[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 63b596e38df603c983da188c6ace3e335a116730 (commit) from 243ff51cc6757ab56cda4a7f69fbdcddf81141b6 (commit) - Log - commit 63b596e38df603c983da188c6ace3e335a116730 Author: Bernd Edlinger Date: Wed Jan 30 16:20:31 2019 +0100 Add an entry to the CHANGES for the d2i_X509_PUBKEY fix The commit 5dc40a83c74be579575a512b30d9c1e0364e6a7b forgot to add a short description to the CHANGES file. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8144) (cherry picked from commit b2aea0e3d9a15e30ebce8b6da213df4a3f346155) --- Summary of changes: CHANGES | 4 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 261299d..81e3f84 100644 --- a/CHANGES +++ b/CHANGES @@ -16,6 +16,10 @@ interoperability with such broken implementations. However, enabling this switch breaks interoperability with correct implementations. + *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a + re-used X509_PUBKEY object if the second PUBKEY is malformed. + [Bernd Edlinger] + *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0(). [Richard Levitte] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b2aea0e3d9a15e30ebce8b6da213df4a3f346155 (commit) from 1050f687226d43720da59a22b9afe45a4840659e (commit) - Log - commit b2aea0e3d9a15e30ebce8b6da213df4a3f346155 Author: Bernd Edlinger Date: Wed Jan 30 16:20:31 2019 +0100 Add an entry to the CHANGES for the d2i_X509_PUBKEY fix The commit 5dc40a83c74be579575a512b30d9c1e0364e6a7b forgot to add a short description to the CHANGES file. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8144) --- Summary of changes: CHANGES | 4 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 20b1f5c..a72daba 100644 --- a/CHANGES +++ b/CHANGES @@ -16,6 +16,10 @@ interoperability with such broken implementations. However, enabling this switch breaks interoperability with correct implementations. + *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a + re-used X509_PUBKEY object if the second PUBKEY is malformed. + [Bernd Edlinger] + *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0(). [Richard Levitte] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.22190
Build openssl master.22190 completed Commit 6de0ba61c5 by Sam Roberts on 2/1/2019 11:06 PM: Make some simple getters take const SSL/SSL_CTX Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.22189
Build openssl master.22189 failed Commit 2b664e9cfc by FdaSilvaYY on 1/30/2019 8:16 PM: Fuzz: add a few more types into Fuzzing Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 152abc5522d869668f50deeb99cd0d948d0df4c1 (commit) from 47c55f881ffef8aa5fafcb88d4230700bb279449 (commit) - Log - commit 152abc5522d869668f50deeb99cd0d948d0df4c1 Author: Bernd Edlinger Date: Wed Jan 30 16:20:31 2019 +0100 Fix a crash in reuse of d2i_X509_PUBKEY If the second PUBKEY is malformed there is use after free. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8135) --- Summary of changes: CHANGES| 4 crypto/x509/x_pubkey.c | 1 + 2 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index b810a12..d634252 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.0j and 1.1.0k [xx XXX ] + *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a + re-used X509_PUBKEY object if the second PUBKEY is malformed. + [Bernd Edlinger] + *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0(). [Richard Levitte] diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index cc69283..03271cb 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -36,6 +36,7 @@ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, /* Attempt to decode public key and cache in pubkey structure. */ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; EVP_PKEY_free(pubkey->pkey); +pubkey->pkey = NULL; /* * Opportunistically decode the key but remove any non fatal errors * from the queue. Subsequent explicit attempts to decode/use the key _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 1050f687226d43720da59a22b9afe45a4840659e (commit) from 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674 (commit) - Log - commit 1050f687226d43720da59a22b9afe45a4840659e