Align _gnutls_x86_cpuid_s as OPENSSL_ia32cap_P would be

We were not setting the third array member correctly, though
this didn't have any impact to previous implementations as they
did not rely on it. This also moves away from the custom implementation
of cpuid (which was limited), and we now rely on the compiler's
version.

This effectively enables support for SHA_NI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

12 files changed, 76 insertions, 448 deletions

diff --git a/lib/accelerated/accelerated.c b/lib/accelerated/accelerated.c
index 2d8f546b23..8fb0b11f65 100644
--- a/lib/accelerated/accelerated.c
+++ b/lib/accelerated/accelerated.c
@@ -32,9 +32,7 @@
 void _gnutls_register_accel_crypto(void)
 {
 #if defined(ASM_X86)
-	if (gnutls_have_cpuid() != 0) {
-		register_x86_crypto();
-	}
+	register_x86_crypto();
 #endif
 
 #if defined(ASM_AARCH64)
diff --git a/lib/accelerated/x86/coff/cpuid-x86.s b/lib/accelerated/x86/coff/cpuid-x86.s
deleted file mode 100644
index 610e9617db..0000000000
--- a/lib/accelerated/x86/coff/cpuid-x86.s
+++ /dev/null
@@ -1,71 +0,0 @@
-#
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
-# Copyright (C) 2013 Nikos Mavrogiannopoulos
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# The GnuTLS is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public License
-# as published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-#
-# *** This file is auto-generated ***
-#
-.text
-.globl	_gnutls_cpuid
-.def	_gnutls_cpuid;	.scl	2;	.type	32;	.endef
-.align	16
-_gnutls_cpuid:
-.L_gnutls_cpuid_begin:
-	pushl	%ebp
-	movl	%esp,%ebp
-	subl	$12,%esp
-	movl	%ebx,(%esp)
-	movl	8(%ebp),%eax
-	movl	%esi,4(%esp)
-	movl	%edi,8(%esp)
-	pushl	%ebx
-	.byte	0x0f,0xa2
-	movl	%ebx,%edi
-	popl	%ebx
-	movl	%edx,%esi
-	movl	12(%ebp),%edx
-	movl	%eax,(%edx)
-	movl	16(%ebp),%eax
-	movl	%edi,(%eax)
-	movl	20(%ebp),%eax
-	movl	%ecx,(%eax)
-	movl	24(%ebp),%eax
-	movl	%esi,(%eax)
-	movl	(%esp),%ebx
-	movl	4(%esp),%esi
-	movl	8(%esp),%edi
-	movl	%ebp,%esp
-	popl	%ebp
-	ret
-.globl	_gnutls_have_cpuid
-.def	_gnutls_have_cpuid;	.scl	2;	.type	32;	.endef
-.align	16
-_gnutls_have_cpuid:
-.L_gnutls_have_cpuid_begin:
-	pushfl
-	popl	%eax
-	orl	$2097152,%eax
-	pushl	%eax
-	popfl
-	pushfl
-	popl	%eax
-	andl	$2097152,%eax
-	ret
-.byte	67,80,85,73,68,32,102,111,114,32,120,56,54,0
-
