[openssl-commits] [openssl] master update

Andy Polyakov appro at openssl.org
Tue Mar 13 18:32:30 UTC 2018


The branch master has been updated
       via  ebea0f3014c5f19573afc7a8746278b557e5a1f5 (commit)
       via  b3e02d06ba802aaa137b5f5000b02c504b72cdcb (commit)
       via  7747a49f2452dfab8880ff60451073ae8506c90e (commit)
      from  249b4e28a6c91074f2fe276a2b2b40eb6f9639a9 (commit)


- Log -----------------------------------------------------------------
commit ebea0f3014c5f19573afc7a8746278b557e5a1f5
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Mar 11 19:08:56 2018 +0100

    Configurations/*.conf: overhaul Android targets.
    
    Move Android targets to separate file, automate sysroot setup and
    add support for NDK 16.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5589)

commit b3e02d06ba802aaa137b5f5000b02c504b72cdcb
Author: Andy Polyakov <appro at openssl.org>
Date:   Mon Mar 12 10:46:23 2018 +0100

    ec/curve25519.c: resolve regression with Android NDK's arm64 gcc.
    
    Unlike "upstream", Android NDK's arm64 gcc [but not clang] performs
    64x64=128-bit multiplications with library calls, which appears to
    have devastating impact on performance. [The condition is reduced to
    __ANDROID__ [&& !__clang__], because x86_64 has corresponding
    assembly module.]
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5589)

commit 7747a49f2452dfab8880ff60451073ae8506c90e
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Mar 11 18:47:44 2018 +0100

    store/loader_file.c: rename variables causing conflicts with Android NDK.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5589)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/10-main.conf    |  93 ------------------
 Configurations/15-android.conf | 214 +++++++++++++++++++++++++++++++++++++++++
 crypto/ec/curve25519.c         |   3 +-
 crypto/store/loader_file.c     |  30 +++---
 4 files changed, 231 insertions(+), 109 deletions(-)
 create mode 100644 Configurations/15-android.conf

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 0407a812..1ba7cb8 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -940,99 +940,6 @@ my %targets = (
         ranlib           => "true",
     },
 
