diff --git a/libc/nexgen32e/sha1.S b/libc/nexgen32e/sha1.S index 9193db511..c5ce78517 100644 --- a/libc/nexgen32e/sha1.S +++ b/libc/nexgen32e/sha1.S @@ -640,6 +640,9 @@ BSWAP_SHUFB_CTL: .text sha1_transform_avx2: + push %rbp + mov %rsp,%rbp + .profilable push %rbx push %r12 push %r13 @@ -677,5 +680,6 @@ sha1_transform_avx2: pop %r13 pop %r12 pop %rbx + pop %rbp ret .endfn sha1_transform_avx2,globl diff --git a/libc/nexgen32e/sha256.S b/libc/nexgen32e/sha256.S index 2da318b3f..d6b83ddeb 100644 --- a/libc/nexgen32e/sha256.S +++ b/libc/nexgen32e/sha256.S @@ -529,8 +529,11 @@ STACK_SIZE = _RSP + _RSP_SIZE ## arg 3 : Num blocks ######################################################################## .text -sha256_transform_rorx: .align 32 +sha256_transform_rorx: + push %rbp + mov %rsp,%rbp + .profilable pushq %rbx pushq %r12 pushq %r13 @@ -715,6 +718,7 @@ sha256_transform_rorx: popq %r13 popq %r12 popq %rbx + pop %rbp ret .endfn sha256_transform_rorx,globl diff --git a/libc/nexgen32e/sha512.S b/libc/nexgen32e/sha512.S index bc4ba75cd..62b63a521 100644 --- a/libc/nexgen32e/sha512.S +++ b/libc/nexgen32e/sha512.S @@ -572,6 +572,9 @@ frame_size = frame_GPRSAVE + GPRSAVE_SIZE # "blocks" is the message length in SHA512 blocks ######################################################################## sha512_transform_rorx: + push %rbp + mov %rsp,%rbp + .profilable # Allocate Stack Space mov %rsp, %rax sub $frame_size, %rsp @@ -683,6 +686,7 @@ sha512_transform_rorx: # Restore Stack Pointer mov frame_RSPSAVE(%rsp), %rsp + pop %rbp ret .endfn sha512_transform_rorx,globl diff --git a/third_party/mbedtls/base64.c b/third_party/mbedtls/base64.c index 55e4c872e..32f43dd47 100644 --- a/third_party/mbedtls/base64.c +++ b/third_party/mbedtls/base64.c @@ -54,9 +54,9 @@ static const unsigned char base64_dec_map[128] = /* * Constant flow conditional assignment to unsigned char */ -static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, - const unsigned char * const src, - unsigned char condition ) +forceinline void mbedtls_base64_cond_assign_uchar( unsigned char * dest, + const unsigned char * const src, + unsigned char condition ) { /* Generate bitmask from condition, mask will either be 0xFF or 0 */ unsigned char mask = ( condition | -condition ); @@ -68,8 +68,8 @@ static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, /* * Constant flow conditional assignment to uint_32 */ -static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src, - uint32_t condition ) +forceinline void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src, + uint32_t condition ) { /* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */ uint32_t mask = ( condition | -condition ); @@ -81,7 +81,7 @@ static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t s /* * Constant flow check for equality */ -static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b ) +forceinline unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b ) { size_t difference = in_a ^ in_b; difference |= -difference; diff --git a/third_party/mbedtls/everest.c b/third_party/mbedtls/everest.c index 78c01d0ad..410ce2d2c 100644 --- a/third_party/mbedtls/everest.c +++ b/third_party/mbedtls/everest.c @@ -36,6 +36,11 @@ asm(".include \"libc/disclaimer.inc\""); #if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) +#ifdef memcpy +#undef memcpy +#endif +#define memcpy(x,y,z) __builtin_memcpy(x,y,z) + #define load64_le(b) READ64LE(b) #define store64_le(b, i) WRITE64LE(b, i) diff --git a/tool/net/redbean.c b/tool/net/redbean.c index da8aeaac2..43cb56142 100644 --- a/tool/net/redbean.c +++ b/tool/net/redbean.c @@ -149,6 +149,7 @@ STATIC_YOINK("usr/share/ssl/root/verisign.pem"); #define HASH_LOAD_FACTOR /* 1. / */ 4 #define read(F, P, N) readv(F, &(struct iovec){P, N}, 1) +#define write(F, P, N) writev(F, &(struct iovec){P, N}, 1) #define LockInc(P) asm volatile("lock incq\t%0" : "=m"(*(P))) #define AppendCrlf(P) mempcpy(P, "\r\n", 2) #define HasHeader(H) (!!msg.headers[H].a) @@ -363,13 +364,6 @@ static const char kCounterNames[] = #undef C ; -static mbedtls_entropy_context ent = { - .source_count = 1, - .source = {{.f_source = mbedtls_hardware_poll, - .threshold = MBEDTLS_ENTROPY_MIN_HARDWARE, - .strong = MBEDTLS_ENTROPY_SOURCE_STRONG}}, -}; - typedef ssize_t (*reader_f)(int, void *, size_t); typedef ssize_t (*writer_f)(int, struct iovec *, int); @@ -1399,8 +1393,6 @@ static bool TlsSetup(void) { inbuf.n -= amtread; inbuf.c = amtread; amtread = 0; - mbedtls_ssl_setup(&ssl, &conf); - mbedtls_ssl_set_bio(&ssl, &client, TlsSend, 0, TlsRecv); for (;;) { if (!(r = mbedtls_ssl_handshake(&ssl))) { LockInc(&shared->c.sslhandshakes); @@ -1468,11 +1460,16 @@ static bool TlsSetup(void) { } } +static int GetEntropy(void *c, unsigned char *p, size_t n) { + CHECK_EQ(n, getrandom(p, n, 0)); + return 0; +} + static void InitializeRng(mbedtls_ctr_drbg_context *r) { volatile unsigned char b[64]; mbedtls_ctr_drbg_init(r); CHECK(getrandom(b, 64, 0) == 64); - CHECK(!mbedtls_ctr_drbg_seed(r, mbedtls_entropy_func, &ent, b, 64)); + CHECK(!mbedtls_ctr_drbg_seed(r, GetEntropy, 0, b, 64)); mbedtls_platform_zeroize(b, 64); } @@ -5452,7 +5449,6 @@ static void HandleConnection(size_t i) { case 0: meltdown = false; connectionclose = false; - ReseedRng(&rng, "child"); if (funtrace && !IsTiny()) { ftrace_install(); } @@ -5696,6 +5692,8 @@ void RedBean(int argc, char *argv[]) { mbedtls_ssl_conf_dbg(&conf, TlsDebug, 0); LoadCertificates(); mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &rng); + mbedtls_ssl_setup(&ssl, &conf); + mbedtls_ssl_set_bio(&ssl, &client, TlsSend, 0, TlsRecv); #endif if (launchbrowser) { LaunchBrowser(launchbrowser);