Tarsnap · cperciva · Jun 27, 2024 · Feb 22, 2024 · Mar 8, 2024 · Jun 10, 2024
diff --git a/Makefile.inc b/Makefile.inc
@@ -14,11 +14,22 @@ IDIRS	:=	${IDIRS}
 # Default is no man pages
 MAN	=
 
+# The SUBDIR_DEPTH variable (defined above) initializes tracking the
+# subdirectory depth, but it's not fully set at this stage in the build
+# process.  Instead, we jump back to the shell and print the (finalized) value
+# of SUBDIR_DEPTH.  This avoids an infinite loop because we query the Makefile
+# (which does not include ../Makefile.inc), rather than Makefile.BSD (which
+# would end up including this file again).
+FINALIZED_SUBDIR_DEPTH	!=	${MAKE} -v SUBDIR_DEPTH
+
 .if !defined(NOLIBALL)
 # Link everything to liball.a, unless they specifically ask not to use it.
-# If appropriate, metabuild.sh will do:
+LIBALL	=	${SUBDIR_DEPTH}/liball/liball.a
+.if exists(${FINALIZED_SUBDIR_DEPTH}/liball/optional_mutex_normal)
+# If we have optional_mutex, add it. If appropriate, metabuild.sh will do:
 #     s/optional_mutex_normal/optional_mutex_pthread/g
-LIBALL	=	${SUBDIR_DEPTH}/liball/liball.a ${SUBDIR_DEPTH}/liball/optional_mutex_normal/liball_optional_mutex_normal.a
+LIBALL	+=	${SUBDIR_DEPTH}/liball/optional_mutex_normal/liball_optional_mutex_normal.a
+.endif
 LDADD	+=	${LIBALL}
 DPADD	+=	${LIBALL}
 .endif

diff --git a/liball/Makefile b/liball/Makefile
@@ -44,7 +44,7 @@ cpusupport_x86_sse2.o: ../libcperciva/cpusupport/cpusupport_x86_sse2.c ../libcpe
 cpusupport_x86_ssse3.o: ../libcperciva/cpusupport/cpusupport_x86_ssse3.c ../libcperciva/cpusupport/cpusupport.h ../cpusupport-config.h
 	${CC} ${CFLAGS_POSIX} -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -DCPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" -DAPISUPPORT_CONFIG_FILE=\"apisupport-config.h\" -I.. ${IDIRS} ${CPPFLAGS} ${CFLAGS} -c ../libcperciva/cpusupport/cpusupport_x86_ssse3.c -o cpusupport_x86_ssse3.o
 crypto_aes.o: ../libcperciva/crypto/crypto_aes.c ../libcperciva/cpusupport/cpusupport.h ../cpusupport-config.h ../libcperciva/crypto/crypto_aes_aesni.h ../libcperciva/crypto/crypto_aes_arm.h ../libcperciva/util/insecure_memzero.h ../libcperciva/util/warnp.h ../libcperciva/crypto/crypto_aes.h
-	${CC} ${CFLAGS_POSIX} -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -DCPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" -DAPISUPPORT_CONFIG_FILE=\"apisupport-config.h\" -I.. ${IDIRS} ${CPPFLAGS} ${CFLAGS} -c ../libcperciva/crypto/crypto_aes.c -o crypto_aes.o
+	${CC} ${CFLAGS_POSIX} -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -DCPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" -DAPISUPPORT_CONFIG_FILE=\"apisupport-config.h\" -I.. ${IDIRS} ${CPPFLAGS} ${CFLAGS} ${CFLAGS_LIBCRYPTO_LOW_LEVEL_AES} -c ../libcperciva/crypto/crypto_aes.c -o crypto_aes.o
 crypto_aes_aesni.o: ../libcperciva/crypto/crypto_aes_aesni.c ../libcperciva/cpusupport/cpusupport.h ../cpusupport-config.h ../libcperciva/util/align_ptr.h ../libcperciva/util/insecure_memzero.h ../libcperciva/util/warnp.h ../libcperciva/crypto/crypto_aes_aesni.h ../libcperciva/crypto/crypto_aes_aesni_m128i.h
 	${CC} ${CFLAGS_POSIX} -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -DCPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" -DAPISUPPORT_CONFIG_FILE=\"apisupport-config.h\" -I.. ${IDIRS} ${CPPFLAGS} ${CFLAGS} ${CFLAGS_X86_AESNI} -c ../libcperciva/crypto/crypto_aes_aesni.c -o crypto_aes_aesni.o
 crypto_aes_arm.o: ../libcperciva/crypto/crypto_aes_arm.c ../libcperciva/cpusupport/cpusupport.h ../cpusupport-config.h ../libcperciva/util/align_ptr.h ../libcperciva/util/insecure_memzero.h ../libcperciva/util/warnp.h ../libcperciva/crypto/crypto_aes_arm.h ../libcperciva/crypto/crypto_aes_arm_u8.h

diff --git a/libcperciva/alg/sha256_arm.c b/libcperciva/alg/sha256_arm.c
@@ -49,12 +49,11 @@ static const uint32_t Krnd[64] = {
 	X0 = vsha256su1q_u32(vsha256su0q_u32(X0, X1), X2, X3)
 
