grpc 1.9.1 → 1.10.0.pre1

data/third_party/boringssl/crypto/cmac/cmac.c

@@ -60,13 +60,13 @@
 
 struct cmac_ctx_st {
   EVP_CIPHER_CTX cipher_ctx;
-  /* k1 and k2 are the CMAC subkeys. See
-   * https://tools.ietf.org/html/rfc4493#section-2.3 */
+  // k1 and k2 are the CMAC subkeys. See
+  // https://tools.ietf.org/html/rfc4493#section-2.3
   uint8_t k1[AES_BLOCK_SIZE];
   uint8_t k2[AES_BLOCK_SIZE];
-  /* Last (possibly partial) scratch */
+  // Last (possibly partial) scratch
   uint8_t block[AES_BLOCK_SIZE];
-  /* block_used contains the number of valid bytes in |block|. */
+  // block_used contains the number of valid bytes in |block|.
   unsigned block_used;
 };
 
@@ -124,20 +124,20 @@ void CMAC_CTX_free(CMAC_CTX *ctx) {
   OPENSSL_free(ctx);
 }
 
-/* binary_field_mul_x treats the 128 bits at |in| as an element of GF(2¹²⁸)
- * with a hard-coded reduction polynomial and sets |out| as x times the
- * input.
- *
- * See https://tools.ietf.org/html/rfc4493#section-2.3 */
+// binary_field_mul_x treats the 128 bits at |in| as an element of GF(2¹²⁸)
+// with a hard-coded reduction polynomial and sets |out| as x times the
+// input.
+//
+// See https://tools.ietf.org/html/rfc4493#section-2.3
 static void binary_field_mul_x(uint8_t out[16], const uint8_t in[16]) {
   unsigned i;
 
-  /* Shift |in| to left, including carry. */
+  // Shift |in| to left, including carry.
   for (i = 0; i < 15; i++) {
     out[i] = (in[i] << 1) | (in[i+1] >> 7);
   }
 
-  /* If MSB set fixup with R. */
+  // If MSB set fixup with R.
   const uint8_t carry = in[0] >> 7;
   out[i] = (in[i] << 1) ^ ((0 - carry) & 0x87);
 }
@@ -152,7 +152,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len,
       EVP_CIPHER_key_length(cipher) != key_len ||
       !EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, NULL, key, kZeroIV) ||
       !EVP_Cipher(&ctx->cipher_ctx, scratch, kZeroIV, AES_BLOCK_SIZE) ||
-      /* Reset context again ready for first data. */
+      // Reset context again ready for first data.
       !EVP_EncryptInit_ex(&ctx->cipher_ctx, NULL, NULL, NULL, kZeroIV)) {
     return 0;
   }
@@ -183,11 +183,11 @@ int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) {
     in_len -= todo;
     ctx->block_used += todo;
 
-    /* If |in_len| is zero then either |ctx->block_used| is less than
-     * |AES_BLOCK_SIZE|, in which case we can stop here, or |ctx->block_used|
-     * is exactly |AES_BLOCK_SIZE| but there's no more data to process. In the
-     * latter case we don't want to process this block now because it might be
-     * the last block and that block is treated specially. */
+    // If |in_len| is zero then either |ctx->block_used| is less than
+    // |AES_BLOCK_SIZE|, in which case we can stop here, or |ctx->block_used|
+    // is exactly |AES_BLOCK_SIZE| but there's no more data to process. In the
+    // latter case we don't want to process this block now because it might be
+    // the last block and that block is treated specially.
     if (in_len == 0) {
       return 1;
     }
@@ -199,7 +199,7 @@ int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) {
     }
   }
 
