;
146
147 #if (!defined(_MSC_VER) || defined(__clang__)) && defined(OPENSSL_64_BIT)
148 #define BORINGSSL_HAS_UINT128
149 typedef __int128_t int128_t;
150 typedef __uint128_t uint128_t;
151 #endif
152
153 // Pointer utility functions.
154
155 // buffers_alias returns one if |a| and |b| alias and zero otherwise.
buffers_alias(const void * a,size_t a_bytes,const void * b,size_t b_bytes)156 static inline int buffers_alias(const void *a, size_t a_bytes,
157 const void *b, size_t b_bytes) {
158 // Cast |a| and |b| to integers. In C, pointer comparisons between unrelated
159 // objects are undefined whereas pointer to integer conversions are merely
160 // implementation-defined. We assume the implementation defined it in a sane
161 // way.
162 uintptr_t a_u = (uintptr_t)a;
163 uintptr_t b_u = (uintptr_t)b;
164 return a_u + a_bytes > b_u && b_u + b_bytes > a_u;
165 }
166
167
168 // Constant-time utility functions.
169 //
170 // The following methods return a bitmask of all ones (0xff...f) for true and 0
171 // for false. This is useful for choosing a value based on the result of a
172 // conditional in constant time. For example,
173 //
174 // if (a < b) {
175 // c = a;
176 // } else {
177 // c = b;
178 // }
179 //
180 // can be written as
181 //
182 // crypto_word_t lt = constant_time_lt_w(a, b);
183 // c = constant_time_select_w(lt, a, b);
184
185 #if defined(__GNUC__) || defined(__clang__)
186 #pragma GCC diagnostic push
187 #pragma GCC diagnostic ignored "-Wconversion"
188 #endif
189 #if defined(_MSC_VER) && !defined(__clang__)
190 #pragma warning(push)
191 // '=': conversion from 'crypto_word_t' to 'uint8_t', possible loss of data
192 #pragma warning(disable: 4242)
193 // 'initializing': conversion from 'crypto_word_t' to 'uint8_t', ...
194 #pragma warning(disable: 4244)
195 #endif
196
197 // crypto_word_t is the type that most constant-time functions use. Ideally we
198 // would like it to be |size_t|, but NaCl builds in 64-bit mode with 32-bit
199 // pointers, which means that |size_t| can be 32 bits when |BN_ULONG| is 64
200 // bits. Since we want to be able to do constant-time operations on a
201 // |BN_ULONG|, |crypto_word_t| is defined as an unsigned value with the native
202 // word length.
203 #if defined(OPENSSL_64_BIT)
204 typedef uint64_t crypto_word_t;
205 #define CRYPTO_WORD_BITS (64u)
206 #elif defined(OPENSSL_32_BIT)
207 typedef uint32_t crypto_word_t;
208 #define CRYPTO_WORD_BITS (32u)
209 #else
210 #error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT"
211 #endif
212
213 #define CONSTTIME_TRUE_W ~((crypto_word_t)0)
214 #define CONSTTIME_FALSE_W ((crypto_word_t)0)
215
216 // value_barrier_w returns |a|, but prevents GCC and Clang from reasoning about
217 // the returned value. This is used to mitigate compilers undoing constant-time
218 // code, until we can express our requirements directly in the language.
219 //
220 // Note the compiler is aware that |value_barrier_w| has no side effects and
221 // always has the same output for a given input. This allows it to eliminate
222 // dead code, move computations across loops, and vectorize.
value_barrier_w(crypto_word_t a)223 static inline crypto_word_t value_barrier_w(crypto_word_t a) {
224 #if defined(__GNUC__) || defined(__clang__)
225 __asm__("" : "+r"(a) : /* no inputs */);
226 #endif
227 return a;
228 }
229
230 // |value_barrier_u8| could be defined as above, but compilers other than
231 // clang seem to still materialize 0x00..00MM instead of reusing 0x??..??MM.
