[openssl-commits] [openssl] master update
The branch master has been updated via 8839324450b569a6253e0dd237ee3e417ef17771 (commit) via 5b37fef04a2b765835361f0652aaa0c41ed1b842 (commit) via 28ad73181aeb3b0b027d53d3266159f4b2e15d5b (commit) via f44d7e8b472dfc0602f8d06ef72e808a5e8d410c (commit) from 38eca7fed09a57c1b7a05d651af2c667b3e87719 (commit) - Log - commit 8839324450b569a6253e0dd237ee3e417ef17771 Author: Andy Polyakov Date: Sun Aug 5 16:56:54 2018 +0200 stack/stack.c: omit redundant NULL checks. Checks are left in OPENSSL_sk_shift, OPENSSL_sk_pop and OPENSSL_sk_num. This is because these are used as "opportunistic" readers, pulling whatever datai, if any, set by somebody else. All calls that add data don't check for stack being NULL, because caller should have checked if stack was actually created. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6860) commit 5b37fef04a2b765835361f0652aaa0c41ed1b842 Author: Andy Polyakov Date: Sun Aug 5 16:50:41 2018 +0200 Harmonize use of sk_TYPE_find's return value. In some cases it's about redundant check for return value, in some cases it's about replacing check for -1 with comparison to 0. Otherwise compiler might generate redundant check for <-1. [Even formatting and readability fixes.] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6860) commit 28ad73181aeb3b0b027d53d3266159f4b2e15d5b Author: Andy Polyakov Date: Sun Aug 5 11:51:37 2018 +0200 x509/x509name.c: fix potential crash in X509_NAME_get_text_by_OBJ. Documentation says "at most B bytes will be written", which formally doesn't prohibit zero. But if zero B was passed, the call to memcpy was bound to crash. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6860) commit f44d7e8b472dfc0602f8d06ef72e808a5e8d410c Author: Andy Polyakov Date: Mon Aug 6 09:43:39 2018 +0200 INSTALL,NOTES.ANDROID: minor updates. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6866) --- Summary of changes: INSTALL | 10 ++ NOTES.ANDROID | 4 ++-- crypto/asn1/asn_mime.c| 4 crypto/evp/evp_pbe.c | 5 ++--- crypto/objects/obj_xref.c | 5 ++--- crypto/stack/stack.c | 21 - crypto/x509/by_dir.c | 10 +++--- crypto/x509/x509_lu.c | 11 ++- crypto/x509/x509_trs.c| 7 --- crypto/x509/x509_vpm.c| 9 - crypto/x509/x509name.c| 8 +--- crypto/x509/x_crl.c | 10 +++--- crypto/x509v3/pcy_cache.c | 10 -- crypto/x509v3/pcy_node.c | 3 --- crypto/x509v3/pcy_tree.c | 2 +- crypto/x509v3/v3_lib.c| 2 -- crypto/x509v3/v3_purp.c | 7 --- ssl/ssl_ciph.c| 5 + 18 files changed, 59 insertions(+), 74 deletions(-) diff --git a/INSTALL b/INSTALL index 98c34d6..34023dc 100644 --- a/INSTALL +++ b/INSTALL @@ -145,8 +145,8 @@ put together one-size-fits-all instructions. You might have to pass more flags or set up environment variables to actually make it work. Android and iOS cases are - discussed in corresponding Configurations/10-main.cf - sections. But there are cases when this option alone is + discussed in corresponding Configurations/15-*.conf + files. But there are cases when this option alone is sufficient. For example to build the mingw64 target on Linux "--cross-compile-prefix=x86_64-w64-mingw32-" works. Naturally provided that mingw packages are @@ -157,10 +157,12 @@ "--cross-compile-prefix=mipsel-linux-gnu-" suffices in such case. Needless to mention that you have to invoke ./Configure, not ./config, and pass your target - name explicitly. + name explicitly. Also, note that --openssldir refers + to target's file system, not one you are building on. --debug - Build OpenSSL with debugging symbols. + Build OpenSSL with debugging symbols and zero optimization + level. --libdir=DIR The name of the directory under the top of the installation diff --git a/NOTES.ANDROID b/NOTES.ANDROID index 103ed87..d13f47d 100644 --- a/NOTES.ANDROID +++ b/NOTES.ANDROID @@ -46,8 +46,8 @@ One can engage clang by adjusting PATH to cover NDK's clang. Just keep in mind that if you miss it, Configure will try to use gcc... Also, PATH would need even further adjustment to cover unprefixed, yet - target-specific, ar