-  /* Encrypt all but one of the remaining blocks. */
+  // Encrypt all but one of the remaining blocks.
   while (in_len > AES_BLOCK_SIZE) {
     if (!EVP_Cipher(&ctx->cipher_ctx, scratch, in, AES_BLOCK_SIZE)) {
       return 0;
@@ -223,8 +223,8 @@ int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len) {
   const uint8_t *mask = ctx->k1;
 
   if (ctx->block_used != AES_BLOCK_SIZE) {
-    /* If the last block is incomplete, terminate it with a single 'one' bit
-     * followed by zeros. */
+    // If the last block is incomplete, terminate it with a single 'one' bit
+    // followed by zeros.
     ctx->block[ctx->block_used] = 0x80;
     OPENSSL_memset(ctx->block + ctx->block_used + 1, 0,
                    AES_BLOCK_SIZE - (ctx->block_used + 1));

data/third_party/boringssl/crypto/conf/conf.c

@@ -69,6 +69,10 @@
 #include "../internal.h"
 
 
+// The maximum length we can grow a value to after variable expansion. 64k
+// should be more than enough for all reasonable uses.
+#define MAX_CONF_VALUE_LENGTH 65536
+
 static uint32_t conf_value_hash(const CONF_VALUE *v) {
   return (lh_strhash(v->section) << 2) ^ lh_strhash(v->name);
 }
@@ -259,7 +263,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) {
     } else if (IS_EOF(conf, *from)) {
       break;
     } else if (*from == '$') {
-      /* try to expand it */
+      // try to expand it
       rrp = NULL;
       s = &(from[1]);
       if (*s == '{') {
@@ -299,14 +303,14 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) {
         }
         e++;
       }
-      /* So at this point we have
-       * np which is the start of the name string which is
-       *   '\0' terminated.
-       * cp which is the start of the section string which is
-       *   '\0' terminated.
-       * e is the 'next point after'.
-       * r and rr are the chars replaced by the '\0'
-       * rp and rrp is where 'r' and 'rr' came from. */
+      // So at this point we have
+      // np which is the start of the name string which is
+      //   '\0' terminated.
+      // cp which is the start of the section string which is
+      //   '\0' terminated.
+      // e is the 'next point after'.
+      // r and rr are the chars replaced by the '\0'
+      // rp and rrp is where 'r' and 'rr' came from.
       p = NCONF_get_string(conf, cp, np);
       if (rrp != NULL) {
         *rrp = rr;
@@ -316,7 +320,15 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) {
         OPENSSL_PUT_ERROR(CONF, CONF_R_VARIABLE_HAS_NO_VALUE);
         goto err;
       }
-      BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from)));
+      size_t newsize = strlen(p) + buf->length - (e - from);
+      if (newsize > MAX_CONF_VALUE_LENGTH) {
+        OPENSSL_PUT_ERROR(CONF, CONF_R_VARIABLE_EXPANSION_TOO_LONG);
+        goto err;
+      }
+      if (!BUF_MEM_grow_clean(buf, newsize)) {
+        OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
       while (*p) {
         buf->data[to++] = *(p++);
       }
@@ -554,25 +566,25 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) {
         i--;
       }
     }
-    /* we removed some trailing stuff so there is a new
-     * line on the end. */
+    // we removed some trailing stuff so there is a new
+    // line on the end.
     if (ii && i == ii) {
-      again = 1; /* long line */
+      again = 1;  // long line
     } else {
       p[i] = '\0';
-      eline++; /* another input line */
+      eline++;  // another input line
     }
 
-    /* we now have a line with trailing \r\n removed */
+    // we now have a line with trailing \r\n removed
 