232
233 // constant_time_msb_w returns the given value with the MSB copied to all the
234 // other bits.
constant_time_msb_w(crypto_word_t a)235 static inline crypto_word_t constant_time_msb_w(crypto_word_t a) {
236 return 0u - (a >> (sizeof(a) * 8 - 1));
237 }
238
239 // constant_time_is_zero returns 0xff..f if a == 0 and 0 otherwise.
constant_time_is_zero_w(crypto_word_t a)240 static inline crypto_word_t constant_time_is_zero_w(crypto_word_t a) {
241 // Here is an SMT-LIB verification of this formula:
242 //
243 // (define-fun is_zero ((a (_ BitVec 32))) (_ BitVec 32)
244 // (bvand (bvnot a) (bvsub a #x00000001))
245 // )
246 //
247 // (declare-fun a () (_ BitVec 32))
248 //
249 // (assert (not (= (= #x00000001 (bvlshr (is_zero a) #x0000001f)) (= a #x00000000))))
250 // (check-sat)
251 // (get-model)
252 return constant_time_msb_w(~a & (a - 1));
253 }
254
constant_time_is_nonzero_w(crypto_word_t a)255 static inline crypto_word_t constant_time_is_nonzero_w(crypto_word_t a) {
256 return ~constant_time_is_zero_w(a);
257 }
258
259 // constant_time_eq_w returns 0xff..f if a == b and 0 otherwise.
constant_time_eq_w(crypto_word_t a,crypto_word_t b)260 static inline crypto_word_t constant_time_eq_w(crypto_word_t a,
261 crypto_word_t b) {
262 return constant_time_is_zero_w(a ^ b);
263 }
264
265 // constant_time_select_w returns (mask & a) | (~mask & b). When |mask| is all
266 // 1s or all 0s (as returned by the methods above), the select methods return
267 // either |a| (if |mask| is nonzero) or |b| (if |mask| is zero).
constant_time_select_w(crypto_word_t mask,crypto_word_t a,crypto_word_t b)268 static inline crypto_word_t constant_time_select_w(crypto_word_t mask,
269 crypto_word_t a,
270 crypto_word_t b) {
271 // Clang recognizes this pattern as a select. While it usually transforms it
272 // to a cmov, it sometimes further transforms it into a branch, which we do
273 // not want.
274 //
275 // Hiding the value of the mask from the compiler evades this transformation.
276 mask = value_barrier_w(mask);
277 return (mask & a) | (~mask & b);
278 }
279
280 // constant_time_select_8 acts like |constant_time_select| but operates on
281 // 8-bit values.
constant_time_select_8(crypto_word_t mask,uint8_t a,uint8_t b)282 static inline uint8_t constant_time_select_8(crypto_word_t mask, uint8_t a,
283 uint8_t b) {
284 // |mask| is a word instead of |uint8_t| to avoid materializing 0x000..0MM
285 // Making both |mask| and its value barrier |uint8_t| would allow the compiler
286 // to materialize 0x????..?MM instead, but only clang is that clever.
287 // However, vectorization of bitwise operations seems to work better on
288 // |uint8_t| than a mix of |uint64_t| and |uint8_t|, so |m| is cast to
289 // |uint8_t| after the value barrier but before the bitwise operations.
290 uint8_t m = value_barrier_w(mask);
291 return (m & a) | (~m & b);
292 }
293
294 // constant_time_conditional_memcpy copies |n| bytes from |src| to |dst| if
295 // |mask| is 0xff..ff and does nothing if |mask| is 0. The |n|-byte memory
296 // ranges at |dst| and |src| must not overlap, as when calling |memcpy|.
constant_time_conditional_memcpy(void * dst,const void * src,const size_t n,const crypto_word_t mask)297 static inline void constant_time_conditional_memcpy(void *dst, const void *src,
298 const size_t n,
299 const crypto_word_t mask) {
300 debug_assert_nonsecret(!buffers_alias(dst, n, src, n));
301 uint8_t *out = (uint8_t *)dst;
302 const uint8_t *in = (const uint8_t *)src;
303 for (size_t i = 0; i < n; i++) {
304 out[i] = constant_time_select_8(mask, in[i], out[i]);
305 }
306 }
307
308 // constant_time_conditional_memxor xors |n| bytes from |src| to |dst| if
309 // |mask| is 0xff..ff and does nothing if |mask| is 0. The |n|-byte memory
310 // ranges at |dst| and |src| must not overlap, as when calling |memcpy|.