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated
via f72a7ce8bc0a5c0866c6a848a7f54854d67aeba2 (commit)
from 29d8bda90ce824263317eae5354388f79844dd51 (commit)
- Log -
commit f72a7ce8bc0a5c0866c6a848a7f54854d67aeba2
Author: Richard Levitte
Date: Tue Aug 7 06:21:43 2018 +0200
Make EVP_PKEY_asn1_new() stricter with its input
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/6881)
---
Summary of changes:
CHANGES | 5 +
crypto/asn1/ameth_lib.c | 12
2 files changed, 17 insertions(+)
diff --git a/CHANGES b/CHANGES
index b8e2f86..4f24046 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,11 @@
Changes between 1.0.2o and 1.0.2p [xx XXX ]
+ *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
+ parameter is no longer accepted, as it leads to a corrupt table. NULL
+ pem_str is reserved for alias entries only.
+ [Richard Levitte]
+
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 43ddebb..8f49071 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -305,6 +305,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
} else
ameth->info = NULL;
+/*
+ * One of the following must be true:
+ *
+ * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+ * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+ *
+ * Anything else is an error and may lead to a corrupt ASN1 method table
+ */
+if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
+ || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
+goto err;
+
if (pem_str) {
ameth->pem_str = BUF_strdup(pem_str);
if (!ameth->pem_str)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 29cbeb9f0279678706dc9f5d96bcb64fc766658f (commit)
from 831a2b0637b0eb21c9c2f8cc67f4579368637077 (commit)
- Log -
commit 29cbeb9f0279678706dc9f5d96bcb64fc766658f
Author: Richard Levitte
Date: Tue Aug 7 04:55:47 2018 +0200
Make EVP_PKEY_asn1_new() stricter with its input
Reviewed-by: Matthias St. Pierre
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/6880)
(cherry picked from commit 38eca7fed09a57c1b7a05d651af2c667b3e87719)
---
Summary of changes:
CHANGES | 5 +
crypto/asn1/ameth_lib.c | 12
2 files changed, 17 insertions(+)
diff --git a/CHANGES b/CHANGES
index 277654d..13cc641 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,11 @@
Changes between 1.1.0h and 1.1.0i [xx XXX ]
+ *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
+ parameter is no longer accepted, as it leads to a corrupt table. NULL
+ pem_str is reserved for alias entries only.
+ [Richard Levitte]
+
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index b8ba067..9b0a2cc 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -255,6 +255,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
goto err;
}
+/*
+ * One of the following must be true:
+ *
+ * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+ * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+ *
+ * Anything else is an error and may lead to a corrupt ASN1 method table
+ */
+if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
+ || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
+goto err;
+
if (pem_str) {
ameth->pem_str = OPENSSL_strdup(pem_str);
if (!ameth->pem_str)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 38eca7fed09a57c1b7a05d651af2c667b3e87719 (commit)
from 3ef97bd8cbaa7cd8ac323978207606293a48ba0d (commit)
- Log -
commit 38eca7fed09a57c1b7a05d651af2c667b3e87719
Author: Richard Levitte
Date: Tue Aug 7 04:55:47 2018 +0200
Make EVP_PKEY_asn1_new() stricter with its input
Reviewed-by: Matthias St. Pierre
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/6880)
---
Summary of changes:
CHANGES | 5 +
crypto/asn1/ameth_lib.c | 12
test/asn1_internal_test.c | 20 +++-
3 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/CHANGES b/CHANGES
index 7805912..4b31ac7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,11 @@
Changes between 1.1.0h and 1.1.1 [xx XXX ]
+ *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
+ parameter is no longer accepted, as it leads to a corrupt table. NULL
+ pem_str is reserved for alias entries only.