-    /* i is the number of bytes */
+    // i is the number of bytes
     bufnum += i;
 
     v = NULL;
-    /* check for line continuation */
+    // check for line continuation
     if (bufnum >= 1) {
-      /* If we have bytes and the last char '\\' and
-       * second last char is not '\\' */
+      // If we have bytes and the last char '\\' and
+      // second last char is not '\\'
       p = &(buff->data[bufnum - 1]);
       if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {
         bufnum--;
@@ -588,7 +600,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) {
     clear_comments(conf, buf);
     s = eat_ws(conf, buf);
     if (IS_EOF(conf, *s)) {
-      continue; /* blank line */
+      continue;  // blank line
     }
     if (*s == '[') {
       char *ss;

data/third_party/boringssl/crypto/conf/internal.h

@@ -20,12 +20,12 @@ extern "C" {
 #endif
 
 
-/* CONF_VALUE_new returns a freshly allocated and zeroed |CONF_VALUE|. */
+// CONF_VALUE_new returns a freshly allocated and zeroed |CONF_VALUE|.
 CONF_VALUE *CONF_VALUE_new(void);
 
 
 #if defined(__cplusplus)
-}  /* extern C */
+}  // extern C
 #endif
 
-#endif  /* OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H */
+#endif  // OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H

data/third_party/boringssl/crypto/cpu-aarch64-linux.c

@@ -28,8 +28,8 @@ extern uint32_t OPENSSL_armcap_P;
 void OPENSSL_cpuid_setup(void) {
   unsigned long hwcap = getauxval(AT_HWCAP);
 
-  /* See /usr/include/asm/hwcap.h on an aarch64 installation for the source of
-   * these values. */
+  // See /usr/include/asm/hwcap.h on an aarch64 installation for the source of
+  // these values.
   static const unsigned long kNEON = 1 << 1;
   static const unsigned long kAES = 1 << 3;
   static const unsigned long kPMULL = 1 << 4;
@@ -37,8 +37,8 @@ void OPENSSL_cpuid_setup(void) {
   static const unsigned long kSHA256 = 1 << 6;
 
   if ((hwcap & kNEON) == 0) {
-    /* Matching OpenSSL, if NEON is missing, don't report other features
-     * either. */
+    // Matching OpenSSL, if NEON is missing, don't report other features
+    // either.
     return;
   }
 
@@ -58,4 +58,4 @@ void OPENSSL_cpuid_setup(void) {
   }
 }
 
-#endif /* OPENSSL_AARCH64 && !OPENSSL_STATIC_ARMCAP */
+#endif  // OPENSSL_AARCH64 && !OPENSSL_STATIC_ARMCAP

data/third_party/boringssl/crypto/cpu-arm-linux.c

@@ -34,15 +34,15 @@
 
 #define HWCAP_NEON (1 << 12)
 
-/* See /usr/include/asm/hwcap.h on an ARM installation for the source of
- * these values. */
+// See /usr/include/asm/hwcap.h on an ARM installation for the source of
+// these values.
 #define HWCAP2_AES (1 << 0)
 #define HWCAP2_PMULL (1 << 1)
 #define HWCAP2_SHA1 (1 << 2)
 #define HWCAP2_SHA2 (1 << 3)
 
-/* |getauxval| is not available on Android until API level 20. Link it as a weak
- * symbol and use other methods as fallback. */
+// |getauxval| is not available on Android until API level 20. Link it as a weak
+// symbol and use other methods as fallback.
 unsigned long getauxval(unsigned long type) __attribute__((weak));
 
 static int open_eintr(const char *path, int flags) {
@@ -61,8 +61,8 @@ static ssize_t read_eintr(int fd, void *out, size_t len) {
   return ret;
 }
 
-/* read_full reads exactly |len| bytes from |fd| to |out|. On error or end of
- * file, it returns zero. */
+// read_full reads exactly |len| bytes from |fd| to |out|. On error or end of
+// file, it returns zero.
 static int read_full(int fd, void *out, size_t len) {
   char *outp = out;
   while (len > 0) {
@@ -76,9 +76,9 @@ static int read_full(int fd, void *out, size_t len) {
   return 1;
 }
 
