from:"Joel Sing"

CVS: cvs.openbsd.org: src

2024-07-22 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/07/22 08:50:45

Modified files:
regress/lib/libssl/asn1: asn1test.c 
regress/lib/libssl/tlsext: tlsexttest.c 

Log message:
Revise regress to match cipher suite values change.

CVS: cvs.openbsd.org: src

2024-07-22 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/07/22 08:47:15

Modified files:
lib/libssl : s3_lib.c ssl_asn1.c ssl_ciph.c ssl_ciphers.c 
 ssl_clnt.c ssl_local.h ssl_pkt.c ssl_sess.c 
 ssl_srvr.c ssl_txt.c tls13_client.c 
 tls13_server.c 

Log message:
Use cipher suite values instead of IDs.

OpenSSL has had the concept of cipher IDs, which were a way of working
around overlapping cipher suite values between SSLv2 and SSLv3. Given
that we no longer have to deal with this issue, replace the use of IDs
with cipher suite values. In particular, this means that we can stop
mapping back and forth between the two, simplifying things considerably.

While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[]
table is no longer mutable, meaning that ciphers cannot be disabled at
runtime (and we have `#if 0' if we want to do it at compile time).

Clean up the comments and add/update RFC references for cipher suites.

ok tb@

CVS: cvs.openbsd.org: src

2024-07-19 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/07/19 22:04:23

Modified files:
lib/libssl : d1_pkt.c ssl_asn1.c ssl_ciph.c ssl_clnt.c 
 ssl_lib.c ssl_local.h ssl_pkt.c ssl_sess.c 
 ssl_srvr.c ssl_txt.c t1_enc.c tls13_client.c 
 tls13_server.c 

Log message:
Remove cipher from SSL_SESSION.

For a long time SSL_SESSION has had both a cipher ID and a pointer to
an SSL_CIPHER (and not both are guaranteed to be populated). There is also
a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher
being used for this connection. Some code has been using the cipher from
SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE.

Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE
everywhere. If resuming from a session then we need to use the SSL_SESSION
cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that
we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE
cipher changes (this only occurs in a few places).

ok tb@

CVS: cvs.openbsd.org: src

2024-07-19 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/07/19 02:54:31

Modified files:
lib/libssl : s3_lib.c ssl_lib.c ssl_local.h ssl_sess.c 
 ssl_srvr.c tls13_server.c 

Log message:
Move client ciphers from SSL_SESSION to SSL_HANDSHAKE.

SSL_SESSION has a 'ciphers' member which contains a list of ciphers
that were advertised by the client. Move this from SSL_SESSION to
SSL_HANDSHAKE and rename it to match reality.

ok tb@

CVS: cvs.openbsd.org: src

2024-07-19 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/07/19 02:56:17

Modified files:
lib/libssl : ssl_clnt.c ssl_srvr.c 

Log message:
Annotate issues with tls_session_secret_cb() related code.

CVS: cvs.openbsd.org: src

2024-07-17 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/07/17 09:01:22

Modified files:
regress/lib/libssl/ciphers: cipherstest.c 

Log message:
Enable regress for SSL_CIPHER_get_handshake_digest()

Turns out this is already linked statically.

CVS: cvs.openbsd.org: src

2024-07-17 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/07/17 08:51:54

Modified files:
regress/lib/libssl/ciphers: cipherstest.c 

Log message:
Rework cipher find test to also provide coverage for SSL_CIPHER_*()

CVS: cvs.openbsd.org: src

2024-07-16 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/07/16 08:38:59

Modified files:
regress/lib/libssl/unit: tls_prf.c 

Log message:
Update regress for removal of SSL_HANDSHAKE_MAC_DEFAULT.

CVS: cvs.openbsd.org: src

2024-07-16 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/07/16 08:38:04

Modified files:
lib/libssl : s3_lib.c ssl_ciph.c ssl_local.h 

Log message:
Clean up SSL_HANDSHAKE_MAC_DEFAULT.

The handshake MAC needs to be upgraded when TLSv1.0 and TLSv1.1
ciphersuites are used with TLSv1.2. Since we no longer support TLSv1.0
and TLSv1.1, we can simply upgrade the handshake MAC in the ciphersuite
table and remove the various defines/macros/code that existed to handle
the upgrade.

ok tb@

CVS: cvs.openbsd.org: src

2024-07-15 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/07/15 08:45:15

Modified files:
lib/libssl : s3_lib.c ssl_local.h 

Log message:
Mop up TLS1_PRF* defines.