+ [Richard Levitte]
+
*) Use the new ec_scalar_mul_ladder scaffold to implement a specialized
ladder
step for prime curves. The new implementation is based on formulae from
differential addition-and-doubling in homogeneous projective coordinates
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 9b3274b..9a16441 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -216,6 +216,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
goto err;
}
+/*
+ * One of the following must be true:
+ *
+ * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+ * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+ *
+ * Anything else is an error and may lead to a corrupt ASN1 method table
+ */
+if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
+ || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
+goto err;
+
if (pem_str) {
ameth->pem_str = OPENSSL_strdup(pem_str);
if (!ameth->pem_str)
diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
index ab4dc35..fa69dc7 100644
--- a/test/asn1_internal_test.c
+++ b/test/asn1_internal_test.c
@@ -67,6 +67,7 @@ static int test_standard_methods(void)
const EVP_PKEY_ASN1_METHOD **tmp;
int last_pkey_id = -1;
size_t i;
+int ok = 1;
for (tmp = standard_methods, i = 0; i < OSSL_NELEM(standard_methods);
i++, tmp++) {
@@ -75,11 +76,28 @@ static int test_standard_methods(void)
break;
}
last_pkey_id = (*tmp)->pkey_id;
+
+/*
+ * One of the following must be true:
+ *
+ * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+ * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+ *
+ * Anything else is an error and may lead to a corrupt ASN1 method
table
+ */
+if (!TEST_true((*tmp)->pem_str == NULL &&
+ ((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) != 0)
+&& !TEST_true((*tmp)->pem_str != NULL &&
+ ((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) == 0)) {
+TEST_note("asn1 standard methods: Index %zu, pkey ID %d, Name=%s",
+ i, (*tmp)->pkey_id, OBJ_nid2sn((*tmp)->pkey_id));
+ok = 0;
+}
}
if (TEST_int_ne(last_pkey_id, 0)) {
TEST_info("asn1 standard methods: Table order OK");
-return 1;
+return ok;
}
TEST_note("asn1 standard methods: out of order");
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.19263
Build openssl master.19263 completed Commit 6bb6d138b0 by Richard Levitte on 8/7/2018 4:06 AM: fixup! Make EVP_PKEY_asn1_new() stricter with its input Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.19262
Build openssl master.19262 failed Commit 1255a6f94b by Richard Levitte on 8/7/2018 2:55 AM: Make EVP_PKEY_asn1_new() stricter with its input Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 3ef97bd8cbaa7cd8ac323978207606293a48ba0d (commit)
from 1cde025957a598934b838b1de26ae9090659d17f (commit)
- Log -
commit 3ef97bd8cbaa7cd8ac323978207606293a48ba0d
Author: Pauli
Date: Tue Aug 7 10:23:01 2018 +1000
Relocate memcmp test.
The CRYPTO_memcmp test isn't testing the test framework.