-/* read_file opens |path| and reads until end-of-file. On success, it returns
- * one and sets |*out_ptr| and |*out_len| to a newly-allocated buffer with the
- * contents. Otherwise, it returns zero. */
+// read_file opens |path| and reads until end-of-file. On success, it returns
+// one and sets |*out_ptr| and |*out_len| to a newly-allocated buffer with the
+// contents. Otherwise, it returns zero.
 static int read_file(char **out_ptr, size_t *out_len, const char *path) {
   int fd = open_eintr(path, O_RDONLY);
   if (fd < 0) {
@@ -128,7 +128,7 @@ err:
   return ret;
 }
 
-/* getauxval_proc behaves like |getauxval| but reads from /proc/self/auxv. */
+// getauxval_proc behaves like |getauxval| but reads from /proc/self/auxv.
 static unsigned long getauxval_proc(unsigned long type) {
   int fd = open_eintr("/proc/self/auxv", O_RDONLY);
   if (fd < 0) {
@@ -164,16 +164,16 @@ static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) {
   return a->len == b_len && OPENSSL_memcmp(a->data, b, b_len) == 0;
 }
 
-/* STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found,
- * sets |*out_left| and |*out_right| to |in| split before and after it. It
- * returns one if |sep| was found and zero otherwise. */
+// STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found,
+// sets |*out_left| and |*out_right| to |in| split before and after it. It
+// returns one if |sep| was found and zero otherwise.
 static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right,
                               const STRING_PIECE *in, char sep) {
   const char *p = OPENSSL_memchr(in->data, sep, in->len);
   if (p == NULL) {
     return 0;
   }
-  /* |out_left| or |out_right| may alias |in|, so make a copy. */
+  // |out_left| or |out_right| may alias |in|, so make a copy.
   STRING_PIECE in_copy = *in;
   out_left->data = in_copy.data;
   out_left->len = p - in_copy.data;
@@ -182,7 +182,7 @@ static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right,
   return 1;
 }
 
-/* STRING_PIECE_trim removes leading and trailing whitespace from |s|. */
+// STRING_PIECE_trim removes leading and trailing whitespace from |s|.
 static void STRING_PIECE_trim(STRING_PIECE *s) {
   while (s->len != 0 && (s->data[0] == ' ' || s->data[0] == '\t')) {
     s->data++;
@@ -194,12 +194,12 @@ static void STRING_PIECE_trim(STRING_PIECE *s) {
   }
 }
 
-/* extract_cpuinfo_field extracts a /proc/cpuinfo field named |field| from
- * |in|.  If found, it sets |*out| to the value and returns one. Otherwise, it
- * returns zero. */
+// extract_cpuinfo_field extracts a /proc/cpuinfo field named |field| from
+// |in|.  If found, it sets |*out| to the value and returns one. Otherwise, it
+// returns zero.
 static int extract_cpuinfo_field(STRING_PIECE *out, const STRING_PIECE *in,
                                  const char *field) {
-  /* Process |in| one line at a time. */
+  // Process |in| one line at a time.
   STRING_PIECE remaining = *in, line;
   while (STRING_PIECE_split(&line, &remaining, &remaining, '\n')) {
     STRING_PIECE key, value;
@@ -224,8 +224,8 @@ static int cpuinfo_field_equals(const STRING_PIECE *cpuinfo, const char *field,
          STRING_PIECE_equals(&extracted, value);
 }
 
-/* has_list_item treats |list| as a space-separated list of items and returns
- * one if |item| is contained in |list| and zero otherwise. */
+// has_list_item treats |list| as a space-separated list of items and returns
+// one if |item| is contained in |list| and zero otherwise.
 static int has_list_item(const STRING_PIECE *list, const char *item) {
   STRING_PIECE remaining = *list, feature;
   while (STRING_PIECE_split(&feature, &remaining, &remaining, ' ')) {
@@ -238,11 +238,11 @@ static int has_list_item(const STRING_PIECE *list, const char *item) {
 