diff --git a/lib/accelerated/x86/coff/cpuid-x86_64.s b/lib/accelerated/x86/coff/cpuid-x86_64.s
deleted file mode 100644
index cd28c7b156..0000000000
--- a/lib/accelerated/x86/coff/cpuid-x86_64.s
+++ /dev/null
@@ -1,71 +0,0 @@
-#
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
-# Copyright (C) 2013 Nikos Mavrogiannopoulos
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# The GnuTLS is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public License
-# as published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-#
-# *** This file is auto-generated ***
-#
-.text	
-.globl	gnutls_cpuid
-.def	gnutls_cpuid;	.scl 2;	.type 32;	.endef
-.p2align	4
-gnutls_cpuid:
-	movq	%rdi,8(%rsp)
-	movq	%rsi,16(%rsp)
-	movq	%rsp,%rax
-.LSEH_begin_gnutls_cpuid:
-	movq	%rcx,%rdi
-	movq	%rdx,%rsi
-	movq	%r8,%rdx
-	movq	%r9,%rcx
-	movq	40(%rsp),%r8
-	movq	48(%rsp),%r9
-
-	pushq	%rbp
-	movq	%rsp,%rbp
-	pushq	%rbx
-	movl	%edi,-12(%rbp)
-	movq	%rsi,-24(%rbp)
-	movq	%rdx,-32(%rbp)
-	movq	%rcx,-40(%rbp)
-	movq	%r8,-48(%rbp)
-	movl	-12(%rbp),%eax
-	movl	%eax,-60(%rbp)
-	movl	-60(%rbp),%eax
-	cpuid
-	movl	%edx,-56(%rbp)
-	movl	%ecx,%esi
-	movl	%eax,-52(%rbp)
-	movq	-24(%rbp),%rax
-	movl	-52(%rbp),%edx
-	movl	%edx,(%rax)
-	movq	-32(%rbp),%rax
-	movl	%ebx,(%rax)
-	movq	-40(%rbp),%rax
-	movl	%esi,(%rax)
-	movq	-48(%rbp),%rax
-	movl	-56(%rbp),%ecx
-	movl	%ecx,(%rax)
-	popq	%rbx
-	leave
-	movq	8(%rsp),%rdi
-	movq	16(%rsp),%rsi
-	.byte	0xf3,0xc3
-.LSEH_end_gnutls_cpuid:
-
diff --git a/lib/accelerated/x86/elf/cpuid-x86.s b/lib/accelerated/x86/elf/cpuid-x86.s
deleted file mode 100644
index 4427b6bdd0..0000000000
--- a/lib/accelerated/x86/elf/cpuid-x86.s
+++ /dev/null
@@ -1,74 +0,0 @@
-#
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
-# Copyright (C) 2013 Nikos Mavrogiannopoulos
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# The GnuTLS is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public License
-# as published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-#
-# *** This file is auto-generated ***
-#
-.text
-.globl	gnutls_cpuid
-.type	gnutls_cpuid,@function
-.align	16
-gnutls_cpuid:
-.L_gnutls_cpuid_begin:
-	pushl	%ebp
-	movl	%esp,%ebp
-	subl	$12,%esp
-	movl	%ebx,(%esp)
-	movl	8(%ebp),%eax
-	movl	%esi,4(%esp)
-	movl	%edi,8(%esp)
-	pushl	%ebx
-	.byte	0x0f,0xa2
-	movl	%ebx,%edi
-	popl	%ebx
-	movl	%edx,%esi
-	movl	12(%ebp),%edx
