[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 8c6371f9f7ff7e54bc204867f809368f3a7f0e17 (commit)
from d1bfd8076e28b134f7d6a03611e60381b522c1c9 (commit)
- Log -
commit 8c6371f9f7ff7e54bc204867f809368f3a7f0e17
Author: Matt Caswell
Date: Thu Oct 18 14:45:59 2018 +0100
Don't complain and fail about unknown TLSv1.3 PSK identities in s_server
An unknown PSK identity could be because its actually a session resumption
attempt. Sessions resumptions and external PSKs are indistinguishable so
the callbacks need to fail gracefully if they don't recognise the identity.
Fixes #7433
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7434)
(cherry picked from commit 2d015189b97c60b67e10aed320230357bf6b200f)
---
Summary of changes:
apps/s_server.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 6f2a2ae..ac7dca6 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned
char *identity,
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) {
-BIO_printf(bio_s_out,
- "PSK warning: client identity not what we expected"
- " (got '%s' expected '%s')\n", identity, psk_identity);
+*sess = NULL;
+return 1;
}
if (psksess != NULL) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 2d015189b97c60b67e10aed320230357bf6b200f (commit)
from 079ef6bd534d2f708d8013cfcd8ea0d2f600c788 (commit)
- Log -
commit 2d015189b97c60b67e10aed320230357bf6b200f
Author: Matt Caswell
Date: Thu Oct 18 14:45:59 2018 +0100
Don't complain and fail about unknown TLSv1.3 PSK identities in s_server
An unknown PSK identity could be because its actually a session resumption
attempt. Sessions resumptions and external PSKs are indistinguishable so
the callbacks need to fail gracefully if they don't recognise the identity.
Fixes #7433
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7434)
---
Summary of changes:
apps/s_server.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 6f2a2ae..ac7dca6 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned
char *identity,
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) {
-BIO_printf(bio_s_out,
- "PSK warning: client identity not what we expected"
- " (got '%s' expected '%s')\n", identity, psk_identity);
+*sess = NULL;
+return 1;
}
if (psksess != NULL) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 079ef6bd534d2f708d8013cfcd8ea0d2f600c788 (commit)
via 2fc4c77c3f06443f4c476f6f58d83e5e108d1dce (commit)
from edcd29efd32c51f298ad5ab438e2d4cc5411e9a9 (commit)
- Log -
commit 079ef6bd534d2f708d8013cfcd8ea0d2f600c788
Author: Matt Caswell
Date: Tue Oct 9 10:22:06 2018 +0100
Buffer a ClientHello with a cookie received via DTLSv1_listen
Previously when a ClientHello arrives with a valid cookie using
DTLSv1_listen() we only "peeked" at the message and left it on the
underlying fd. This works fine for single threaded applications but for
multi-threaded apps this does not work since the fd is typically reused for
the server thread, while a new fd is created and connected for the client.
By "peeking" we leave the message on the server fd, and consequently we
think we've received another valid ClientHello and so we create yet another
fd for the client, and so on until we run out of fds.
In this new approach we remove the ClientHello and buffer it in the SSL
object.
Fixes #6934
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/7375)
commit 2fc4c77c3f06443f4c476f6f58d83e5e108d1dce
Author: Matt Caswell
Date: Mon Oct 8 15:46:51 2018 +0100
Use the read and write buffers in DTLSv1_listen()
Rather than using init_buf we use the record layer read and write buffers
in DTLSv1_listen(). These seem more appropriate anyway and will help with
the next commit.
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/7375)
---
Summary of changes:
ssl/d1_lib.c | 91 +++-
ssl/record/record.h | 4 +++
ssl/record/record_locl.h | 2 --
ssl/record/ssl3_record.c | 25 +
4 files changed, 65 insertions(+), 57 deletions(-)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index f808512..7a7a4be 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -445,15 +445,14 @@ static void get_current_time(struct timeval *t)
#ifndef OPENSSL_NO_SOCK
int DTLSv1_listen(SSL *s, BIO_ADDR *client)
{
-int next, n, ret = 0, clearpkt = 0;
+int next, n, ret = 0;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char seq[SEQ_NUM_SIZE];
const unsigned char *data;
-unsigned char *buf;
-size_t fragoff, fraglen, msglen;
+unsigned char *buf, *wbuf;
+size_t fragoff, fraglen, msglen, reclen, align = 0;
unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
BIO *rbio, *wbio;
-BUF_MEM *bufm;
BIO_ADDR *tmpclient = NULL;
PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
@@ -477,13 +476,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
}
/*
- * We only peek at incoming ClientHello's until we're sure we are going to
- * to respond with a HelloVerifyRequest. If its a ClientHello with a valid
- * cookie then we leave it in the BIO for accept to handle.