constant_time_conditional_memxor(void * dst,const void * src,const size_t n,const crypto_word_t mask)311 static inline void constant_time_conditional_memxor(void *dst, const void *src,
312 const size_t n,
313 const crypto_word_t mask) {
314 debug_assert_nonsecret(!buffers_alias(dst, n, src, n));
315 aliasing_uint8_t *out = dst;
316 const aliasing_uint8_t *in = src;
317 for (size_t i = 0; i < n; i++) {
318 out[i] ^= value_barrier_w(mask) & in[i];
319 }
320 }
321
322 #if defined(_MSC_VER) && !defined(__clang__)
323 // '=': conversion from 'int64_t' to 'int32_t', possible loss of data
324 #pragma warning(pop)
325 #endif
326 #if defined(__GNUC__) || defined(__clang__)
327 #pragma GCC diagnostic pop
328 #endif
329
330 #if defined(BORINGSSL_CONSTANT_TIME_VALIDATION)
331
332 // CONSTTIME_SECRET takes a pointer and a number of bytes and marks that region
333 // of memory as secret. Secret data is tracked as it flows to registers and
334 // other parts of a memory. If secret data is used as a condition for a branch,
335 // or as a memory index, it will trigger warnings in valgrind.
336 #define CONSTTIME_SECRET(ptr, len) VALGRIND_MAKE_MEM_UNDEFINED(ptr, len)
337
338 // CONSTTIME_DECLASSIFY takes a pointer and a number of bytes and marks that
339 // region of memory as public. Public data is not subject to constant-time
340 // rules.
341 #define CONSTTIME_DECLASSIFY(ptr, len) VALGRIND_MAKE_MEM_DEFINED(ptr, len)
342
343 #else
344
345 #define CONSTTIME_SECRET(ptr, len)
346 #define CONSTTIME_DECLASSIFY(ptr, len)
347
348 #endif // BORINGSSL_CONSTANT_TIME_VALIDATION
349
constant_time_declassify_w(crypto_word_t v)350 static inline crypto_word_t constant_time_declassify_w(crypto_word_t v) {
351 // Return |v| through a value barrier to be safe. Valgrind-based constant-time
352 // validation is partly to check the compiler has not undone any constant-time
353 // work. Any place |BORINGSSL_CONSTANT_TIME_VALIDATION| influences
354 // optimizations, this validation is inaccurate.
355 //
356 // However, by sending pointers through valgrind, we likely inhibit escape
357 // analysis. On local variables, particularly booleans, we likely
358 // significantly impact optimizations.
359 //
360 // Thus, to be safe, stick a value barrier, in hopes of comparably inhibiting
361 // compiler analysis.
362 CONSTTIME_DECLASSIFY(&v, sizeof(v));
363 return value_barrier_w(v);
364 }
365
366 // Endianness conversions.
367
368 #if defined(__GNUC__) && __GNUC__ >= 2
CRYPTO_bswap4(uint32_t x)369 static inline uint32_t CRYPTO_bswap4(uint32_t x) {
370 return __builtin_bswap32(x);
371 }
372
CRYPTO_bswap8(uint64_t x)373 static inline uint64_t CRYPTO_bswap8(uint64_t x) {
374 return __builtin_bswap64(x);
375 }
376 #elif defined(_MSC_VER)
377 #pragma warning(push, 3)
378 #include <stdlib.h>
379 #pragma warning(pop)
380 #pragma intrinsic(_byteswap_uint64, _byteswap_ulong)
CRYPTO_bswap4(uint32_t x)381 static inline uint32_t CRYPTO_bswap4(uint32_t x) {
382 return _byteswap_ulong(x);
383 }
384
CRYPTO_bswap8(uint64_t x)385 static inline uint64_t CRYPTO_bswap8(uint64_t x) {
386 return _byteswap_uint64(x);
387 }
388 #endif
389
390 #if !defined(RING_CORE_NOSTDLIBINC)
391 #include <string.h>
392 #endif
393
OPENSSL_memcpy(void * dst,const void * src,size_t n)394 static inline void *OPENSSL_memcpy(void *dst, const void *src, size_t n) {
395 #if !defined(RING_CORE_NOSTDLIBINC)
396 if (n == 0) {
397 return dst;
398 }
399 return memcpy(dst, src, n);
400 #else
401 aliasing_uint8_t *d = dst;
402 const aliasing_uint8_t *s = src;
403 for (size_t i = 0; i < n; ++i) {
404 d[i] = s[i];
405 }
406 return dst;
407 #endif
408 }
409
OPENSSL_memset(void * dst,int c,size_t n)410 static inline void *OPENSSL_memset(void *dst, int c, size_t n) {
411 #if !defined(RING_CORE_NOSTDLIBINC)
412 if (n == 0) {
413 return dst;
414 }
415 return memset(dst, c, n);
416 #else
417 aliasing_uint8_t *d = dst;
418 for (size_t i = 0; i < n; ++i) {
419 d[i] = (aliasing_uint8_t)c;
420 }
421 return dst;
422 #endif
423 }
424
425
426 // Loads and stores.