-	movl	%eax,(%edx)
-	movl	16(%ebp),%eax
-	movl	%edi,(%eax)
-	movl	20(%ebp),%eax
-	movl	%ecx,(%eax)
-	movl	24(%ebp),%eax
-	movl	%esi,(%eax)
-	movl	(%esp),%ebx
-	movl	4(%esp),%esi
-	movl	8(%esp),%edi
-	movl	%ebp,%esp
-	popl	%ebp
-	ret
-.size	gnutls_cpuid,.-.L_gnutls_cpuid_begin
-.globl	gnutls_have_cpuid
-.type	gnutls_have_cpuid,@function
-.align	16
-gnutls_have_cpuid:
-.L_gnutls_have_cpuid_begin:
-	pushfl
-	popl	%eax
-	orl	$2097152,%eax
-	pushl	%eax
-	popfl
-	pushfl
-	popl	%eax
-	andl	$2097152,%eax
-	ret
-.size	gnutls_have_cpuid,.-.L_gnutls_have_cpuid_begin
-.byte	67,80,85,73,68,32,102,111,114,32,120,56,54,0
-
-.section .note.GNU-stack,"",%progbits
diff --git a/lib/accelerated/x86/elf/cpuid-x86_64.s b/lib/accelerated/x86/elf/cpuid-x86_64.s
deleted file mode 100644
index 0740edcd26..0000000000
--- a/lib/accelerated/x86/elf/cpuid-x86_64.s
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
-# Copyright (C) 2013 Nikos Mavrogiannopoulos
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# The GnuTLS is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public License
-# as published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-#
-# *** This file is auto-generated ***
-#
-.text	
-.globl	gnutls_cpuid
-.type	gnutls_cpuid,@function
-.align	16
-gnutls_cpuid:
-	pushq	%rbp
-	movq	%rsp,%rbp
-	pushq	%rbx
-	movl	%edi,-12(%rbp)
-	movq	%rsi,-24(%rbp)
-	movq	%rdx,-32(%rbp)
-	movq	%rcx,-40(%rbp)
-	movq	%r8,-48(%rbp)
-	movl	-12(%rbp),%eax
-	movl	%eax,-60(%rbp)
-	movl	-60(%rbp),%eax
-	cpuid
-	movl	%edx,-56(%rbp)
-	movl	%ecx,%esi
-	movl	%eax,-52(%rbp)
-	movq	-24(%rbp),%rax
-	movl	-52(%rbp),%edx
-	movl	%edx,(%rax)
-	movq	-32(%rbp),%rax
-	movl	%ebx,(%rax)
-	movq	-40(%rbp),%rax
-	movl	%esi,(%rax)
-	movq	-48(%rbp),%rax
-	movl	-56(%rbp),%ecx
-	movl	%ecx,(%rax)
-	popq	%rbx
-	leave
-	.byte	0xf3,0xc3
-.size	gnutls_cpuid,.-gnutls_cpuid
-
-.section .note.GNU-stack,"",%progbits
diff --git a/lib/accelerated/x86/files.mk b/lib/accelerated/x86/files.mk
index cf688b3883..ac1f2b05bd 100644
--- a/lib/accelerated/x86/files.mk
+++ b/lib/accelerated/x86/files.mk
@@ -1,9 +1,9 @@
-X86_FILES_ELF=elf/aesni-x86.s elf/cpuid-x86.s elf/sha1-ssse3-x86.s elf/sha256-ssse3-x86.s elf/sha512-ssse3-x86.s elf/aes-ssse3-x86.s
-X86_FILES_COFF=coff/aesni-x86.s coff/cpuid-x86.s coff/sha1-ssse3-x86.s coff/sha256-ssse3-x86.s coff/sha512-ssse3-x86.s coff/aes-ssse3-x86.s