- */
-BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
-
-/*
* Note: This check deliberately excludes DTLS1_BAD_VER because that
version
* requires the MAC to be calculated *including* the first ClientHello
* (without the cookie). Since DTLSv1_listen is stateless that cannot be
@@ -495,35 +487,32 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
return -1;
}
-if (s->init_buf == NULL) {
-if ((bufm = BUF_MEM_new()) == NULL) {
-SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
-return -1;
-}
-
-if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
-BUF_MEM_free(bufm);
-SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
-return -1;
-}
-s->init_buf = bufm;
+if (!ssl3_setup_buffers(s)) {
+/* SSLerr already called */
+return -1;
}
-buf = (unsigned char *)s->init_buf->data;
+buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
+#if defined(SSL3_ALIGN_PAYLOAD)
+# if SSL3_ALIGN_PAYLOAD != 0
+/*
+ * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for
+ * consistency with ssl3_read_n. In practice it should make no difference
+ * for sensible values of SSL3_ALIGN_PAYLOAD because the difference between
+ * SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8
+ */
+align = (size_t)buf + SSL3_RT_HEADER_LENGTH;
+align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+# endif
+#endif
+buf += align;
do {
/* Get a packet */
clear_sys_error();
-/*
- * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
- * + DTLS1_RT_HEADER_LENGTH bytes long. Norma
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via d1bfd8076e28b134f7d6a03611e60381b522c1c9 (commit)
via 585e691948ec71433f8f7f24799b18e62fe07bd3 (commit)
from 6c529877cda2f52d352fa4eec1d85786bd4c2d8d (commit)
- Log -
commit d1bfd8076e28b134f7d6a03611e60381b522c1c9
Author: Matt Caswell
Date: Tue Oct 9 10:22:06 2018 +0100
Buffer a ClientHello with a cookie received via DTLSv1_listen
Previously when a ClientHello arrives with a valid cookie using
DTLSv1_listen() we only "peeked" at the message and left it on the
underlying fd. This works fine for single threaded applications but for
multi-threaded apps this does not work since the fd is typically reused for
the server thread, while a new fd is created and connected for the client.
By "peeking" we leave the message on the server fd, and consequently we
think we've received another valid ClientHello and so we create yet another
fd for the client, and so on until we run out of fds.
In this new approach we remove the ClientHello and buffer it in the SSL
object.
Fixes #6934
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/7375)
(cherry picked from commit 079ef6bd534d2f708d8013cfcd8ea0d2f600c788)
commit 585e691948ec71433f8f7f24799b18e62fe07bd3
Author: Matt Caswell
Date: Mon Oct 8 15:46:51 2018 +0100
Use the read and write buffers in DTLSv1_listen()
Rather than using init_buf we use the record layer read and write buffers
in DTLSv1_listen(). These seem more appropriate anyway and will help with
the next commit.
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/7375)
(cherry picked from commit 2fc4c77c3f06443f4c476f6f58d83e5e108d1dce)
---
Summary of changes:
ssl/d1_lib.c | 91 +++-
ssl/record/record.h | 4 +++
ssl/record/record_locl.h | 2 --
ssl/record/ssl3_record.c | 25 +
4 files changed, 65 insertions(+), 57 deletions(-)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index f808512..7a7a4be 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -445,15 +445,14 @@ static void get_current_time(struct timeval *t)
#ifndef OPENSSL_NO_SOCK
int DTLSv1_listen(SSL *s, BIO_ADDR *client)
{
-int next, n, ret = 0, clearpkt = 0;
+int next, n, ret = 0;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char seq[SEQ_NUM_SIZE];
const unsigned char *data;
-unsigned char *buf;
-size_t fragoff, fraglen, msglen;
+unsigned char *buf, *wbuf;
+size_t fragoff, fraglen, msglen, reclen, align = 0;
unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
BIO *rbio, *wbio;
-BUF_MEM *bufm;
BIO_ADDR *tmpclient = NULL;
PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
@@ -477,13 +476,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
}
/*
- * We only peek at incoming ClientHello's until we're sure we are going to
- * to respond with a HelloVerifyRequest. If its a ClientHello with a valid
- * cookie then we leave it in the BIO for accept to handle.