-#### Android: linux-* but without pointers to headers and libs.
-    #
-    # It takes pair of prior-set environment variables to make it work:
-    #
-    # CROSS_SYSROOT=/some/where/android-ndk-<ver>/platforms/android-<apiver>/arch-<arch>
-    # CROSS_COMPILE=<prefix>
-    #
-    # As well as PATH adjusted to cover ${CROSS_COMPILE}gcc and company.
-    # For example to compile for ICS and ARM with NDK 10d, you'd:
-    #
-    # ANDROID_NDK=/some/where/android-ndk-10d
-    # CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm
-    # CROSS_COMPILE=arm-linux-androideabi-
-    # PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin
-    #
-    "android" => {
-        inherit_from     => [ "linux-generic32" ],
-        # Special note about unconditional -fPIC and -pie. The underlying
-        # reason is that Lollipop refuses to run non-PIE. But what about
-        # older systems and NDKs? -fPIC was never problem, so the only
-        # concern is -pie. Older toolchains, e.g. r4, appear to handle it
-        # and binaries turn mostly functional. "Mostly" means that oldest
-        # Androids, such as Froyo, fail to handle executable, but newer
-        # systems are perfectly capable of executing binaries targeting
-        # Froyo. Keep in mind that in the nutshell Android builds are
-        # about JNI, i.e. shared libraries, not applications.
-        cflags           => add("-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack"),
-        cxxflags         => add("-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack"),
-        bin_cflags       => "-pie",
-    },
-    "android-x86" => {
-        inherit_from     => [ "android", asm("x86_asm") ],
-        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
-        bn_ops           => "BN_LLONG",
-        perlasm_scheme   => "android",
-    },
-    ################################################################
-    # Contemporary Android applications can provide multiple JNI
-    # providers in .apk, targeting multiple architectures. Among
-    # them there is "place" for two ARM flavours: generic eabi and
-    # armv7-a/hard-float. However, it should be noted that OpenSSL's
-    # ability to engage NEON is not constrained by ABI choice, nor
-    # is your ability to call OpenSSL from your application code
-    # compiled with floating-point ABI other than default 'soft'.
-    # [Latter thanks to __attribute__((pcs("aapcs"))) declaration.]
-    # This means that choice of ARM libraries you provide in .apk
-    # is driven by application needs. For example if application
-    # itself benefits from NEON or is floating-point intensive, then
-    # it might be appropriate to provide both libraries. Otherwise
-    # just generic eabi would do. But in latter case it would be
-    # appropriate to
-    #
-    #   ./Configure android-armeabi -D__ARM_MAX_ARCH__=8
-    #
-    # in order to build "universal" binary and allow OpenSSL take
-    # advantage of NEON when it's available.
-    #
-    "android-armeabi" => {
-        inherit_from     => [ "android", asm("armv4_asm") ],
-    },
-    "android-mips" => {
-        inherit_from     => [ "android", asm("mips32_asm") ],
-        perlasm_scheme   => "o32",
-    },
-
-    "android64" => {
-        inherit_from     => [ "linux-generic64" ],
-        cflags           => add("-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack"),
-        cxxflags         => add("-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack"),
-        bin_cflags       => "-pie",
-    },
-    "android64-aarch64" => {
-        inherit_from     => [ "android64", asm("aarch64_asm") ],
-        perlasm_scheme   => "linux64",
-    },
-    "android64-x86_64" => {
-        inherit_from     => [ "android64", asm("x86_64_asm") ],
-        perlasm_scheme   => "elf",
-    },
-    "android64-mips64" => {
-        ############################################################
-        # You are more than likely have to specify target processor
-        # on ./Configure command line. Trouble is that toolchain's
-        # default is MIPS64r6 (at least in r10d), but there are no
-        # such processors around (or they are too rare to spot one).
-        # Actual problem is that MIPS64r6 is binary incompatible
-        # with previous MIPS ISA versions, in sense that unlike
-        # prior versions original MIPS binary code will fail.
-        #
-        inherit_from     => [ "android64", asm("mips64_asm") ],
-        perlasm_scheme   => "64",
-    },
-
 #### *BSD
     "BSD-generic32" => {
         # As for thread cflag. Idea is to maintain "collective" set of
diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf
new file mode 100644
index 0000000..b524858
--- /dev/null
+++ b/Configurations/15-android.conf
@@ -0,0 +1,214 @@
+#### Android...
+#
+# It takes *one* prior-set environment variable to make it work:
+#
+# ANDROID_NDK=/some/where/android-ndk-<ver>
+#
+# As well as PATH *adjusted* to cover ${CROSS_COMPILE}gcc and company.
+#
+# Note that it's different from original instructions that required to
+# set CROSS_SYSROOT [to $ANDROID_NDK/platforms/android-<api>/arch-<arch>]
+# and CROSS_COMPILE. CROSS_SYSROOT is still recognized [and even required
+# for some legacy targets], but if not set, it's detected and set to the
+# latest Android platform available with appointed NDK automatically. If
+# you need to target older platform, pass additional -D__ANDROID_API__=N
+# to Configure. For example, to compile for ICS on ARM with NDK 10d:
+#
+# ANDROID_NDK=/some/where/android-ndk-10d
+# PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin:$PATH
+# [..]./Configure android-arm -D__ANDROID_API__=14
+#
+# One can engage clang by passing CC=clang to Configure. In such case
+# PATH needs even more adjustments to cover NDK's clang itself, as well
+# as unprefixed, yet target-specific ar and ranlib [or not, if you use
+# binutils-multiarch].
+
+{
+    my $android_ndk = {};
+    my %triplet = (
+        arm    => "arm-linux-androideabi",
+        arm64  => "aarch64-linux-android",
+        mips   => "mipsel-linux-android",
+        mips64 => "mips64el-linux-android",
+        x86    => "i686-linux-android",
+        x86_64 => "x86_64-linux-android",
+    );
+
+    sub android_ndk {
+        unless (%$android_ndk) {
+            my $ndk = $ENV{ANDROID_NDK};
+            die "\$ANDROID_NDK is not defined"  if (!$ndk);
+            die "\$ANDROID_NDK=$ndk is invalid" if (!-d "$ndk/platforms");
+
+            my $sysroot;
+
+            if (!($sysroot = $ENV{CROSS_SYSROOT})) {
+                my $api = "*";
+
+                # see if user passed -D__ANDROID_API__=N
+                foreach (@{$useradd{CPPDEFINES}}) {
+                    if (m|__ANDROID_API__=([0-9]+)|) {
+                        $api = $1;
+                        last;
+                    }
+                }
+
+                # list available platforms [numerically]
+                my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
+                                       $b =~ m/-([0-9]+)$/; $aa <=> $1;