-X86_FILES_MACOSX=macosx/aesni-x86.s macosx/cpuid-x86.s macosx/sha1-ssse3-x86.s macosx/sha256-ssse3-x86.s macosx/sha512-ssse3-x86.s macosx/aes-ssse3-x86.s
-X86_64_FILES_ELF=elf/aesni-x86_64.s elf/cpuid-x86_64.s elf/ghash-x86_64.s elf/sha1-ssse3-x86_64.s elf/sha512-ssse3-x86_64.s elf/aes-ssse3-x86_64.s elf/aesni-gcm-x86_64.s elf/sha256-ssse3-x86_64.s
-X86_64_FILES_COFF=coff/aesni-x86_64.s coff/cpuid-x86_64.s coff/ghash-x86_64.s coff/sha1-ssse3-x86_64.s coff/sha512-ssse3-x86_64.s coff/aes-ssse3-x86_64.s coff/aesni-gcm-x86_64.s coff/sha256-ssse3-x86_64.s
-X86_64_FILES_MACOSX=macosx/aesni-x86_64.s macosx/cpuid-x86_64.s macosx/ghash-x86_64.s macosx/sha1-ssse3-x86_64.s macosx/sha512-ssse3-x86_64.s macosx/aes-ssse3-x86_64.s macosx/aesni-gcm-x86_64.s macosx/sha256-ssse3-x86_64.s
+X86_FILES_ELF=elf/aesni-x86.s elf/sha1-ssse3-x86.s elf/sha256-ssse3-x86.s elf/sha512-ssse3-x86.s elf/aes-ssse3-x86.s
+X86_FILES_COFF=coff/aesni-x86.s coff/sha1-ssse3-x86.s coff/sha256-ssse3-x86.s coff/sha512-ssse3-x86.s coff/aes-ssse3-x86.s
+X86_FILES_MACOSX=macosx/aesni-x86.s macosx/sha1-ssse3-x86.s macosx/sha256-ssse3-x86.s macosx/sha512-ssse3-x86.s macosx/aes-ssse3-x86.s
+X86_64_FILES_ELF=elf/aesni-x86_64.s elf/ghash-x86_64.s elf/sha1-ssse3-x86_64.s elf/sha512-ssse3-x86_64.s elf/aes-ssse3-x86_64.s elf/aesni-gcm-x86_64.s elf/sha256-ssse3-x86_64.s
+X86_64_FILES_COFF=coff/aesni-x86_64.s coff/ghash-x86_64.s coff/sha1-ssse3-x86_64.s coff/sha512-ssse3-x86_64.s coff/aes-ssse3-x86_64.s coff/aesni-gcm-x86_64.s coff/sha256-ssse3-x86_64.s
+X86_64_FILES_MACOSX=macosx/aesni-x86_64.s macosx/ghash-x86_64.s macosx/sha1-ssse3-x86_64.s macosx/sha512-ssse3-x86_64.s macosx/aes-ssse3-x86_64.s macosx/aesni-gcm-x86_64.s macosx/sha256-ssse3-x86_64.s
 X86_PADLOCK_FILES_ELF=elf/e_padlock-x86.s
 X86_PADLOCK_FILES_COFF=coff/e_padlock-x86.s
 X86_PADLOCK_FILES_MACOSX=macosx/e_padlock-x86.s
diff --git a/lib/accelerated/x86/hmac-x86-ssse3.c b/lib/accelerated/x86/hmac-x86-ssse3.c
index 5a4677b405..f4ead02c47 100644
--- a/lib/accelerated/x86/hmac-x86-ssse3.c
+++ b/lib/accelerated/x86/hmac-x86-ssse3.c
@@ -45,10 +45,8 @@ struct x86_hmac_ctx {
 		struct hmac_sha1_ctx sha1;
 		struct hmac_sha224_ctx sha224;
 		struct hmac_sha256_ctx sha256;
-#ifdef ENABLE_SHA512
 		struct hmac_sha384_ctx sha384;
 		struct hmac_sha512_ctx sha512;
-#endif
 	} ctx;
 