- */
-BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
-
-/*
* Note: This check deliberately excludes DTLS1_BAD_VER because that
version
* requires the MAC to be calculated *including* the first ClientHello
* (without the cookie). Since DTLSv1_listen is stateless that cannot be
@@ -495,35 +487,32 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
return -1;
}
-if (s->init_buf == NULL) {
-if ((bufm = BUF_MEM_new()) == NULL) {
-SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
-return -1;
-}
-
-if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
-BUF_MEM_free(bufm);
-SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
-return -1;
-}
-s->init_buf = bufm;
+if (!ssl3_setup_buffers(s)) {
+/* SSLerr already called */
+return -1;
}
-buf = (unsigned char *)s->init_buf->data;
+buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
+#if defined(SSL3_ALIGN_PAYLOAD)
+# if SSL3_ALIGN_PAYLOAD != 0
+/*
+ * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for
+ * consistency with ssl3_read_n. In practice it should make no difference
+ * for sensible values of SSL3_ALIGN_PAYLOAD because the difference between
+ * SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8
+ */
+align = (size_t)buf + SSL3_RT_HEADER_LENGTH;
+align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+# endif
+#endif
+buf += align;
do {
/* Get a packet *
[openssl-commits] [openssl] master update
The branch master has been updated
via edcd29efd32c51f298ad5ab438e2d4cc5411e9a9 (commit)
via 01666a8c1db3ecfb999e1a8f2c5436d114f95681 (commit)
from 9986bfefa420f0db920768453bef0b40507db595 (commit)
- Log -
commit edcd29efd32c51f298ad5ab438e2d4cc5411e9a9
Author: Matt Caswell
Date: Thu Oct 18 10:12:20 2018 +0100
Test DTLS cookie generation and verification
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7431)
commit 01666a8c1db3ecfb999e1a8f2c5436d114f95681
Author: Matt Caswell
Date: Thu Oct 18 10:12:07 2018 +0100
Fix a DTLS memory leak
Fixes #7428
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7431)
---
Summary of changes:
ssl/statem/statem_srvr.c | 4 +++-
test/dtlstest.c | 51
2 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ac5fd09..7d0e9d0 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1519,8 +1519,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s,
PACKET *pkt)
* So check cookie length...
*/
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
-if (clienthello->dtls_cookie_len == 0)
+if (clienthello->dtls_cookie_len == 0) {
+OPENSSL_free(clienthello);
return MSG_PROCESS_FINISHED_READING;
+}
}
}
diff --git a/test/dtlstest.c b/test/dtlstest.c
index c41aac8..5afd7e9 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
+#include
#include
#include
#include
@@ -240,6 +241,55 @@ static int test_dtls_drop_records(int idx)
return testresult;
}
+static const char dummy_cookie[] = "0123456";
+
+static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len)
+{
+memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
+*cookie_len = sizeof(dummy_cookie);
+return 1;
+}
+
+static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
+unsigned int cookie_len)
+{
+return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
+}
+
+static int test_cookie(void)
+{
+SSL_CTX *sctx = NULL, *cctx = NULL;
+SSL *serverssl = NULL, *clientssl = NULL;
+int testresult = 0;
+
+if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
+ DTLS_client_method(),
+ DTLS1_VERSION, DTLS_MAX_VERSION,
+ &sctx, &cctx, cert, privkey)))
+return 0;
+
+SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
+SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
+SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