It would seem to better belong in the sanity tests.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/6878)
---
Summary of changes:
test/sanitytest.c | 6 ++
test/test_test.c | 6 --
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/test/sanitytest.c b/test/sanitytest.c
index da74e7e..0aaf3f4 100644
--- a/test/sanitytest.c
+++ b/test/sanitytest.c
@@ -84,6 +84,11 @@ static int test_sanity_range(void)
return 1;
}
+static int test_sanity_memcmp(void)
+{
+return CRYPTO_memcmp("ab","cd",2);
+}
+
int setup_tests(void)
{
ADD_TEST(test_sanity_null_zero);
@@ -92,6 +97,7 @@ int setup_tests(void)
ADD_TEST(test_sanity_sign);
ADD_TEST(test_sanity_unsigned_conversion);
ADD_TEST(test_sanity_range);
+ADD_TEST(test_sanity_memcmp);
return 1;
}
diff --git a/test/test_test.c b/test/test_test.c
index 18b61c6..0af2eae 100644
--- a/test/test_test.c
+++ b/test/test_test.c
@@ -531,11 +531,6 @@ static int test_bn_output(int n)
return 1;
}
-static int test_memcmp(void)
-{
-return CRYPTO_memcmp("ab","cd",2);
-}
-
int setup_tests(void)
{
ADD_TEST(test_int);
@@ -557,7 +552,6 @@ int setup_tests(void)
ADD_TEST(test_messages);
ADD_TEST(test_single_eval);
ADD_TEST(test_output);
-ADD_TEST(test_memcmp);
ADD_ALL_TESTS(test_bn_output, OSSL_NELEM(bn_output_tests));
return 1;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 831a2b0637b0eb21c9c2f8cc67f4579368637077 (commit)
from f96d3c1fc65fae4193bdda464819bb1180feba5a (commit)
- Log -
commit 831a2b0637b0eb21c9c2f8cc67f4579368637077
Author: Bernd Edlinger
Date: Thu Aug 2 19:47:42 2018 +0200
Fix uninitialized value $s warning in windows static builds
Fixes: #6826
[extended tests]
Reviewed-by: Paul Dale
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/pr6849)
---
Summary of changes:
Configurations/windows-makefile.tmpl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Configurations/windows-makefile.tmpl
b/Configurations/windows-makefile.tmpl
index af11ff4..40dc41d 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -89,8 +89,8 @@ GENERATED={- join(" ",
( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
INSTALL_LIBS={- join(" ", map { quotify1($_.$libext) }
@{$unified_info{install}->{libraries}}) -}
-INSTALL_SHLIBS={- join(" ", map { quotify1(shlib($_)) }
@{$unified_info{install}->{libraries}}) -}
-INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb";
quotify1(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) }
@{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb";
quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) }
@{$unified_info{install}->{engines}}) -}
INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb";
quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(" ", map { quotify1($_.$exeext) } grep { !m|^test\\|
} @{$unified_info{install}->{programs}}) -}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 1cde025957a598934b838b1de26ae9090659d17f (commit)
from f38edcab594b4934bd9625ef889934b2dfb5d1f0 (commit)
- Log -
commit 1cde025957a598934b838b1de26ae9090659d17f
Author: Matt Caswell
Date: Fri Aug 3 12:02:35 2018 +0100
Ensure we send an alert on error when processing a ticket
In some scenarios the connection could fail without an alert being sent.
This causes a later assertion failure.
Thanks to Quarkslab for reporting this.
Reviewed-by: Andy Polyakov
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/6852)
---
Summary of changes:
ssl/statem/statem_clnt.c | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index ad79fef..e846f77 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2647,10 +2647,16 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL
*s, PACKET *pkt)
PACKET extpkt;
if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
-|| PACKET_remaining(pkt) != 0
-|| !tls_collect_extensions(s, &extpkt,
- SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
- &exts, NULL, 1)
+|| PACKET_remaining(pkt) != 0) {
+SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+ SSL_R_LENGTH_MISMATCH);
+goto err;
+}
+
+if (!tls_collect_extensions(s, &extpkt,
+SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts,
+NULL, 1)
|| !tls_parse_all_extensions(s,
SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
exts, NULL, 0, 1)) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via f38edcab594b4934bd9625ef889934b2dfb5d1f0 (commit)
from 28c5b7d482dda8597bbf93890463d7eb0f9f2355 (commit)
- Log -
commit f38edcab594b4934bd9625ef889934b2dfb5d1f0
Author: Patrick Steuer
Date: Tue Apr 3 18:24:18 2018 +0100
s390x assembly pack: add KIMD/KLMD code path for sha3/shake
Signed-off-by: Patrick Steuer
Reviewed-by: Andy Polyakov
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5935)
---
Summary of changes:
crypto/evp/build.info | 1 +
crypto/evp/m_sha3.c | 235 --
crypto/s390x_arch.h | 4 +
crypto/s390xcpuid.pl | 42 +
4 files changed, 275 insertions(+), 7 deletions(-)
diff --git a/crypto/evp/build.info b/crypto/evp/build.info
index 0305738..cc33ac3 100644
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@@ -22,3 +22,4 @@ INCLUDE[e_camellia.o]=.. ../modes
INCLUDE[e_sm4.o]=.. ../modes
INCLUDE[e_des.o]=..
