Remove .init section that calls OPENSSL_cpuid_setup on amd64.

OPENSSL_cpuid_setup() is already called from OPENSSL_crypto_init(), hence
we do not need or want automatic initialisation on library load.

ok tb@

Replace uses of endbr64 with _CET_ENDBR from cet.h

cet.h is needed for other platforms to emit the relevant .gnu.properties
sections that are necessary for them to enable IBT. It also avoids issues
with older toolchains on macOS that explode on encountering endbr64.

based on a diff by kettenis
ok beck kettenis

Add endbr64 where needed by inspection. Passes regresson tests.
ok jsing, and kind of tb an earlier version

A refactoring back in 2016 in which magic numbers where extracted into
named constants accidentally dropped an instruction causing detection of
eXtended operations (XOP) on AMD hardware to break.

ok miod@ tb@

Remove non-visible and unused OPENSSL_wipe_cpu and OPENSSL_atomic_add
interfaces, and remove empty assembly OPENSSL_cpuid_setup routines - the
default empty C fallback will work as good.

ok jsing@

Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.

While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.

Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.

i386 tests and ok jsing@

A few months back there was a big community fuss regarding direct-use
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.

Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.

Send this support straight to the abyss.
ok kettenis

repair missing semicolon. from Ian Mcwilliam

Don't bother generating win64 assembly prologue.

Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function.

Ok, there was a need for OPENSSL_cleanse() instead of bzero() to prevent
supposedly smart compilers from optimizing memory cleanups away. Understood.

Ok, in case of an hypothetically super smart compiler, OPENSSL_cleanse() had
to be convoluted enough for the compiler not to recognize that this was
actually bzero() in disguise. Understood.

But then why there had been optimized assembler versions of OPENSSL_cleanse()
is beyond me. Did someone not trust the C obfuscation?

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

On amd64 OPENSSL_cpuid_setup and OPENSSL_ia32cap_P are now hidden so we don't
have to go through the PLT/GOT to get at them anymore. In fact going through
the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P.

Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@
who did most of the actual work of tracking down the issue.

ok millert@, mikeb@

resolve conflicts

resolve conflicts, fix local changes

fix some cause of bad TEXTREL on i386 and amd64
- global function calls in .init sections (diff makes them via PLT)
- calls to global functions in aes-586.S (made static or local)
- global variable accesses in rc4-x86_64.S (now made via GOT)
from djm@large; ok miod@

branches: 1.1.1;
Initial revision

Replace uses of endbr64 with _CET_ENDBR from cet.h

cet.h is needed for other platforms to emit the relevant .gnu.properties
sections that are necessary for them to enable IBT. It also avoids issues
with older toolchains on macOS that explode on encountering endbr64.

based on a diff by kettenis
ok beck kettenis

Add endbr64 where needed by inspection. Passes regresson tests.
ok jsing, and kind of tb an earlier version

A refactoring back in 2016 in which magic numbers where extracted into
named constants accidentally dropped an instruction causing detection of
eXtended operations (XOP) on AMD hardware to break.

ok miod@ tb@

Remove non-visible and unused OPENSSL_wipe_cpu and OPENSSL_atomic_add
interfaces, and remove empty assembly OPENSSL_cpuid_setup routines - the
default empty C fallback will work as good.

ok jsing@

Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.

While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.

Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.

i386 tests and ok jsing@

A few months back there was a big community fuss regarding direct-use
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.

Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.

Send this support straight to the abyss.
ok kettenis

repair missing semicolon. from Ian Mcwilliam

Don't bother generating win64 assembly prologue.

Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function.

Ok, there was a need for OPENSSL_cleanse() instead of bzero() to prevent
supposedly smart compilers from optimizing memory cleanups away. Understood.

Ok, in case of an hypothetically super smart compiler, OPENSSL_cleanse() had
to be convoluted enough for the compiler not to recognize that this was
actually bzero() in disguise. Understood.

But then why there had been optimized assembler versions of OPENSSL_cleanse()
is beyond me. Did someone not trust the C obfuscation?

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

On amd64 OPENSSL_cpuid_setup and OPENSSL_ia32cap_P are now hidden so we don't
have to go through the PLT/GOT to get at them anymore. In fact going through
the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P.

Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@
who did most of the actual work of tracking down the issue.

ok millert@, mikeb@

resolve conflicts

resolve conflicts, fix local changes

fix some cause of bad TEXTREL on i386 and amd64
- global function calls in .init sections (diff makes them via PLT)
- calls to global functions in aes-586.S (made static or local)
- global variable accesses in rc4-x86_64.S (now made via GOT)
from djm@large; ok miod@

branches: 1.1.1;
Initial revision

Add endbr64 where needed by inspection. Passes regresson tests.
ok jsing, and kind of tb an earlier version

A refactoring back in 2016 in which magic numbers where extracted into
named constants accidentally dropped an instruction causing detection of
eXtended operations (XOP) on AMD hardware to break.

ok miod@ tb@

Remove non-visible and unused OPENSSL_wipe_cpu and OPENSSL_atomic_add
interfaces, and remove empty assembly OPENSSL_cpuid_setup routines - the
default empty C fallback will work as good.

ok jsing@

Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.

While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.

Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.

i386 tests and ok jsing@

A few months back there was a big community fuss regarding direct-use
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.

Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.

Send this support straight to the abyss.
ok kettenis

repair missing semicolon. from Ian Mcwilliam

Don't bother generating win64 assembly prologue.

Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function.

Ok, there was a need for OPENSSL_cleanse() instead of bzero() to prevent
supposedly smart compilers from optimizing memory cleanups away. Understood.