+
+if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+|| !TEST_true(create_ssl_connection(serverssl, clientssl,
+SSL_ERROR_NONE)))
+goto end;
+
+testresult = 1;
+ end:
+SSL_free(serverssl);
+SSL_free(clientssl);
+SSL_CTX_free(sctx);
+SSL_CTX_free(cctx);
+
+return testresult;
+}
+
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
@@ -248,6 +298,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
+ADD_TEST(test_cookie);
return 1;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 6c529877cda2f52d352fa4eec1d85786bd4c2d8d (commit)
via a6a83827a0e3a0f793783cef882bd790342d76aa (commit)
from a66c361a773e697b5c6bb805ae37d2c4c8d32cb1 (commit)
- Log -
commit 6c529877cda2f52d352fa4eec1d85786bd4c2d8d
Author: Matt Caswell
Date: Thu Oct 18 10:12:20 2018 +0100
Test DTLS cookie generation and verification
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7431)
(cherry picked from commit edcd29efd32c51f298ad5ab438e2d4cc5411e9a9)
commit a6a83827a0e3a0f793783cef882bd790342d76aa
Author: Matt Caswell
Date: Thu Oct 18 10:12:07 2018 +0100
Fix a DTLS memory leak
Fixes #7428
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7431)
(cherry picked from commit 01666a8c1db3ecfb999e1a8f2c5436d114f95681)
---
Summary of changes:
ssl/statem/statem_srvr.c | 4 +++-
test/dtlstest.c | 51
2 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ac5fd09..7d0e9d0 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1519,8 +1519,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s,
PACKET *pkt)
* So check cookie length...
*/
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
-if (clienthello->dtls_cookie_len == 0)
+if (clienthello->dtls_cookie_len == 0) {
+OPENSSL_free(clienthello);
return MSG_PROCESS_FINISHED_READING;
+}
}
}
diff --git a/test/dtlstest.c b/test/dtlstest.c
index c41aac8..5afd7e9 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
+#include
#include
#include
#include
@@ -240,6 +241,55 @@ static int test_dtls_drop_records(int idx)
return testresult;
}
+static const char dummy_cookie[] = "0123456";
+
+static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len)
+{
+memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
+*cookie_len = sizeof(dummy_cookie);
+return 1;
+}
+
+static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
+unsigned int cookie_len)
+{
+return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
+}
+
+static int test_cookie(void)
+{
+SSL_CTX *sctx = NULL, *cctx = NULL;
+SSL *serverssl = NULL, *clientssl = NULL;
+int testresult = 0;
+
+if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
+ DTLS_client_method(),
+ DTLS1_VERSION, DTLS_MAX_VERSION,
+ &sctx, &cctx, cert, privkey)))
+return 0;
+
+SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
+SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
+SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
+
+if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+|| !TEST_true(create_ssl_connection(serverssl, clientssl,
+SSL_ERROR_NONE)))
+goto end;
+
+testresult = 1;
+ end:
+SSL_free(serverssl);
+SSL_free(clientssl);
+SSL_CTX_free(sctx);
+SSL_CTX_free(cctx);
+
+return testresult;
+}
+
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
@@ -248,6 +298,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
+ADD_TEST(test_cookie);
return 1;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 9986bfefa420f0db920768453bef0b40507db595 (commit)
from 03ad7c009e16a233c733098db3169c560142ccd3 (commit)
- Log -
commit 9986bfefa420f0db920768453bef0b40507db595
Author: Andy Polyakov
Date: Sat Sep 22 14:39:51 2018 +0200
sha/asm/keccak1600-armv8.pl: halve the size of hw-assisted subroutine.