 static unsigned long get_hwcap_cpuinfo(const STRING_PIECE *cpuinfo) {
   if (cpuinfo_field_equals(cpuinfo, "CPU architecture", "8")) {
-    /* This is a 32-bit ARM binary running on a 64-bit kernel. NEON is always
-     * available on ARMv8. Linux omits required features, so reading the
-     * "Features" line does not work. (For simplicity, use strict equality. We
-     * assume everything running on future ARM architectures will have a
-     * working |getauxval|.) */
+    // This is a 32-bit ARM binary running on a 64-bit kernel. NEON is always
+    // available on ARMv8. Linux omits required features, so reading the
+    // "Features" line does not work. (For simplicity, use strict equality. We
+    // assume everything running on future ARM architectures will have a
+    // working |getauxval|.)
     return HWCAP_NEON;
   }
 
@@ -276,8 +276,8 @@ static unsigned long get_hwcap2_cpuinfo(const STRING_PIECE *cpuinfo) {
   return ret;
 }
 
-/* has_broken_neon returns one if |in| matches a CPU known to have a broken
- * NEON unit. See https://crbug.com/341598. */
+// has_broken_neon returns one if |in| matches a CPU known to have a broken
+// NEON unit. See https://crbug.com/341598.
 static int has_broken_neon(const STRING_PIECE *cpuinfo) {
   return cpuinfo_field_equals(cpuinfo, "CPU implementer", "0x51") &&
          cpuinfo_field_equals(cpuinfo, "CPU architecture", "7") &&
@@ -288,7 +288,7 @@ static int has_broken_neon(const STRING_PIECE *cpuinfo) {
 
 extern uint32_t OPENSSL_armcap_P;
 
-static int g_has_broken_neon;
+static int g_has_broken_neon, g_needs_hwcap2_workaround;
 
 void OPENSSL_cpuid_setup(void) {
   char *cpuinfo_data;
@@ -300,13 +300,13 @@ void OPENSSL_cpuid_setup(void) {
   cpuinfo.data = cpuinfo_data;
   cpuinfo.len = cpuinfo_len;
 
-  /* |getauxval| is not available on Android until API level 20. If it is
-   * unavailable, read from /proc/self/auxv as a fallback. This is unreadable
-   * on some versions of Android, so further fall back to /proc/cpuinfo.
-   *
-   * See
-   * https://android.googlesource.com/platform/ndk/+/882ac8f3392858991a0e1af33b4b7387ec856bd2
-   * and b/13679666 (Google-internal) for details. */
+  // |getauxval| is not available on Android until API level 20. If it is
+  // unavailable, read from /proc/self/auxv as a fallback. This is unreadable
+  // on some versions of Android, so further fall back to /proc/cpuinfo.
+  //
+  // See
+  // https://android.googlesource.com/platform/ndk/+/882ac8f3392858991a0e1af33b4b7387ec856bd2
+  // and b/13679666 (Google-internal) for details.
   unsigned long hwcap = 0;
   if (getauxval != NULL) {
     hwcap = getauxval(AT_HWCAP);
@@ -318,24 +318,25 @@ void OPENSSL_cpuid_setup(void) {
     hwcap = get_hwcap_cpuinfo(&cpuinfo);
   }
 
-  /* Clear NEON support if known broken. */
+  // Clear NEON support if known broken.
   g_has_broken_neon = has_broken_neon(&cpuinfo);
   if (g_has_broken_neon) {
     hwcap &= ~HWCAP_NEON;
   }
 
-  /* Matching OpenSSL, only report other features if NEON is present. */
+  // Matching OpenSSL, only report other features if NEON is present.
   if (hwcap & HWCAP_NEON) {
     OPENSSL_armcap_P |= ARMV7_NEON;
 