INCLUDE[e_des3.o]=..
+INCLUDE[m_sha3.o]=..
diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c
index bfc65b2..729622b 100644
--- a/crypto/evp/m_sha3.c
+++ b/crypto/evp/m_sha3.c
@@ -137,7 +137,227 @@ static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int
p1, void *p2)
}
}
-#define EVP_MD_SHA3(bitlen) \
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+# define S390X_SHA3_FC(ctx) ((ctx)->pad)
+
+# define S390X_sha3_224_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \
+ S390X_CAPBIT(S390X_SHA3_224)) && \
+ (OPENSSL_s390xcap_P.klmd[0] & \
+ S390X_CAPBIT(S390X_SHA3_224)))
+# define S390X_sha3_256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \
+ S390X_CAPBIT(S390X_SHA3_256)) && \
+ (OPENSSL_s390xcap_P.klmd[0] & \
+ S390X_CAPBIT(S390X_SHA3_256)))
+# define S390X_sha3_384_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \
+ S390X_CAPBIT(S390X_SHA3_384)) && \
+ (OPENSSL_s390xcap_P.klmd[0] & \
+ S390X_CAPBIT(S390X_SHA3_384)))
+# define S390X_sha3_512_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \
+ S390X_CAPBIT(S390X_SHA3_512)) && \
+ (OPENSSL_s390xcap_P.klmd[0] & \
+ S390X_CAPBIT(S390X_SHA3_512)))
+# define S390X_shake128_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \
+ S390X_CAPBIT(S390X_SHAKE_128)) && \
+ (OPENSSL_s390xcap_P.klmd[0] & \
+ S390X_CAPBIT(S390X_SHAKE_128)))
+# define S390X_shake256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \
+ S390X_CAPBIT(S390X_SHAKE_256)) && \
+ (OPENSSL_s390xcap_P.klmd[0] & \
+ S390X_CAPBIT(S390X_SHAKE_256)))
+
+/* Convert md-size to block-size. */
+# define S390X_KECCAK1600_BSZ(n) ((KECCAK1600_WIDTH - ((n) << 1)) >> 3)
+
+static int s390x_sha3_init(EVP_MD_CTX *evp_ctx)
+{
+KECCAK1600_CTX *ctx = evp_ctx->md_data;
+const size_t bsz = evp_ctx->digest->block_size;
+
+/*-
+ * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
+ * function code.
+ */
+switch (bsz) {
+case S390X_KECCAK1600_BSZ(224):
+ctx->pad = S390X_SHA3_224;
+break;
+case S390X_KECCAK1600_BSZ(256):
+ctx->pad = S390X_SHA3_256;
+break;
+case S390X_KECCAK1600_BSZ(384):
+ctx->pad = S390X_SHA3_384;
+break;
+case S390X_KECCAK1600_BSZ(512):
+ctx->pad = S390X_SHA3_512;
+break;
+default:
+return 0;
+}
+
+memset(ctx->A, 0, sizeof(ctx->A));
+ctx->num = 0;
+ctx->block_size = bsz;
+ctx->md_size = evp_ctx->digest->md_size;
+return 1;
+}
+
+static int s390x_shake_init(EVP_MD_CTX *evp_ctx)
+{
+KECCAK1600_CTX *ctx = evp_ctx->md_data;
+const size_t bsz = evp_ctx->digest->block_size;
+
+/*-
+ * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
+ * function code.
+ */
+switch (bsz) {
+case S390X_KECCAK1600_BSZ(128):
+ctx->pad = S390X_SHAKE_128;
+break;
+case S390X_KECCAK1600_BSZ(256):
+ctx->pad = S390X_SHAKE_256;
+break;
+default:
+return 0;
+}
+
+memset(ctx->A, 0, sizeof(ctx->A));
+ctx->num = 0;
+ctx->block_size = bsz;
+ctx->md_size = evp_ctx->digest->md_size;
+return 1;
+}
+
+static int s390x_sha3_update(EV