Yes, it's second halving, i.e. it's now 1/4 of original size, or more
specifically inner loop. The challenge with Keccak is that you need
more temporary registers than there are available. By reversing the
order in which columns are assigned in Chi, it's possible to use
three of A[][] registers as temporary prior their assigment.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7294)
---
Summary of changes:
crypto/sha/asm/keccak1600-armv8.pl | 146 ++---
1 file changed, 69 insertions(+), 77 deletions(-)
diff --git a/crypto/sha/asm/keccak1600-armv8.pl
b/crypto/sha/asm/keccak1600-armv8.pl
index 704ab4a..e4e94bc 100755
--- a/crypto/sha/asm/keccak1600-armv8.pl
+++ b/crypto/sha/asm/keccak1600-armv8.pl
@@ -533,30 +533,28 @@ my @A = map([ "v".$_.".16b", "v".($_+1).".16b",
"v".($_+2).".16b",
(0, 5, 10, 15, 20));
my @C = map("v$_.16b", (25..31));
+my @D = @C[4,5,6,2,3];
$code.=<<___;
.type KeccakF1600_ce,%function
.align 5
KeccakF1600_ce:
- mov x9,#12
+ mov x9,#24
adr x10,iotas
b .Loop_ce
.align 4
.Loop_ce:
-___
-for($i=0; $i<2; $i++) {
-$code.=<<___;
// Theta
- eor3$C[0],$A[0][0],$A[1][0],$A[2][0]
- eor3$C[1],$A[0][1],$A[1][1],$A[2][1]
- eor3$C[2],$A[0][2],$A[1][2],$A[2][2]
- eor3$C[3],$A[0][3],$A[1][3],$A[2][3]
- eor3$C[4],$A[0][4],$A[1][4],$A[2][4]
- eor3$C[0],$C[0], $A[3][0],$A[4][0]
- eor3$C[1],$C[1], $A[3][1],$A[4][1]
- eor3$C[2],$C[2], $A[3][2],$A[4][2]
- eor3$C[3],$C[3], $A[3][3],$A[4][3]
- eor3$C[4],$C[4], $A[3][4],$A[4][4]
+ eor3$C[0],$A[4][0],$A[3][0],$A[2][0]
+ eor3$C[1],$A[4][1],$A[3][1],$A[2][1]
+ eor3$C[2],$A[4][2],$A[3][2],$A[2][2]
+ eor3$C[3],$A[4][3],$A[3][3],$A[2][3]
+ eor3$C[4],$A[4][4],$A[3][4],$A[2][4]
+ eor3$C[0],$C[0], $A[1][0],$A[0][0]
+ eor3$C[1],$C[1], $A[1][1],$A[0][1]
+ eor3$C[2],$C[2], $A[1][2],$A[0][2]
+ eor3$C[3],$C[3], $A[1][3],$A[0][3]
+ eor3$C[4],$C[4], $A[1][4],$A[0][4]
rax1$C[5],$C[0],$C[2] // D[1]
rax1$C[6],$C[1],$C[3] // D[2]
@@ -565,81 +563,75 @@ $code.=<<___;
rax1$C[4],$C[4],$C[1] // D[0]
// Theta+Rho+Pi
- xar $C[0], $A[1][1],$C[5],#64-$rhotates[1][1] // C[0]=A[0][1]
- xar $A[1][1],$A[1][4],$C[3],#64-$rhotates[1][4]
- xar $A[1][4],$A[4][2],$C[6],#64-$rhotates[4][2]
- xar $A[4][2],$A[2][4],$C[3],#64-$rhotates[2][4]
- xar $A[2][4],$A[4][0],$C[4],#64-$rhotates[4][0]
+ xar $C[0], $A[0][1],$D[1],#64-$rhotates[0][1] // C[0]=A[2][0]
- xar $A[4][0],$A[0][2],$C[6],#64-$rhotates[0][2]
+ xar $A[0][1],$A[1][1],$D[1],#64-$rhotates[1][1]
+ xar $A[1][1],$A[1][4],$D[4],#64-$rhotates[1][4]
+ xar $A[1][4],$A[4][2],$D[2],#64-$rhotates[4][2]
+ xar $A[4][2],$A[2][4],$D[4],#64-$rhotates[2][4]
+ xar $A[2][4],$A[4][0],$D[0],#64-$rhotates[4][0]
- xar $A[0][2],$A[2][2],$C[6],#64-$rhotates[2][2]
- xar $A[2][2],$A[2][3],$C[2],#64-$rhotates[2][3]
- xar $A[2][3],$A[3][4],$C[3],#64-$rhotates[3][4]
- xar $A[3][4],$A[4][3],$C[2],#64-$rhotates[4][3]
- xar $A[4][3],$A[3][0],$C[4],#64-$rhotates[3][0]
+ xar $C[1], $A[0][2],$D[2],#64-$rhotates[0][2] // C[1]=A[4][0]
- xar $A[3][0],$A[0][4],$C[3],#64-$rhotates[0][4]
+ xar $A[0][2],$A[2][2],$D[2],#64-$rhotates[2][2]
+ xar $A[2][2],$A[2][3],$D[3],#64-$rhotates[2][3]
+ xar $A[2][3],$A[3][4],$D[4],#64-$rhotates[3][4]
+ xar $A[3][4],$A[4][3],$D[3],#64-$rhotates[4][3]
+ xar $A[4][3],$A[3][0],$D[0],#64-$rhotates[3][0]