Author: Richard Levitte Date: Fri Feb 1 10:51:20 2019 +0100 VMS: Clean away stray debugging prints from descrip.mms.tmpl Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8140) --- Summary of changes: Configurations/descrip.mms.tmpl | 5 - 1 file changed, 5 deletions(-) diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index 46b9ffc..a0bc93d 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -102,9 +102,6 @@ return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target"; } - #use Data::Dumper; - #print STDERR "DEBUG: before:\n", Dumper($unified_info{before}); - #print STDERR "DEBUG: after:\n", Dumper($unified_info{after}); ""; -} PLATFORM={- $config{target} -} @@ -1097,10 +1094,8 @@ EOF join("\n\t", "WRITE OPT_FILE \"CASE_SENSITIVE=YES\"", map { my @lines = (); use Data::Dumper; - print STDERR "DEBUG: ",Dumper($_); my $x = $_->{lib} =~ /\[/ ? $_->{lib} : "[]".$_->{lib}; - print STDERR "DEBUG: ",Dumper($x); if ($x =~ m|\.EXE$|) { push @lines, "\@ WRITE OPT_FILE \"$x/SHARE\""; } elsif ($x =~ m|\.OLB$|) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 243ff51cc6757ab56cda4a7f69fbdcddf81141b6 (commit) from 1b66fc87da7c3851d7229993219336afa587f325 (commit) - Log - commit 243ff51cc6757ab56cda4a7f69fbdcddf81141b6 Author: Michael Tuexen Date: Wed Dec 26 12:44:53 2018 +0100 Fix end-point shared secret for DTLS/SCTP When computing the end-point shared secret, don't take the terminating NULL character into account. Please note that this fix breaks interoperability with older versions of OpenSSL, which are not fixed. Fixes #7956 Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7957) (cherry picked from commit 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674) --- Summary of changes: CHANGES| 7 ++ apps/s_client.c| 15 +++ apps/s_server.c| 17 ++- doc/man1/s_client.pod | 9 ++ doc/man1/s_server.pod | 9 ++ doc/man3/SSL_CTX_set_mode.pod | 9 ++ include/openssl/ssl.h | 13 +++ ssl/statem/statem_clnt.c | 16 ++- ssl/statem/statem_srvr.c | 16 ++- test/handshake_helper.c| 33 +- test/recipes/80-test_ssl_new.t | 3 +- test/ssl-tests/29-dtls-sctp-label-bug.conf | 116 + ...atus.conf.in => 29-dtls-sctp-label-bug.conf.in} | 59 +-- test/ssl_test_ctx.c| 4 + test/ssl_test_ctx.h| 4 + 15 files changed, 288 insertions(+), 42 deletions(-) create mode 100644 test/ssl-tests/29-dtls-sctp-label-bug.conf copy test/ssl-tests/{16-dtls-certstatus.conf.in => 29-dtls-sctp-label-bug.conf.in} (50%) diff --git a/CHANGES b/CHANGES index d3ad3f6..261299d 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,13 @@ Changes between 1.1.1a and 1.1.1b [xx XXX ] + *) Fix a bug in the computation of the endpoint-pair shared secret used + by DTLS over SCTP. This breaks interoperability with older versions + of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime + switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling + interoperability with such broken implementations. However, enabling + this switch breaks interoperability with correct implementations. + *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0(). [Richard Levitte] diff --git a/apps/s_client.c b/apps/s_client.c index 5925814..fb2ff47 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -596,6 +596,7 @@ typedef enum OPTION_choice { #endif OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME, OPT_ENABLE_PHA, +OPT_SCTP_LABEL_BUG, OPT_R_ENUM } OPTION_CHOICE; @@ -750,6 +751,7 @@ const OPTIONS s_client_options[] = { #endif #ifndef OPENSSL_NO_SCTP {"sctp", OPT_SCTP, '-', "Use SCTP"}, +{"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, #endif #ifndef OPENSSL_NO_SSL_TRACE {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"}, @@ -976,6 +978,9 @@ int s_client_main(int argc, char **argv) #endif char *psksessf = NULL; int enable_pha = 0; +#ifndef OPENSSL_NO_SCTP +int sctp_label_bug = 0; +#endif FD_ZERO(); FD_ZERO(); @@ -1323,6 +1328,11 @@ int s_client_main(int argc, char **argv) protocol = IPPROTO_SCTP; #endif break; +case OPT_SCTP_LABEL_BUG: +#ifndef OPENSSL_NO_SCTP +sctp_label_bug = 1; +#endif +break; case OPT_TIMEOUT: #ifndef OPENSSL_NO_DTLS enable_timeouts = 1; @@ -1707,6 +1717,11 @@ int s_client_main(int argc, char **argv) } } +#ifndef OPENSSL_NO_SCTP +if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) +SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); +#endif + if (min_version != 0 && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) goto end; diff --git a/apps/s_server.c b/apps/s_server.c index aa0c9ae..caf47b3 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -751,7 +751,7 @@ typedef enum OPTION_choice { OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, -OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, +OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -938,6 +938,7 @@ const OPTIONS s_server_options[] = { #endif #ifndef
[openssl-commits] [openssl] master update
The branch master has been updated via 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674 (commit) from a28e4890eed847e6122a1c4d50653566e0813f45 (commit) - Log - commit 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674 Author: Michael Tuexen Date: Wed Dec 26 12:44:53 2018 +0100 Fix end-point shared secret for DTLS/SCTP When computing the end-point shared secret, don't take the terminating NULL character into account. Please note that this fix breaks interoperability with older versions of OpenSSL, which are not fixed. Fixes #7956 Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7957) --- Summary of changes: CHANGES| 7 ++ apps/s_client.c| 15 +++ apps/s_server.c| 17 ++- doc/man1/s_client.pod | 9 ++ doc/man1/s_server.pod | 9 ++ doc/man3/SSL_CTX_set_mode.pod | 9 ++ include/openssl/ssl.h | 12 +++ ssl/statem/statem_clnt.c | 16 ++- ssl/statem/statem_srvr.c | 16 ++- test/handshake_helper.c| 33 +- test/recipes/80-test_ssl_new.t | 3 +- test/ssl-tests/29-dtls-sctp-label-bug.conf | 116 + ...atus.conf.in => 29-dtls-sctp-label-bug.conf.in} | 57 -- test/ssl_test_ctx.c| 4 + test/ssl_test_ctx.h| 4 + 15 files changed, 286 insertions(+), 41 deletions(-) create mode 100644 test/ssl-tests/29-dtls-sctp-label-bug.conf copy test/ssl-tests/{16-dtls-certstatus.conf.in => 29-dtls-sctp-label-bug.conf.in} (54%) diff --git a/CHANGES b/CHANGES index 311d6c6..20b1f5c 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,13 @@ Changes between 1.1.1 and 3.0.0 [xx XXX ] + *) Fix a bug in the computation of the endpoint-pair shared secret used + by DTLS over SCTP. This breaks interoperability with older versions + of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime + switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling + interoperability with such broken implementations. However, enabling + this switch breaks interoperability with correct implementations. + *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0(). [Richard Levitte] diff --git a/apps/s_client.c b/apps/s_client.c index 6e06f15..872496c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -598,6 +598,7 @@ typedef enum OPTION_choice { #endif OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME, OPT_ENABLE_PHA, +OPT_SCTP_LABEL_BUG, OPT_R_ENUM } OPTION_CHOICE; @@ -754,6 +755,7 @@ const OPTIONS s_client_options[] = { #endif #ifndef OPENSSL_NO_SCTP {"sctp", OPT_SCTP, '-', "Use SCTP"}, +{"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, #endif #ifndef OPENSSL_NO_SSL_TRACE {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"}, @@ -982,6 +984,9 @@ int s_client_main(int argc, char **argv) #endif char *psksessf = NULL; int enable_pha = 0; +#ifndef OPENSSL_NO_SCTP +int sctp_label_bug = 0; +#endif FD_ZERO(); FD_ZERO(); @@ -1335,6 +1340,11 @@ int s_client_main(int argc, char **argv) protocol = IPPROTO_SCTP; #endif break; +case OPT_SCTP_LABEL_BUG: +#ifndef OPENSSL_NO_SCTP +sctp_label_bug = 1; +#endif +break; case OPT_TIMEOUT: #ifndef OPENSSL_NO_DTLS enable_timeouts = 1; @@ -1729,6 +1739,11 @@ int s_client_main(int argc, char **argv) } } +#ifndef OPENSSL_NO_SCTP +if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) +SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); +#endif + if (min_version != 0 && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) goto end; diff --git a/apps/s_server.c b/apps/s_server.c index 8565a3a..fbbfd6c 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -751,7 +751,7 @@ typedef enum OPTION_choice { OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, -OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, +OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -938,6 +938,7 @@ const OPTIONS s_server_options[] = { #endif #ifndef OPENSSL_NO_SCTP {"sctp", OPT_SCTP, '-', "Use SCTP"}, +{"sctp_label_bug",
