For AES-GCM-SIV, also require PCLMUL instruction set.

It uses the VPCLMULQDQ instruction on XMM registers. This requires AVX
and PCLMUL to be present.

The existing test checks for AVX, AESNI only, but not for PCLMUL.

Note that there exist no CPUs that have AVX and AESNI, but lack PCLMUL,
as both Intel and AMD introduced AESNI together with PCLMUL in the
same CPU generation. So this issue and fix is purely theoretical just in
case a future CPU for some odd reason has a weird combination of
features.

Change-Id: I2cbcf8b5c165f4aba6e9b3127e6fc67d6a6a6964
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/95667
Reviewed-by: Xiangfei Ding <xfding@google.com>
Commit-Queue: Rudolf Polzer <rpolzer@google.com>

crypto/cipher/e_aesgcmsiv.cc

diff --git a/crypto/cipher/e_aesgcmsiv.cc b/crypto/cipher/e_aesgcmsiv.cc
index 7c23bbb..47421fe 100644
--- a/crypto/cipher/e_aesgcmsiv.cc
+++ b/crypto/cipher/e_aesgcmsiv.cc
@@ -1039,14 +1039,16 @@
 #if defined(AES_GCM_SIV_ASM)
 
 const EVP_AEAD *EVP_aead_aes_128_gcm_siv() {
-  if (CRYPTO_is_AVX_capable() && CRYPTO_is_AESNI_capable()) {
+  if (CRYPTO_is_AVX_capable() && CRYPTO_is_AESNI_capable() &&
+      CRYPTO_is_PCLMUL_capable()) {
     return &aead_aes_128_gcm_siv_asm;
   }
   return &aead_aes_128_gcm_siv;
 }
 
 const EVP_AEAD *EVP_aead_aes_256_gcm_siv() {
-  if (CRYPTO_is_AVX_capable() && CRYPTO_is_AESNI_capable()) {
+  if (CRYPTO_is_AVX_capable() && CRYPTO_is_AESNI_capable() &&
+      CRYPTO_is_PCLMUL_capable()) {
     return &aead_aes_256_gcm_siv_asm;
   }
   return &aead_aes_256_gcm_siv;