- eor $A[0][0],$A[0][0],$C[4]
- ldr x11,[x10],#8
+ xar $A[3][0],$A[0][4],$D[4],#64-$rhotates[0][4]
- xar $C[1], $A[3][3],$C[2],#64-$rhotates[3][3] // C[1]=A[0][3]
- xar $A[3][3],$A[3][2],$C[6],#64-$rhotates[3][2]
- xar $A[3][2],$A[2][1],$C[5],#64-$rhotates[2][1]
- xar $A[2][1],$A[1][2],$C[6],#64-$rhotates[1][2]
- xar $A[1][2],$A[2][0
[openssl-commits] [openssl] master update
The branch master has been updated
via 03ad7c009e16a233c733098db3169c560142ccd3 (commit)
from 9d71a24ebf57e7157888af1ca587eafe914bf96f (commit)
- Log -
commit 03ad7c009e16a233c733098db3169c560142ccd3
Author: Andy Polyakov
Date: Sun Oct 14 15:19:41 2018 +0200
Configurations/15-android.conf: add support for "standalone toolchain".
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7400)
---
Summary of changes:
Configurations/15-android.conf | 41 +++--
NOTES.ANDROID | 18 +-
2 files changed, 44 insertions(+), 15 deletions(-)
diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf
index d3b428b..a6b0d7a 100644
--- a/Configurations/15-android.conf
+++ b/Configurations/15-android.conf
@@ -24,7 +24,12 @@
my $ndk = $ENV{ANDROID_NDK};
die "\$ANDROID_NDK is not defined" if (!$ndk);
-die "\$ANDROID_NDK=$ndk is invalid" if (!-d "$ndk/platforms");
+if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
+# $ndk/platforms is traditional "all-inclusive" NDK, while
+# $ndk/AndroidVersion.txt is so-called standalone toolchain
+# tailored for specific target down to API level.
+die "\$ANDROID_NDK=$ndk is invalid";
+}
$ndk = canonpath($ndk);
my $ndkver = undef;
@@ -40,10 +45,18 @@
close $fh;
}
-my $sysroot;
+my ($sysroot, $api, $arch);
+
+$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
+$arch = $1;
-if (!($sysroot = $ENV{CROSS_SYSROOT})) {
-my $api = "*";
+if ($sysroot = $ENV{CROSS_SYSROOT}) {
+$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
+($api, $arch) = ($1, $2);
+} elsif (-f "$ndk/AndroidVersion.txt") {
+$sysroot = "$ndk/sysroot";
+} else {
+$api = "*";
# see if user passed -D__ANDROID_API__=N
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
@@ -59,19 +72,15 @@
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
-$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
-$sysroot = "@platforms[$#platforms]/arch-$1";
+$sysroot = "@platforms[$#platforms]/arch-$arch";
}
die "no sysroot=$sysroot" if (!-d $sysroot);
-$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
-my ($api, $arch) = ($1, $2);
-
my $triarch = $triplet{$arch};
my $cflags;
my $cppflags;
-# see if there is NDK clang on $PATH
+# see if there is NDK clang on $PATH, "universal" or "standalone"
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
my $host=$1;
# harmonize with gcc default
@@ -83,6 +92,18 @@
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
$user{CROSS_COMPILE} = undef;
+} elsif (-f "$ndk/AndroidVersion.txt") {#"standalone toolchain"
+my $cc = $user{CC} // "clang";
+# One can probably argue that both clang and gcc should be
+# probed, but support for "standalone toolchain" was added
+# *after* announcement that gcc is being phased out, so
+# favouring clang is considered adequate. Those who insist
+# have option to enforce test for gcc with CC=gcc.