+                                     } glob("$ndk/platforms/android-$api");
+                die "no $ndk/platforms/android-$api" if ($#platforms < 0);
+
+                $config{target} =~ m|[^-]+-([^-]+)$|;   # split on dash
+                $sysroot = "@platforms[$#platforms]/arch-$1";
+            }
+            die "no sysroot=$sysroot"   if (!-d $sysroot);
+
+            $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
+            my ($api, $arch) = ($1, $2);
+
+            my $triarch = $triplet{$arch};
+            my $cflags = "-Wa,--noexecstack";
+            my $cppflags;
+
+            # see if user passed CC=clang
+            if ($user{CC} eq "clang") {
+                if (which("clang") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
+                    die "no NDK clang on \$PATH";
+                }
+                # harmonize with gcc default
+                (my $tridefault = $triarch) =~ s|^arm-|armv5te-|;
+                $cflags .= " -target $tridefault -gcc-toolchain "
+                        . "\$(ANDROID_NDK)/toolchains/$triarch-4.9/prebuilt/$1";
+                $user{CROSS_COMPILE} = undef;
+            } else {
+                $cflags .= " -mandroid";
+                $user{CROSS_COMPILE} = "$triarch-";
+            }
+
+            if (!-d "$sysroot/usr/include") {
+                my $incroot = "$ndk/sysroot/usr/include";
+                die "no $incroot"          if (!-d $incroot);
+                die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
+                $incroot =~ s|^$ndk/||;
+                $cppflags  = "-D__ANDROID_API__=$api";
+                $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot/$triarch";
+                $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot";
+            }
+
+            $sysroot =~ s|^$ndk/||;
+            $android_ndk = {
+                cflags   => "$cflags --sysroot=\$(ANDROID_NDK)/$sysroot",
+                cppflags => $cppflags,
+                bn_ops   => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
+                                            : "BN_LLONG",
+            };
+        }
+
+        return $android_ndk;
+    }
+}
+
+my %targets = (
+    "android" => {
+        inherit_from     => [ "linux-generic32" ],
+        template         => 1,
+        ################################################################
+        # Special note about -pie. The underlying reason is that
+        # Lollipop refuses to run non-PIE. But what about older systems
+        # and NDKs? -fPIC was never problem, so the only concern is -pie.
+        # Older toolchains, e.g. r4, appear to handle it and binaries
+        # turn out mostly functional. "Mostly" means that oldest
+        # Androids, such as Froyo, fail to handle executable, but newer
+        # systems are perfectly capable of executing binaries targeting
+        # Froyo. Keep in mind that in the nutshell Android builds are
+        # about JNI, i.e. shared libraries, not applications.
+        cflags           => add(sub { android_ndk()->{cflags} }),
+        cppflags         => add(sub { android_ndk()->{cppflags} }),
+        cxxflags         => add(sub { android_ndk()->{cflags} }),
+        bn_ops           => sub { android_ndk()->{bn_ops} },
+        bin_cflags       => "-pie",
+    },
+    "android-arm" => {
+        ################################################################
+        # Contemporary Android applications can provide multiple JNI
+        # providers in .apk, targeting multiple architectures. Among
+        # them there is "place" for two ARM flavours: generic eabi and
+        # armv7-a/hard-float. However, it should be noted that OpenSSL's
+        # ability to engage NEON is not constrained by ABI choice, nor
+        # is your ability to call OpenSSL from your application code
+        # compiled with floating-point ABI other than default 'soft'.
+        # [Latter thanks to __attribute__((pcs("aapcs"))) declaration.]
+        # This means that choice of ARM libraries you provide in .apk
+        # is driven by application needs. For example if application
+        # itself benefits from NEON or is floating-point intensive, then
+        # it might be appropriate to provide both libraries. Otherwise
+        # just generic eabi would do. But in latter case it would be
+        # appropriate to
+        #
+        #   ./Configure android-arm -D__ARM_MAX_ARCH__=8
+        #
+        # in order to build "universal" binary and allow OpenSSL take
+        # advantage of NEON when it's available.
+        #
+        # Keep in mind that [just like with linux-armv4] we rely on
+        # compiler defaults, which is not necessarily what you had
+        # in mind, in which case you would have to pass additional
+        # -march and/or -mfloat-abi flags. NDK defaults to armv5te.
+        #
+        inherit_from     => [ "android", asm("armv4_asm") ],
+    },
+    "android-arm64" => {
+        inherit_from     => [ "android", asm("aarch64_asm") ],
+        perlasm_scheme   => "linux64",
+    },
+
+    "android-mips" => {
+        inherit_from     => [ "android", asm("mips32_asm") ],
+        perlasm_scheme   => "o32",
+    },
+    "android-mips64" => {
+        ################################################################
+        # You are more than likely have to specify target processor
+        # on ./Configure command line. Trouble is that toolchain's
+        # default is MIPS64r6 (at least in r10d), but there are no
+        # such processors around (or they are too rare to spot one).
+        # Actual problem is that MIPS64r6 is binary incompatible
+        # with previous MIPS ISA versions, in sense that unlike
+        # prior versions original MIPS binary code will fail.
+        #
+        inherit_from     => [ "android", asm("mips64_asm") ],
+        perlasm_scheme   => "64",
+    },
+
+    "android-x86" => {
+        inherit_from     => [ "android", asm("x86_asm") ],
+        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
+        bn_ops           => add("RC4_INT"),
+        perlasm_scheme   => "android",
+    },
+    "android-x86_64" => {
+        inherit_from     => [ "android", asm("x86_64_asm") ],
+        bn_ops           => add("RC4_INT"),
+        perlasm_scheme   => "elf",
+    },
+
+    ####################################################################
+    # Backward compatible targets, [might] requre $CROSS_SYSROOT
+    #
+    "android-armeabi" => {
+        inherit_from     => [ "android-arm" ],
+    },
+    "android64" => {
+        inherit_from     => [ "android" ],
+    },
+    "android64-aarch64" => {
+        inherit_from     => [ "android-arm64" ],
+    },
+    "android64-x86_64" => {
+        inherit_from     => [ "android-x86_64" ],
+    },
+    "android64-mips64" => {
+        inherit_from     => [ "android-mips64" ],
+    },
+);
diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c
index 45525f4..0f18ff7 100644
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -13,7 +13,8 @@
 