[openssl-commits] [openssl] master update
The branch master has been updated via a28e4890eed847e6122a1c4d50653566e0813f45 (commit) via f8f3d624b7c71e8f5acbe373479a5b0f6b73d13f (commit) from 5dc40a83c74be579575a512b30d9c1e0364e6a7b (commit) - Log - commit a28e4890eed847e6122a1c4d50653566e0813f45 Author: Andy Polyakov Date: Wed Jan 23 14:56:19 2019 +0100 poly1305/asm/poly1305-ppc.pl: add vector base 2^26 implementation. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8120) commit f8f3d624b7c71e8f5acbe373479a5b0f6b73d13f Author: Andy Polyakov Date: Wed Jan 23 15:03:23 2019 +0100 perlasm/ppc-xlate.pl: add VSX word load/store instructions. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8120) --- Summary of changes: crypto/perlasm/ppc-xlate.pl |2 + crypto/poly1305/asm/poly1305-ppc.pl | 1552 --- crypto/ppccap.c | 11 +- 3 files changed, 1454 insertions(+), 111 deletions(-) diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl index 1c972a1..e52f2f6 100755 --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -273,6 +273,8 @@ my $mtvrwz = sub { my ($f, $vrt, $ra) = @_; " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(243<<1)|1; }; +my $lvwzx_u= sub { vsxmem_op(@_, 12); }; # lxsiwzx +my $stvwx_u= sub { vsxmem_op(@_, 140); }; # stxsiwx # PowerISA 3.0 stuff my $maddhdu= sub { vfour(@_,49); }; diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl index e9118ba..9f15c0d 100755 --- a/crypto/poly1305/asm/poly1305-ppc.pl +++ b/crypto/poly1305/asm/poly1305-ppc.pl @@ -8,10 +8,10 @@ # # -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. +# Written by Andy Polyakov, @dot-asm, initially for use in the OpenSSL +# project. The module is dual licensed under OpenSSL and CRYPTOGAMS +# licenses depending on where you obtain it. For further details see +# https://github.com/dot-asm/cryptogams/. # # # This module implements Poly1305 hash for PowerPC. @@ -44,6 +44,13 @@ # # On side note, Power ISA 2.07 enables vector base 2^26 implementation, # and POWER8 might have capacity to break 1.0 cycle per byte barrier... +# +# January 2019 +# +# ... Unfortunately not:-( Estimate was a projection of ARM result, +# but ARM has vector multiply-n-add instruction, while PowerISA does +# not, not one usable in the context. Improvement is ~40% over -m64 +# result above and is ~1.43 on little-endian systems. $flavour = shift; @@ -99,6 +106,7 @@ $code.=<<___; std r0,0($ctx) # zero hash value std r0,8($ctx) std r0,16($ctx) + stw r0,24($ctx) # clear is_base2_26 $UCMP $inp,r0 beq-Lno_key @@ -140,6 +148,7 @@ Lno_key: .globl .poly1305_blocks .align 4 .poly1305_blocks: +Lpoly1305_blocks: srdi. $len,$len,4 beq-Labort @@ -238,60 +247,120 @@ Labort: .long 0 .byte 0,12,4,1,0x80,5,4,0 .size .poly1305_blocks,.-.poly1305_blocks +___ +{ +my ($h0,$h1,$h2,$h3,$h4,$t0) = map("r$_",(7..12)); +$code.=<<___; .globl .poly1305_emit -.align 4 +.align 5 .poly1305_emit: - ld $h0,0($ctx) # load hash - ld $h1,8($ctx) - ld $h2,16($ctx) - ld $padbit,0($nonce) # load nonce - ld $nonce,8($nonce) - - addic $d0,$h0,5 # compare to modulus - addze $d1,$h1 - addze $d2,$h2 - - srdi$mask,$d2,2 # did it carry/borrow? - neg $mask,$mask + lwz $h0,0($ctx) # load hash value base 2^26 + lwz $h1,4($ctx) + lwz $h2,8($ctx) + lwz $h3,12($ctx) + lwz $h4,16($ctx) + lwz r0,24($ctx) # is_base2_26 + + sldi$h1,$h1,26 # base 2^26 -> base 2^64 + sldi$t0,$h2,52 + srdi$h2,$h2,12 + sldi$h3,$h3,14 + add $h0,$h0,$h1 + addc$h0,$h0,$t0 + sldi$t0,$h4,40 + srdi$h4,$h4,24 + adde$h1,$h2,$h3 + addc$h1,$h1,$t0 + addze $h2,$h4 + + ld $h3,0($ctx) # load hash value base 2^64 + ld $h4,8($ctx) + ld $t0,16($ctx) + + neg r0,r0 + xor $h0,$h0,$h3 # choose between radixes + xor $h1,$h1,$h4 +