+if (which("$triarch-$cc") !~ m|^$ndk|) {
+die "no NDK $triarch-$cc on \$PATH";
+}
+$user{CC} = $cc;
+$user{CROSS_COMPILE} = "$triarch-";
} elsif ($user{CC} eq "clang") {
die "no NDK clang on \$PATH";
} else {
diff --git a/NOTES.ANDROID b/NOTES.ANDROID
index d13f47d..bbbd8e4 100644
--- a/NOTES.ANDROID
+++ b/NOTES.ANDROID
@@ -24,16 +24,18 @@
in order to invoke $(CROSS_COMPILE)gcc and company. (Configure will fail
and give you a hint if you get it wrong.) Apart from PATH adjustment
you need to set ANDROID_NDK environment to point at NDK directory
- as /some/where/android-ndk-. NDK customarily supports multiple
+ as /some/where/android-ndk-. Both variables are significant at both
+ configuration and compilation times. NDK customarily supports multiple
Android API levels, e.g. android-14, android-21, etc. By default latest
one available is chosen. If yo
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via a66c361a773e697b5c6bb805ae37d2c4c8d32cb1 (commit)
from fc762e7d5c21b534af967f4308b2b9597fe76d7f (commit)
- Log -
commit a66c361a773e697b5c6bb805ae37d2c4c8d32cb1
Author: Andy Polyakov
Date: Sun Oct 14 15:19:41 2018 +0200
Configurations/15-android.conf: add support for "standalone toolchain".
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7400)
(cherry picked from commit 03ad7c009e16a233c733098db3169c560142ccd3)
---
Summary of changes:
Configurations/15-android.conf | 41 +++--
NOTES.ANDROID | 18 +-
2 files changed, 44 insertions(+), 15 deletions(-)
diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf
index d3b428b..a6b0d7a 100644
--- a/Configurations/15-android.conf
+++ b/Configurations/15-android.conf
@@ -24,7 +24,12 @@
my $ndk = $ENV{ANDROID_NDK};
die "\$ANDROID_NDK is not defined" if (!$ndk);
-die "\$ANDROID_NDK=$ndk is invalid" if (!-d "$ndk/platforms");
+if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
+# $ndk/platforms is traditional "all-inclusive" NDK, while
+# $ndk/AndroidVersion.txt is so-called standalone toolchain
+# tailored for specific target down to API level.
+die "\$ANDROID_NDK=$ndk is invalid";
+}
$ndk = canonpath($ndk);
my $ndkver = undef;
@@ -40,10 +45,18 @@
close $fh;
}
-my $sysroot;
+my ($sysroot, $api, $arch);
+
+$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
+$arch = $1;
-if (!($sysroot = $ENV{CROSS_SYSROOT})) {
-my $api = "*";
+if ($sysroot = $ENV{CROSS_SYSROOT}) {
+$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
+($api, $arch) = ($1, $2);
+} elsif (-f "$ndk/AndroidVersion.txt") {
+$sysroot = "$ndk/sysroot";
+} else {
+$api = "*";
# see if user passed -D__ANDROID_API__=N
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
@@ -59,19 +72,15 @@
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
-$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
-$sysroot = "@platforms[$#platforms]/arch-$1";
+$sysroot = "@platforms[$#platforms]/arch-$arch";
}
die "no sysroot=$sysroot" if (!-d $sysroot);
-$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
-my ($api, $arch) = ($1, $2);
-
my $triarch = $triplet{$arch};
my $cflags;
my $cppflags;
-# see if there is NDK clang on $PATH
+# see if there is NDK clang on $PATH, "universal" or "standalone"
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
my $host=$1;
# harmonize with gcc default
@@ -83,6 +92,18 @@
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
$user{CROSS_COMPILE} = undef;
+} elsif (-f "$ndk/AndroidVersion.txt") {#"standalone toolchain"
+my $cc = $user{CC} // "clang";
+# One can probably argue that both clang and gcc should be
+# probed, but support for "standalone toolchain" was added
+# *after* announcement that gcc is being phased out, so
+# favouring clang is considered adequate. Those who insist
+# have option to enforce test for gcc with CC=gcc.