 /**
- * SHA256_Transform_arm(state, block, W, S):
+ * SHA256_Transform_arm(state, block):
  * Compute the SHA256 block compression function, transforming ${state} using
  * the data in ${block}.  This implementation uses ARM SHA256 instructions,
  * and should only be used if _SHA256 is defined and cpusupport_arm_sha256()
- * returns nonzero.  The arrays W and S may be filled with sensitive data, and
- * should be cleared by the callee.
+ * returns nonzero.
  */
 #ifdef POSIXFAIL_ABSTRACT_DECLARATOR
 void

diff --git a/libcperciva/alg/sha256_arm.h b/libcperciva/alg/sha256_arm.h
@@ -4,12 +4,11 @@
 #include <stdint.h>
 
 /**
- * SHA256_Transform_arm(state, block, W, S):
+ * SHA256_Transform_arm(state, block):
  * Compute the SHA256 block compression function, transforming ${state} using
  * the data in ${block}.  This implementation uses ARM SHA256 instructions,
  * and should only be used if _SHA256 is defined and cpusupport_arm_sha256()
- * returns nonzero.  The arrays W and S may be filled with sensitive data, and
- * should be cleared by the callee.
+ * returns nonzero.
  */
 #ifdef POSIXFAIL_ABSTRACT_DECLARATOR
 void SHA256_Transform_arm(uint32_t state[8], const uint8_t block[64]);

diff --git a/libcperciva/alg/sha256_sse2.c b/libcperciva/alg/sha256_sse2.c
@@ -167,7 +167,7 @@ MSG4(__m128i X0, __m128i X1, __m128i X2, __m128i X3)
 }
 
 /**
- * SHA256_Transform_sse2(state, block):
+ * SHA256_Transform_sse2(state, block, W, S):
  * Compute the SHA256 block compression function, transforming ${state} using
  * the data in ${block}.  This implementation uses x86 SSE2 instructions, and
  * should only be used if _SSE2 is defined and cpusupport_x86_sse2() returns

diff --git a/libcperciva/alg/sha256_sse2.h b/libcperciva/alg/sha256_sse2.h
@@ -4,7 +4,7 @@
 #include <stdint.h>
 
 /**
- * SHA256_Transform_sse2(state, block):
+ * SHA256_Transform_sse2(state, block, W, S):
  * Compute the SHA256 block compression function, transforming ${state} using
  * the data in ${block}.  This implementation uses x86 SSE2 instructions, and
  * should only be used if _SSE2 is defined and cpusupport_x86_sse2() returns

diff --git a/libcperciva/apisupport/Build/apisupport-LIBCRYPTO-LOW_LEVEL_AES.c b/libcperciva/apisupport/Build/apisupport-LIBCRYPTO-LOW_LEVEL_AES.c
@@ -0,0 +1,15 @@
+#include <stdint.h>
+
+#include <openssl/aes.h>
+
+int
+main(void)
+{
+	AES_KEY kexp_actual;
+	const uint8_t key_unexpanded[16] = { 0 };
+
+	AES_set_encrypt_key(key_unexpanded, 128, &kexp_actual);
+
+	/* Success! */
+	return (0);
+}
diff --git a/libcperciva/apisupport/Build/apisupport.sh b/libcperciva/apisupport/Build/apisupport.sh
@@ -75,6 +75,8 @@ feature NONPOSIX SETGROUPS "" ""			\
 	"-U_POSIX_C_SOURCE -U_XOPEN_SOURCE"		\
 	"-U_POSIX_C_SOURCE -U_XOPEN_SOURCE -Wno-reserved-id-macro"
 
-# Detect how to compile libssl code.
+# Detect how to compile libssl and libcrypto code.
 feature LIBSSL HOST_NAME "-lssl" ""			\
 	"-Wno-cast-qual"
+feature LIBCRYPTO LOW_LEVEL_AES "-lcrypto" ""		\
+	"-Wno-deprecated-declarations"
diff --git a/libcperciva/crypto/crypto_aes.c b/libcperciva/crypto/crypto_aes.c
@@ -1,3 +1,7 @@
+/**
+ * APISUPPORT CFLAGS: LIBCRYPTO_LOW_LEVEL_AES
+ */
+
 #include <assert.h>
 #include <stdint.h>
 #include <stdlib.h>

diff --git a/libcperciva/util/entropy.h b/libcperciva/util/entropy.h
@@ -25,7 +25,7 @@ int entropy_read_fill(struct entropy_read_cookie *, uint8_t *, size_t);
  * entropy_read_done(er):
  * Release any resources used by ${er}.
  */
-int entropy_read_done(struct entropy_read_cookie * er);
+int entropy_read_done(struct entropy_read_cookie *);
 
 /**
  * entropy_read(buf, buflen):

diff --git a/release-tools/metabuild.sh b/release-tools/metabuild.sh
@@ -176,6 +176,9 @@ printf "RELATIVE_DIR=%s\n" "${D}" >> "${OUT}"
 if [ -n "$(${MAKEBSD} -v LIB)" ]; then
 	cat "${SUBDIR_DEPTH}/release-tools/Makefile.lib" >> "${OUT}"
 elif [ -n "$(${MAKEBSD} -v SRCS)" ]; then
+	# This *must* come after SUBDIR_DEPTH has been copied into
+	# the Makefile, because it depends on being able to run:
+	#     make -v SUBDIR_DEPTH
 	copyvar_LIBALL_optional_mutex
 	add_makefile_prog
 else