 	void *ctx_ptr;
@@ -115,7 +113,6 @@ x86_hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
 	HMAC_DIGEST(ctx, &x86_sha224, length, digest);
 }
 
-#ifdef ENABLE_SHA512
 static void
 x86_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx,
 			    size_t key_length, const uint8_t * key)
@@ -150,7 +147,6 @@ x86_hmac_sha512_digest(struct hmac_sha512_ctx *ctx,
 {
 	HMAC_DIGEST(ctx, &x86_sha512, length, digest);
 }
-#endif
 
 static int
 _hmac_ctx_init(gnutls_mac_algorithm_t algo, struct x86_hmac_ctx *ctx)
@@ -177,7 +173,6 @@ _hmac_ctx_init(gnutls_mac_algorithm_t algo, struct x86_hmac_ctx *ctx)
 		ctx->ctx_ptr = &ctx->ctx.sha256;
 		ctx->length = SHA256_DIGEST_SIZE;
 		break;
-#ifdef ENABLE_SHA512
 	case GNUTLS_MAC_SHA384:
 		ctx->update = (update_func) x86_hmac_sha512_update;
 		ctx->digest = (digest_func) x86_hmac_sha384_digest;
@@ -192,7 +187,6 @@ _hmac_ctx_init(gnutls_mac_algorithm_t algo, struct x86_hmac_ctx *ctx)
 		ctx->ctx_ptr = &ctx->ctx.sha512;
 		ctx->length = SHA512_DIGEST_SIZE;
 		break;
-#endif
 	default:
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
diff --git a/lib/accelerated/x86/macosx/cpuid-x86.s b/lib/accelerated/x86/macosx/cpuid-x86.s
deleted file mode 100644
index bd8e443fa9..0000000000
--- a/lib/accelerated/x86/macosx/cpuid-x86.s
+++ /dev/null
@@ -1,69 +0,0 @@
-#
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
-# Copyright (C) 2013 Nikos Mavrogiannopoulos
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# The GnuTLS is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public License
-# as published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-#
-# *** This file is auto-generated ***
-#
-.text
-.globl	_gnutls_cpuid
-.align	4
-_gnutls_cpuid:
-L_gnutls_cpuid_begin:
-	pushl	%ebp
-	movl	%esp,%ebp
-	subl	$12,%esp
-	movl	%ebx,(%esp)
-	movl	8(%ebp),%eax
-	movl	%esi,4(%esp)
-	movl	%edi,8(%esp)
-	pushl	%ebx
-	.byte	0x0f,0xa2
-	movl	%ebx,%edi
-	popl	%ebx
-	movl	%edx,%esi
-	movl	12(%ebp),%edx
-	movl	%eax,(%edx)
-	movl	16(%ebp),%eax
-	movl	%edi,(%eax)
-	movl	20(%ebp),%eax
-	movl	%ecx,(%eax)
-	movl	24(%ebp),%eax
-	movl	%esi,(%eax)
-	movl	(%esp),%ebx
-	movl	4(%esp),%esi
-	movl	8(%esp),%edi
-	movl	%ebp,%esp
-	popl	%ebp
-	ret
-.globl	_gnutls_have_cpuid
-.align	4
-_gnutls_have_cpuid:
-L_gnutls_have_cpuid_begin:
-	pushfl
-	popl	%eax
-	orl	$2097152,%eax
-	pushl	%eax
-	popfl
-	pushfl
-	popl	%eax
-	andl	$2097152,%eax
-	ret
-.byte	67,80,85,73,68,32,102,111,114,32,120,56,54,0
-
diff --git a/lib/accelerated/x86/macosx/cpuid-x86_64.s b/lib/accelerated/x86/macosx/cpuid-x86_64.s
deleted file mode 100644
index 05dc5c8e71..0000000000
--- a/lib/accelerated/x86/macosx/cpuid-x86_64.s
+++ /dev/null
@@ -1,58 +0,0 @@
-#
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
-# Copyright (C) 2013 Nikos Mavrogiannopoulos
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# The GnuTLS is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public License
-# as published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-#
-# *** This file is auto-generated ***
-#
-.text	
-.globl	_gnutls_cpuid
-
-.p2align	4
-_gnutls_cpuid:
-	pushq	%rbp
-	movq	%rsp,%rbp
-	pushq	%rbx
-	movl	%edi,-12(%rbp)
-	movq	%rsi,-24(%rbp)
-	movq	%rdx,-32(%rbp)
-	movq	%rcx,-40(%rbp)
-	movq	%r8,-48(%rbp)
-	movl	-12(%rbp),%eax
-	movl	%eax,-60(%rbp)
-	movl	-60(%rbp),%eax
-	cpuid
-	movl	%edx,-56(%rbp)
-	movl	%ecx,%esi
-	movl	%eax,-52(%rbp)
-	movq	-24(%rbp),%rax
-	movl	-52(%rbp),%edx
-	movl	%edx,(%rax)
-	movq	-32(%rbp),%rax
-	movl	%ebx,(%rax)
-	movq	-40(%rbp),%rax
-	movl	%esi,(%rax)
-	movq	-48(%rbp),%rax
-	movl	-56(%rbp),%ecx
-	movl	%ecx,(%rax)
-	popq	%rbx
-	leave
-	.byte	0xf3,0xc3
-
-
diff --git a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c
index b6393488cf..8ea4e54aee 100644
--- a/lib/accelerated/x86/sha-x86-ssse3.c
+++ b/lib/accelerated/x86/sha-x86-ssse3.c
@@ -45,10 +45,8 @@ struct x86_hash_ctx {
 		struct sha1_ctx sha1;
 		struct sha224_ctx sha224;
 		struct sha256_ctx sha256;
-#ifdef ENABLE_SHA512
 		struct sha384_ctx sha384;
 		struct sha512_ctx sha512;
-#endif
 	} ctx;
 	void *ctx_ptr;
 	gnutls_digest_algorithm_t algo;
@@ -180,7 +178,6 @@ void x86_sha256_update(struct sha256_ctx *ctx, size_t length,
 	}
 }
 