Ok, in case of an hypothetically super smart compiler, OPENSSL_cleanse() had
to be convoluted enough for the compiler not to recognize that this was
actually bzero() in disguise. Understood.

But then why there had been optimized assembler versions of OPENSSL_cleanse()
is beyond me. Did someone not trust the C obfuscation?

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

On amd64 OPENSSL_cpuid_setup and OPENSSL_ia32cap_P are now hidden so we don't
have to go through the PLT/GOT to get at them anymore. In fact going through
the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P.

Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@
who did most of the actual work of tracking down the issue.

ok millert@, mikeb@

resolve conflicts

resolve conflicts, fix local changes

fix some cause of bad TEXTREL on i386 and amd64
- global function calls in .init sections (diff makes them via PLT)
- calls to global functions in aes-586.S (made static or local)
- global variable accesses in rc4-x86_64.S (now made via GOT)
from djm@large; ok miod@

branches: 1.1.1;
Initial revision

A refactoring back in 2016 in which magic numbers where extracted into
named constants accidentally dropped an instruction causing detection of
eXtended operations (XOP) on AMD hardware to break.

ok miod@ tb@

Remove non-visible and unused OPENSSL_wipe_cpu and OPENSSL_atomic_add
interfaces, and remove empty assembly OPENSSL_cpuid_setup routines - the
default empty C fallback will work as good.

ok jsing@

Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.

While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.

Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.

i386 tests and ok jsing@

A few months back there was a big community fuss regarding direct-use
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.

Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.

Send this support straight to the abyss.
ok kettenis

repair missing semicolon. from Ian Mcwilliam

Don't bother generating win64 assembly prologue.

Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function.

Ok, there was a need for OPENSSL_cleanse() instead of bzero() to prevent
supposedly smart compilers from optimizing memory cleanups away. Understood.

Ok, in case of an hypothetically super smart compiler, OPENSSL_cleanse() had
to be convoluted enough for the compiler not to recognize that this was
actually bzero() in disguise. Understood.

But then why there had been optimized assembler versions of OPENSSL_cleanse()
is beyond me. Did someone not trust the C obfuscation?

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

On amd64 OPENSSL_cpuid_setup and OPENSSL_ia32cap_P are now hidden so we don't
have to go through the PLT/GOT to get at them anymore. In fact going through
the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P.

Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@
who did most of the actual work of tracking down the issue.

ok millert@, mikeb@

resolve conflicts

resolve conflicts, fix local changes

fix some cause of bad TEXTREL on i386 and amd64
- global function calls in .init sections (diff makes them via PLT)
- calls to global functions in aes-586.S (made static or local)
- global variable accesses in rc4-x86_64.S (now made via GOT)
from djm@large; ok miod@

branches: 1.1.1;
Initial revision

Remove non-visible and unused OPENSSL_wipe_cpu and OPENSSL_atomic_add
interfaces, and remove empty assembly OPENSSL_cpuid_setup routines - the
default empty C fallback will work as good.

ok jsing@

Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.

While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.

Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.

i386 tests and ok jsing@

A few months back there was a big community fuss regarding direct-use
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.

Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.

Send this support straight to the abyss.
ok kettenis

repair missing semicolon. from Ian Mcwilliam

Don't bother generating win64 assembly prologue.

Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function.

Ok, there was a need for OPENSSL_cleanse() instead of bzero() to prevent
supposedly smart compilers from optimizing memory cleanups away. Understood.

Ok, in case of an hypothetically super smart compiler, OPENSSL_cleanse() had
to be convoluted enough for the compiler not to recognize that this was
actually bzero() in disguise. Understood.

But then why there had been optimized assembler versions of OPENSSL_cleanse()
is beyond me. Did someone not trust the C obfuscation?

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

On amd64 OPENSSL_cpuid_setup and OPENSSL_ia32cap_P are now hidden so we don't
have to go through the PLT/GOT to get at them anymore. In fact going through
the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P.

Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@
who did most of the actual work of tracking down the issue.

ok millert@, mikeb@

resolve conflicts

resolve conflicts, fix local changes

fix some cause of bad TEXTREL on i386 and amd64
- global function calls in .init sections (diff makes them via PLT)
- calls to global functions in aes-586.S (made static or local)
- global variable accesses in rc4-x86_64.S (now made via GOT)
from djm@large; ok miod@

branches: 1.1.1;
Initial revision

Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.

While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.

Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.

i386 tests and ok jsing@

A few months back there was a big community fuss regarding direct-use
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.

Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.

Send this support straight to the abyss.
ok kettenis

repair missing semicolon. from Ian Mcwilliam

Don't bother generating win64 assembly prologue.

Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function.

Ok, there was a need for OPENSSL_cleanse() instead of bzero() to prevent
supposedly smart compilers from optimizing memory cleanups away. Understood.

Ok, in case of an hypothetically super smart compiler, OPENSSL_cleanse() had
to be convoluted enough for the compiler not to recognize that this was
actually bzero() in disguise. Understood.

But then why there had been optimized assembler versions of OPENSSL_cleanse()
is beyond me. Did someone not trust the C obfuscation?

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

On amd64 OPENSSL_cpuid_setup and OPENSSL_ia32cap_P are now hidden so we don't
have to go through the PLT/GOT to get at them anymore. In fact going through
the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P.

Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@
who did most of the actual work of tracking down the issue.

ok millert@, mikeb@

resolve conflicts

resolve conflicts, fix local changes

fix some cause of bad TEXTREL on i386 and amd64
- global function calls in .init sections (diff makes them via PLT)
- calls to global functions in aes-586.S (made static or local)
- global variable accesses in rc4-x86_64.S (now made via GOT)
from djm@large; ok miod@

branches: 1.1.1;
Initial revision