-    /* Some ARMv8 Android devices don't expose AT_HWCAP2. Fall back to
-     * /proc/cpuinfo. See https://crbug.com/596156. */
+    // Some ARMv8 Android devices don't expose AT_HWCAP2. Fall back to
+    // /proc/cpuinfo. See https://crbug.com/596156.
     unsigned long hwcap2 = 0;
     if (getauxval != NULL) {
       hwcap2 = getauxval(AT_HWCAP2);
     }
     if (hwcap2 == 0) {
       hwcap2 = get_hwcap2_cpuinfo(&cpuinfo);
+      g_needs_hwcap2_workaround = hwcap2 != 0;
     }
 
     if (hwcap2 & HWCAP2_AES) {
@@ -357,4 +358,6 @@ void OPENSSL_cpuid_setup(void) {
 
 int CRYPTO_has_broken_NEON(void) { return g_has_broken_neon; }
 
-#endif /* OPENSSL_ARM && !OPENSSL_STATIC_ARMCAP */
+int CRYPTO_needs_hwcap2_workaround(void) { return g_needs_hwcap2_workaround; }
+
+#endif  // OPENSSL_ARM && !OPENSSL_STATIC_ARMCAP

data/third_party/boringssl/crypto/cpu-intel.c

@@ -68,7 +68,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#if defined(OPENSSL_WINDOWS)
+#if defined(_MSC_VER)
 OPENSSL_MSVC_PRAGMA(warning(push, 3))
 #include <immintrin.h>
 #include <intrin.h>
@@ -78,12 +78,12 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
 #include "internal.h"
 
 
-/* OPENSSL_cpuid runs the cpuid instruction. |leaf| is passed in as EAX and ECX
- * is set to zero. It writes EAX, EBX, ECX, and EDX to |*out_eax| through
- * |*out_edx|. */
+// OPENSSL_cpuid runs the cpuid instruction. |leaf| is passed in as EAX and ECX
+// is set to zero. It writes EAX, EBX, ECX, and EDX to |*out_eax| through
+// |*out_edx|.
 static void OPENSSL_cpuid(uint32_t *out_eax, uint32_t *out_ebx,
                           uint32_t *out_ecx, uint32_t *out_edx, uint32_t leaf) {
-#if defined(OPENSSL_WINDOWS)
+#if defined(_MSC_VER)
   int tmp[4];
   __cpuid(tmp, (int)leaf);
   *out_eax = (uint32_t)tmp[0];
@@ -91,8 +91,8 @@ static void OPENSSL_cpuid(uint32_t *out_eax, uint32_t *out_ebx,
   *out_ecx = (uint32_t)tmp[2];
   *out_edx = (uint32_t)tmp[3];
 #elif defined(__pic__) && defined(OPENSSL_32_BIT)
-  /* Inline assembly may not clobber the PIC register. For 32-bit, this is EBX.
-   * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=47602. */
+  // Inline assembly may not clobber the PIC register. For 32-bit, this is EBX.
+  // See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=47602.
   __asm__ volatile (
     "xor %%ecx, %%ecx\n"
     "mov %%ebx, %%edi\n"
@@ -111,10 +111,10 @@ static void OPENSSL_cpuid(uint32_t *out_eax, uint32_t *out_ebx,
 #endif
 }
 
-/* OPENSSL_xgetbv returns the value of an Intel Extended Control Register (XCR).
- * Currently only XCR0 is defined by Intel so |xcr| should always be zero. */
+// OPENSSL_xgetbv returns the value of an Intel Extended Control Register (XCR).
+// Currently only XCR0 is defined by Intel so |xcr| should always be zero.
 static uint64_t OPENSSL_xgetbv(uint32_t xcr) {
-#if defined(OPENSSL_WINDOWS)
+#if defined(_MSC_VER)
   return (uint64_t)_xgetbv(xcr);
 #else
   uint32_t eax, edx;
@@ -123,8 +123,8 @@ static uint64_t OPENSSL_xgetbv(uint32_t xcr) {
 #endif
 }
 