 #if defined(X25519_ASM) \
     || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \
-         && !defined(__sparc__) )
+         && !defined(__sparc__) \
+         && !(defined(__ANDROID__) && !defined(__clang__)) )
 /*
  * Base 2^51 implementation.
  */
diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index ea1b321..1d36cd2 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -236,35 +236,35 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
             }
 
             if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) {
-                OSSL_STORE_INFO *si_pkey = NULL;
-                OSSL_STORE_INFO *si_cert = NULL;
-                OSSL_STORE_INFO *si_ca = NULL;
+                OSSL_STORE_INFO *osi_pkey = NULL;
+                OSSL_STORE_INFO *osi_cert = NULL;
+                OSSL_STORE_INFO *osi_ca = NULL;
 
                 if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL
-                    && (si_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL
-                    && sk_OSSL_STORE_INFO_push(ctx, si_pkey) != 0
-                    && (si_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL
-                    && sk_OSSL_STORE_INFO_push(ctx, si_cert) != 0) {
+                    && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0
+                    && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) {
                     ok = 1;
-                    si_pkey = NULL;
-                    si_cert = NULL;
+                    osi_pkey = NULL;
+                    osi_cert = NULL;
 
                     while(sk_X509_num(chain) > 0) {
                         X509 *ca = sk_X509_value(chain, 0);
 
-                        if ((si_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL
-                            || sk_OSSL_STORE_INFO_push(ctx, si_ca) == 0) {
+                        if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL
+                            || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) {
                             ok = 0;
                             break;
                         }
-                        si_ca = NULL;
+                        osi_ca = NULL;
                         (void)sk_X509_shift(chain);
                     }
                 }
                 if (!ok) {
-                    OSSL_STORE_INFO_free(si_ca);
-                    OSSL_STORE_INFO_free(si_cert);
-                    OSSL_STORE_INFO_free(si_pkey);
+                    OSSL_STORE_INFO_free(osi_ca);
+                    OSSL_STORE_INFO_free(osi_cert);
+                    OSSL_STORE_INFO_free(osi_pkey);
                     sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
                     EVP_PKEY_free(pkey);
                     X509_free(cert);


More information about the openssl-commits mailing list