-#ifdef ENABLE_SHA512
 void x86_sha512_update(struct sha512_ctx *ctx, size_t length,
 		     const uint8_t * data)
 {
@@ -231,7 +228,6 @@ void x86_sha512_update(struct sha512_ctx *ctx, size_t length,
 		sha512_update(ctx, res, data);
 	}
 }
-#endif
 
 static int _ctx_init(gnutls_digest_algorithm_t algo,
 		     struct x86_hash_ctx *ctx)
@@ -261,7 +257,6 @@ static int _ctx_init(gnutls_digest_algorithm_t algo,
 		ctx->ctx_ptr = &ctx->ctx.sha256;
 		ctx->length = SHA256_DIGEST_SIZE;
 		break;
-#ifdef ENABLE_SHA512
 	case GNUTLS_DIG_SHA384:
 		sha384_init(&ctx->ctx.sha384);
 		ctx->update = (update_func) x86_sha512_update;
@@ -278,7 +273,6 @@ static int _ctx_init(gnutls_digest_algorithm_t algo,
 		ctx->ctx_ptr = &ctx->ctx.sha512;
 		ctx->length = SHA512_DIGEST_SIZE;
 		break;
-#endif
 	default:
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
@@ -368,12 +362,10 @@ NN_HASH(sha224, x86_sha256_update, sha224_digest, SHA224);
 const struct nettle_hash x86_sha256 =
 NN_HASH(sha256, x86_sha256_update, sha256_digest, SHA256);
 
-#ifdef ENABLE_SHA512
 const struct nettle_hash x86_sha384 =
 NN_HASH(sha384, x86_sha512_update, sha384_digest, SHA384);
 const struct nettle_hash x86_sha512 =
 NN_HASH(sha512, x86_sha512_update, sha512_digest, SHA512);
-#endif
 
 const gnutls_crypto_digest_st _gnutls_sha_x86_ssse3 = {
 	.init = wrap_x86_hash_init,
diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
index acd4586e4e..fb3ff90919 100644
--- a/lib/accelerated/x86/x86-common.c
+++ b/lib/accelerated/x86/x86-common.c
@@ -38,6 +38,12 @@
 # include <sha-padlock.h>
 #endif
 #include <aes-padlock.h>
+#ifdef HAVE_CPUID_H
+# include <cpuid.h>
+#else
+# define __get_cpuid(...) 0
+# define __get_cpuid_count(...) 0
+#endif
 
 /* ebx, ecx, edx 
  * This is a format compatible with openssl's CPUID detection.
@@ -49,11 +55,21 @@ __hidden
 #endif
 unsigned int _gnutls_x86_cpuid_s[4];
 
+#ifndef bit_SHA
+# define bit_SHA (1<<29)
+#endif
+
+/* ecx */
+#ifndef bit_AVX512BITALG
+# define bit_AVX512BITALG 0x4000
+#endif
+
 #ifndef bit_PCLMUL
 # define bit_PCLMUL 0x2
 #endif
 
 #ifndef bit_SSSE3
+/* ecx */
 # define bit_SSSE3 0x0000200
 #endif
 
@@ -85,10 +101,26 @@ unsigned int _gnutls_x86_cpuid_s[4];
 #define INTEL_SSSE3 (1<<2)
 #define INTEL_PCLMUL (1<<3)
 #define INTEL_AVX (1<<4)
+#define INTEL_SHA (1<<5)
 #define VIA_PADLOCK (1<<20)
 #define VIA_PADLOCK_PHE (1<<21)
 #define VIA_PADLOCK_PHE_SHA512 (1<<22)
 