-/* handle_cpu_env applies the value from |in| to the CPUID values in |out[0]|
- * and |out[1]|. See the comment in |OPENSSL_cpuid_setup| about this. */
+// handle_cpu_env applies the value from |in| to the CPUID values in |out[0]|
+// and |out[1]|. See the comment in |OPENSSL_cpuid_setup| about this.
 static void handle_cpu_env(uint32_t *out, const char *in) {
   const int invert = in[0] == '~';
   uint64_t v;
@@ -143,7 +143,7 @@ static void handle_cpu_env(uint32_t *out, const char *in) {
 }
 
 void OPENSSL_cpuid_setup(void) {
-  /* Determine the vendor and maximum input value. */
+  // Determine the vendor and maximum input value.
   uint32_t eax, ebx, ecx, edx;
   OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 0);
 
@@ -158,8 +158,8 @@ void OPENSSL_cpuid_setup(void) {
 
   int has_amd_xop = 0;
   if (is_amd) {
-    /* AMD-specific logic.
-     * See http://developer.amd.com/wordpress/media/2012/10/254811.pdf */
+    // AMD-specific logic.
+    // See http://developer.amd.com/wordpress/media/2012/10/254811.pdf
     OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 0x80000000);
     uint32_t num_extended_ids = eax;
     if (num_extended_ids >= 0x80000001) {
@@ -176,23 +176,23 @@ void OPENSSL_cpuid_setup(void) {
     extended_features = ebx;
   }
 
-  /* Determine the number of cores sharing an L1 data cache to adjust the
-   * hyper-threading bit. */
+  // Determine the number of cores sharing an L1 data cache to adjust the
+  // hyper-threading bit.
   uint32_t cores_per_cache = 0;
   if (is_amd) {
-    /* AMD CPUs never share an L1 data cache between threads but do set the HTT
-     * bit on multi-core CPUs. */
+    // AMD CPUs never share an L1 data cache between threads but do set the HTT
+    // bit on multi-core CPUs.
     cores_per_cache = 1;
   } else if (num_ids >= 4) {
-    /* TODO(davidben): The Intel manual says this CPUID leaf enumerates all
-     * caches using ECX and doesn't say which is first. Does this matter? */
+    // TODO(davidben): The Intel manual says this CPUID leaf enumerates all
+    // caches using ECX and doesn't say which is first. Does this matter?
     OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 4);
     cores_per_cache = 1 + ((eax >> 14) & 0xfff);
   }
 
   OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 1);
 
-  /* Adjust the hyper-threading bit. */
+  // Adjust the hyper-threading bit.
   if (edx & (1 << 28)) {
     uint32_t num_logical_cores = (ebx >> 16) & 0xff;
     if (cores_per_cache == 1 || num_logical_cores <= 1) {
@@ -200,18 +200,26 @@ void OPENSSL_cpuid_setup(void) {
     }
   }
 
-  /* Reserved bit #20 was historically repurposed to control the in-memory
-   * representation of RC4 state. Always set it to zero. */
+  // Reserved bit #20 was historically repurposed to control the in-memory
+  // representation of RC4 state. Always set it to zero.
   edx &= ~(1 << 20);
 
-  /* Reserved bit #30 is repurposed to signal an Intel CPU. */
+  // Reserved bit #30 is repurposed to signal an Intel CPU.
   if (is_intel) {
     edx |= (1 << 30);
+
+    // Clear the XSAVE bit on Knights Landing to mimic Silvermont. This enables
+    // some Silvermont-specific codepaths which perform better. See OpenSSL
+    // commit 64d92d74985ebb3d0be58a9718f9e080a14a8e7f.
+    if ((eax & 0x0fff0ff0) == 0x00050670 /* Knights Landing */ ||
+        (eax & 0x0fff0ff0) == 0x00080650 /* Knights Mill (per SDE) */) {
+      ecx &= ~(1 << 26);
+    }
   } else {
     edx &= ~(1 << 30);
   }
 