427 //
428 // The following functions load and store sized integers with the specified
429 // endianness. They use |memcpy|, and so avoid alignment or strict aliasing
430 // requirements on the input and output pointers.
431
432 #if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
433 #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
434 #define RING_BIG_ENDIAN
435 #endif
436 #endif
437
CRYPTO_load_u32_le(const void * in)438 static inline uint32_t CRYPTO_load_u32_le(const void *in) {
439 uint32_t v;
440 OPENSSL_memcpy(&v, in, sizeof(v));
441 #if defined(RING_BIG_ENDIAN)
442 return CRYPTO_bswap4(v);
443 #else
444 return v;
445 #endif
446 }
447
CRYPTO_store_u32_le(void * out,uint32_t v)448 static inline void CRYPTO_store_u32_le(void *out, uint32_t v) {
449 #if defined(RING_BIG_ENDIAN)
450 v = CRYPTO_bswap4(v);
451 #endif
452 OPENSSL_memcpy(out, &v, sizeof(v));
453 }
454
CRYPTO_load_u32_be(const void * in)455 static inline uint32_t CRYPTO_load_u32_be(const void *in) {
456 uint32_t v;
457 OPENSSL_memcpy(&v, in, sizeof(v));
458 #if !defined(RING_BIG_ENDIAN)
459 return CRYPTO_bswap4(v);
460 #else
461 return v;
462 #endif
463 }
464
CRYPTO_store_u32_be(void * out,uint32_t v)465 static inline void CRYPTO_store_u32_be(void *out, uint32_t v) {
466 #if !defined(RING_BIG_ENDIAN)
467 v = CRYPTO_bswap4(v);
468 #endif
469 OPENSSL_memcpy(out, &v, sizeof(v));
470 }
471
CRYPTO_load_u64_le(const void * in)472 static inline uint64_t CRYPTO_load_u64_le(const void *in) {
473 uint64_t v;
474 OPENSSL_memcpy(&v, in, sizeof(v));
475 #if defined(RING_BIG_ENDIAN)
476 return CRYPTO_bswap8(v);
477 #else
478 return v;
479 #endif
480 }
481
CRYPTO_store_u64_le(void * out,uint64_t v)482 static inline void CRYPTO_store_u64_le(void *out, uint64_t v) {
483 #if defined(RING_BIG_ENDIAN)
484 v = CRYPTO_bswap8(v);
485 #endif
486 OPENSSL_memcpy(out, &v, sizeof(v));
487 }
488
CRYPTO_load_u64_be(const void * ptr)489 static inline uint64_t CRYPTO_load_u64_be(const void *ptr) {
490 uint64_t ret;
491 OPENSSL_memcpy(&ret, ptr, sizeof(ret));
492 #if !defined(RING_BIG_ENDIAN)
493 return CRYPTO_bswap8(ret);
494 #else
495 return ret;
496 #endif
497 }
498
CRYPTO_store_u64_be(void * out,uint64_t v)499 static inline void CRYPTO_store_u64_be(void *out, uint64_t v) {
500 #if !defined(RING_BIG_ENDIAN)
501 v = CRYPTO_bswap8(v);
502 #endif
503 OPENSSL_memcpy(out, &v, sizeof(v));
504 }
505
506
507 // Runtime CPU feature support
508
509 #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
510 // OPENSSL_ia32cap_P contains the Intel CPUID bits when running on an x86 or
511 // x86-64 system.
512 //
513 // Index 0:
514 // EDX for CPUID where EAX = 1
515 // Bit 20 is always zero
516 // Bit 28 is adjusted to reflect whether the data cache is shared between
517 // multiple logical cores
518 // Bit 30 is used to indicate an Intel CPU
519 // Index 1:
520 // ECX for CPUID where EAX = 1
521 // Bit 11 is used to indicate AMD XOP support, not SDBG
522 // Index 2:
523 // EBX for CPUID where EAX = 7
524 // Index 3:
525 // ECX for CPUID where EAX = 7
526 //
527 // Note: the CPUID bits are pre-adjusted for the OSXSAVE bit and the YMM and XMM
528 // bits in XCR0, so it is not necessary to check those.
529 extern uint32_t OPENSSL_ia32cap_P[4];
530 #endif
531
532 #endif // OPENSSL_HEADER_CRYPTO_INTERNAL_H
533