+static unsigned read_cpuid_vals(unsigned int vals[4])
+{
+	unsigned t1, t2, t3;
+	if (!__get_cpuid(1, &t1, &vals[0],
+			 &vals[1], &t2))
+		return 0;
+	/* suppress AVX512; it works conditionally on certain CPUs on the original code */
+	vals[1] &= 0xfffff7ff;
+
+	if (!__get_cpuid_count(7, 0, &t1, &vals[2], &t2, &t3))
+		return 0;
+
+	return 1;
+}
+
 /* Based on the example in "How to detect New Instruction support in
  * the 4th generation Intel Core processor family.
  * https://software.intel.com/en-us/articles/how-to-detect-new-instruction-support-in-the-4th-generation-intel-core-processor-family
@@ -111,18 +143,17 @@ static unsigned check_4th_gen_intel_features(unsigned ecx)
 
 static void capabilities_to_intel_cpuid(unsigned capabilities)
 {
-	unsigned a,b,c,t;
-
-	memset(_gnutls_x86_cpuid_s, 0, sizeof(_gnutls_x86_cpuid_s));
+	unsigned a[4];
 
 	if (capabilities & EMPTY_SET) {
 		return;
 	}
 
-	gnutls_cpuid(1, &t, &a, &b, &c);
+	if (!read_cpuid_vals(a))
+		return;
 
 	if (capabilities & INTEL_AES_NI) {
-		if (b & bit_AES) {
+		if (a[1] & bit_AES) {
 			_gnutls_x86_cpuid_s[1] |= bit_AES;
 		} else {
 			_gnutls_debug_log
@@ -131,7 +162,7 @@ static void capabilities_to_intel_cpuid(unsigned capabilities)
 	}
 
 	if (capabilities & INTEL_SSSE3) {
-		if (b & bit_SSSE3) {
+		if (a[1] & bit_SSSE3) {
 			_gnutls_x86_cpuid_s[1] |= bit_SSSE3;
 		} else {
 			_gnutls_debug_log
@@ -140,7 +171,7 @@ static void capabilities_to_intel_cpuid(unsigned capabilities)
 	}
 
 	if (capabilities & INTEL_AVX) {
-		if ((b & bit_AVX) && check_4th_gen_intel_features(b)) {
+		if ((a[1] & bit_AVX) && check_4th_gen_intel_features(a[1])) {
 			_gnutls_x86_cpuid_s[1] |= bit_AVX|bit_MOVBE;
 		} else {
 			_gnutls_debug_log
@@ -149,7 +180,7 @@ static void capabilities_to_intel_cpuid(unsigned capabilities)
 	}
 
 	if (capabilities & INTEL_PCLMUL) {
-		if (b & bit_PCLMUL) {
+		if (a[1] & bit_PCLMUL) {
 			_gnutls_x86_cpuid_s[1] |= bit_PCLMUL;
 		} else {
 			_gnutls_debug_log
@@ -157,6 +188,14 @@ static void capabilities_to_intel_cpuid(unsigned capabilities)
 		}
 	}
 
+	if (capabilities & INTEL_SHA) {
+		if (a[2] & bit_SHA) {
+			_gnutls_x86_cpuid_s[2] |= bit_SHA;
+		} else {
+			_gnutls_debug_log
+			    ("SHA acceleration requested but not available\n");
+		}
+	}
 }
 
 
@@ -170,6 +209,11 @@ static unsigned check_ssse3(void)
 	return (_gnutls_x86_cpuid_s[1] & bit_SSSE3);
 }
 