-  /* The SDBG bit is repurposed to denote AMD XOP support. */
+  // The SDBG bit is repurposed to denote AMD XOP support.
   if (has_amd_xop) {
     ecx |= (1 << 11);
   } else {
@@ -220,16 +228,33 @@ void OPENSSL_cpuid_setup(void) {
 
   uint64_t xcr0 = 0;
   if (ecx & (1 << 27)) {
-    /* XCR0 may only be queried if the OSXSAVE bit is set. */
+    // XCR0 may only be queried if the OSXSAVE bit is set.
     xcr0 = OPENSSL_xgetbv(0);
   }
-  /* See Intel manual, section 14.3. */
+  // See Intel manual, volume 1, section 14.3.
   if ((xcr0 & 6) != 6) {
-    /* YMM registers cannot be used. */
-    ecx &= ~(1 << 28); /* AVX */
-    ecx &= ~(1 << 12); /* FMA */
-    ecx &= ~(1 << 11); /* AMD XOP */
-    extended_features &= ~(1 << 5); /* AVX2 */
+    // YMM registers cannot be used.
+    ecx &= ~(1 << 28);  // AVX
+    ecx &= ~(1 << 12);  // FMA
+    ecx &= ~(1 << 11);  // AMD XOP
+    // Clear AVX2 and AVX512* bits.
+    //
+    // TODO(davidben): Should bits 17 and 26-28 also be cleared? Upstream
+    // doesn't clear those.
+    extended_features &=
+        ~((1 << 5) | (1 << 16) | (1 << 21) | (1 << 30) | (1 << 31));
+  }
+  // See Intel manual, volume 1, section 15.2.
+  if ((xcr0 & 0xe6) != 0xe6) {
+    // Clear AVX512F. Note we don't touch other AVX512 extensions because they
+    // can be used with YMM.
+    extended_features &= ~(1 << 16);
+  }
+
+  // Disable ADX instructions on Knights Landing. See OpenSSL commit
+  // 64d92d74985ebb3d0be58a9718f9e080a14a8e7f.
+  if ((ecx & (1 << 26)) == 0) {
+    extended_features &= ~(1 << 19);
   }
 
   OPENSSL_ia32cap_P[0] = edx;
@@ -243,15 +268,15 @@ void OPENSSL_cpuid_setup(void) {
     return;
   }
 
-  /* OPENSSL_ia32cap can contain zero, one or two values, separated with a ':'.
-   * Each value is a 64-bit, unsigned value which may start with "0x" to
-   * indicate a hex value. Prior to the 64-bit value, a '~' may be given.
-   *
-   * If '~' isn't present, then the value is taken as the result of the CPUID.
-   * Otherwise the value is inverted and ANDed with the probed CPUID result.
-   *
-   * The first value determines OPENSSL_ia32cap_P[0] and [1]. The second [2]
-   * and [3]. */
+  // OPENSSL_ia32cap can contain zero, one or two values, separated with a ':'.
+  // Each value is a 64-bit, unsigned value which may start with "0x" to
+  // indicate a hex value. Prior to the 64-bit value, a '~' may be given.
+  //
+  // If '~' isn't present, then the value is taken as the result of the CPUID.
+  // Otherwise the value is inverted and ANDed with the probed CPUID result.
+  //
+  // The first value determines OPENSSL_ia32cap_P[0] and [1]. The second [2]
+  // and [3].
 
   handle_cpu_env(&OPENSSL_ia32cap_P[0], env1);
   env2 = strchr(env1, ':');
@@ -260,4 +285,4 @@ void OPENSSL_cpuid_setup(void) {
   }
 }
 
-#endif  /* !OPENSSL_NO_ASM && (OPENSSL_X86 || OPENSSL_X86_64) */
+#endif  // !OPENSSL_NO_ASM && (OPENSSL_X86 || OPENSSL_X86_64)