+if (which("$triarch-$cc") !~ m|^$ndk|) {
+die "no NDK $triarch-$cc on \$PATH";
+}
+$user{CC} = $cc;
+$user{CROSS_COMPILE} = "$triarch-";
} elsif ($user{CC} eq "clang") {
die "no NDK clang on \$PATH";
} else {
diff --git a/NOTES.ANDROID b/NOTES.ANDROID
index d13f47d..bbbd8e4 100644
--- a/NOTES.ANDROID
+++ b/NOTES.ANDROID
@@ -24,16 +24,18 @@
in order to invoke $(CROSS_COMPILE)gcc and company. (Configure will fail
and give you a hint if you get it wrong.) Apart from PATH adjustment
you need to set ANDROID_NDK environment to point at NDK directory
- as /some/where/android-ndk-. NDK customarily supports multiple
+ as /some/where/android-ndk-. Both variables are significant at both
+ configuration and compilation times. NDK customarily supports multiple
Android API l
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via f2828a14fbe2ce56b5090f45b2a9a6e749d33b22 (commit)
from d46f9173bbd62ffa7ae0b20bf05c600e14722cc6 (commit)
- Log -
commit f2828a14fbe2ce56b5090f45b2a9a6e749d33b22
Author: Andy Polyakov
Date: Wed Oct 17 10:09:33 2018 +0200
arch/async_posix.h: improve portability.
{make|swap|get|set}context are removed in POSIX.1-2008, but glibc
apparently keeps providing it.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7420)
(cherry picked from commit 9d71a24ebf57e7157888af1ca587eafe914bf96f)
---
Summary of changes:
crypto/async/arch/async_posix.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h
index 76937a9..939b4ab 100644
--- a/crypto/async/arch/async_posix.h
+++ b/crypto/async/arch/async_posix.h
@@ -17,7 +17,8 @@
# include
-# if _POSIX_VERSION >= 200112L
+# if _POSIX_VERSION >= 200112L \
+ && (_POSIX_VERSION < 200809L || defined(__GLIBC__))
# include
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via fc762e7d5c21b534af967f4308b2b9597fe76d7f (commit)
from aa519853be79ae92e6aa8ec34de5d1803d721b00 (commit)
- Log -
commit fc762e7d5c21b534af967f4308b2b9597fe76d7f
Author: Andy Polyakov
Date: Wed Oct 17 10:09:33 2018 +0200
arch/async_posix.h: improve portability.
{make|swap|get|set}context are removed in POSIX.1-2008, but glibc
apparently keeps providing it.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7420)
(cherry picked from commit 9d71a24ebf57e7157888af1ca587eafe914bf96f)
---
Summary of changes:
crypto/async/arch/async_posix.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h
index b07c2cb..62449fe 100644
--- a/crypto/async/arch/async_posix.h
+++ b/crypto/async/arch/async_posix.h
@@ -17,7 +17,8 @@
# include
-# if _POSIX_VERSION >= 200112L
+# if _POSIX_VERSION >= 200112L \
+ && (_POSIX_VERSION < 200809L || defined(__GLIBC__))
# include
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 9d71a24ebf57e7157888af1ca587eafe914bf96f (commit)
from cb8164b05e3bad5586c2a109bbdbab1ad65a1a6f (commit)
- Log -
commit 9d71a24ebf57e7157888af1ca587eafe914bf96f
Author: Andy Polyakov
Date: Wed Oct 17 10:09:33 2018 +0200
arch/async_posix.h: improve portability.
{make|swap|get|set}context are removed in POSIX.1-2008, but glibc
apparently keeps providing it.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7420)
---
Summary of changes:
crypto/async/arch/async_posix.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h
index b07c2cb..62449fe 100644
--- a/crypto/async/arch/async_posix.h
+++ b/crypto/async/arch/async_posix.h
@@ -17,7 +17,8 @@
# include
-# if _POSIX_VERSION >= 200112L
+# if _POSIX_VERSION >= 200112L \
+ && (_POSIX_VERSION < 200809L || defined(__GLIBC__))
# include
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