+static unsigned check_sha(void)
+{
+	return (_gnutls_x86_cpuid_s[2] & bit_SHA);
+}
+
 #ifdef ASM_X86_64
 static unsigned check_avx_movbe(void)
 {
@@ -196,8 +240,8 @@ static unsigned capabilities_to_via_edx(unsigned capabilities)
 		return 0;
 	}
 
-	gnutls_cpuid(1, &t, &a, &b, &c);
-
+	if (!__get_cpuid(1, &t, &a, &b, &c))
+		return 0;
 	if (capabilities & VIA_PADLOCK) {
 		if (c & via_bit_PADLOCK) {
 			_gnutls_x86_cpuid_s[2] |= via_bit_PADLOCK;
@@ -265,7 +309,9 @@ static int check_phe_partial(void)
 static unsigned check_via(void)
 {
 	unsigned int a, b, c, d;
-	gnutls_cpuid(0, &a, &b, &c, &d);
+
+	if (!__get_cpuid(0, &a, &b, &c, &d))
+		return 0;
 
 	if ((memcmp(&b, "Cent", 4) == 0 &&
 	     memcmp(&d, "aurH", 4) == 0 && memcmp(&c, "auls", 4) == 0)) {
@@ -455,7 +501,9 @@ void register_x86_padlock_crypto(unsigned capabilities)
 static unsigned check_intel_or_amd(void)
 {
 	unsigned int a, b, c, d;
-	gnutls_cpuid(0, &a, &b, &c, &d);
+
+	if (!__get_cpuid(0, &a, &b, &c, &d))
+		return 0;
 
 	if ((memcmp(&b, "Genu", 4) == 0 &&
 	     memcmp(&d, "ineI", 4) == 0 &&
@@ -472,14 +520,15 @@ static
 void register_x86_intel_crypto(unsigned capabilities)
 {
 	int ret;
-	unsigned t;
+
+	memset(_gnutls_x86_cpuid_s, 0, sizeof(_gnutls_x86_cpuid_s));
 
 	if (check_intel_or_amd() == 0)
 		return;
 
 	if (capabilities == 0) {
-		gnutls_cpuid(1, &t, &_gnutls_x86_cpuid_s[0], 
-			&_gnutls_x86_cpuid_s[1], &_gnutls_x86_cpuid_s[2]);
+		if (!read_cpuid_vals(_gnutls_x86_cpuid_s))
+			return;
 	} else {
 		capabilities_to_intel_cpuid(capabilities);
 	}
@@ -523,6 +572,11 @@ void register_x86_intel_crypto(unsigned capabilities)
 		if (ret < 0) {
 			gnutls_assert();
 		}
+	}
+
+	if (check_sha() || check_ssse3()) {
+		if (check_sha())
+			_gnutls_debug_log("Intel SHA was detected\n");
 
 		ret =
 		    gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1,
@@ -570,7 +624,6 @@ void register_x86_intel_crypto(unsigned capabilities)
 		if (ret < 0)
 			gnutls_assert();
 
-#ifdef ENABLE_SHA512
 		ret =
 		    gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA384,
 							 80,
@@ -597,7 +650,6 @@ void register_x86_intel_crypto(unsigned capabilities)
 							 &_gnutls_hmac_sha_x86_ssse3, 0);
 		if (ret < 0)
 			gnutls_assert();
-#endif
 	}
 
 	if (check_optimized_aes()) {
diff --git a/lib/accelerated/x86/x86-common.h b/lib/accelerated/x86/x86-common.h
index 0e2d86d510..d15786f378 100644
--- a/lib/accelerated/x86/x86-common.h
+++ b/lib/accelerated/x86/x86-common.h
@@ -29,12 +29,6 @@
 void gnutls_cpuid(unsigned int func, unsigned int *ax, unsigned int *bx,
 		  unsigned int *cx, unsigned int *dx);
 
-# ifdef ASM_X86_32
-unsigned int gnutls_have_cpuid(void);
-# else
-#  define gnutls_have_cpuid() 1
-# endif				/* ASM_X86_32 */
-
 #endif
 
 #define CHECK_AES_KEYSIZE(s) \