These have not been used for a long time, however SSL_CIPHER was not opaque
at the time, hence they had to stick around. Now that SSL_CIPHER is opaque
we can simply mop them up.

ok tb@

CVS: cvs.openbsd.org: src

2024-06-30 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/06/30 08:13:08

Modified files:
lib/libcrypto/lhash: lhash.c lhash_local.h 

Log message:
Remove lhash statistics.

These are not exactly useful and we previously stopped exposing them.

ok tb@

CVS: cvs.openbsd.org: src

2024-06-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/06/28 07:37:49

Modified files:
lib/libssl : ssl_packet.c 

Log message:
Remove handling of SSLv2 client hello messages.

This code was only previously enabled if the minimum enabled version was
TLSv1.0 and a non-version locked method is in use. Since TLSv1.0 and
TLSv1.1 were disabled nearly a year ago, this code is no longer ever
being used.

ok tb@

CVS: cvs.openbsd.org: src

2024-06-25 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/06/25 08:10:45

Modified files:
lib/libssl : Makefile ssl_local.h ssl_srvr.c 

Log message:
Implement RSA key exchange in constant time.

RSA key exchange is known to have multiple security weaknesses,
including being potentially susceptible to padding oracle and timing
attacks.

The RSA key exchange code that we inherited from OpenSSL was riddled
with timing leaks, many of which we fixed (or minimised) early on.
However, a number of issues still remained, particularly those
related to libcrypto's RSA decryption and padding checks.

Rework the RSA key exchange code such that we decrypt with
RSA_NO_PADDING and then check the padding ourselves in constant
time. In this case, the pre-master secret is of a known length,
hence the padding is also a known length based on the size of the
RSA key. This makes it easy to implement a check that is much safer
than having RSA_private_decrypt() depad for us.

Regardless, we still strongly recommend disabling RSA key exchange
and using other key exchange methods that provide perfect forward
secrecy and do not depend on client generated keys.

Thanks to Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj
Somorovsky, Joerg Schwenk and Hubert Kario for raising these issues
with us at various points in time.

ok tb@

CVS: cvs.openbsd.org: src

2024-06-22 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/06/22 10:38:31

Modified files:
lib/libcrypto/lhash: lhash.c 

Log message:
Remove the less-than-useful change log.

ok tb@

CVS: cvs.openbsd.org: src

2024-06-22 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/06/22 10:33:00

Modified files:
lib/libcrypto/bn: bn_convert.c 

Log message:
Rewrite BN_bn2mpi() using CBB.

The content is effectively a u32 length prefixed field, so use
CBB_add_u32_length_prefixed(). Use BN_bn2binpad() rather than manually
padding if we need to extend and use sensible variable names so that the
code becomes more readable.

Note that since CBB can fail we now need to be able to indicate failure.
This means that BN_bn2mpi() can now return -1 when it would not have
previously (correct callers will check that BN_bn2mpi() returns a positive
length).

ok tb@

CVS: cvs.openbsd.org: src

2024-06-22 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/06/22 09:32:51

Modified files:
lib/libcrypto/bytestring: bs_cbb.c bytestring.h 

Log message:
Sync bytestring from libssl.

CVS: cvs.openbsd.org: src

2024-06-22 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/06/22 09:25:06

Modified files:
lib/libssl : bs_cbb.c bytestring.h 

Log message:
Provide CBB_add_u32_length_prefixed().

This is needed for an upcoming change in libcrypto.

ok tb@

CVS: cvs.openbsd.org: src

2024-05-08 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/05/08 09:13:23

Modified files:
regress/lib/libcrypto/lhash: lhash_test.c 

Log message:
Add more regress coverage for lhash.

CVS: cvs.openbsd.org: src

2024-05-07 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/05/07 07:40:42

Modified files:
lib/libcrypto/lhash: lhash.c 

Log message:
Reorder functions and drop static function prototypes.

No functional change.

CVS: cvs.openbsd.org: src

2024-05-06 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/05/06 08:38:20

Modified files:
lib/libcrypto/lhash: lhash.c 

Log message:
Fix function wrapping.

CVS: cvs.openbsd.org: src

2024-05-06 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/05/06 08:37:26

Modified files:
regress/lib/libcrypto: Makefile 

Log message:
Enable lhash regress.

CVS: cvs.openbsd.org: src

2024-05-06 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/05/06 08:36:05

Modified files:
lib/libcrypto/lhash: lhash.c 

Log message:
Guard call to contract() from doall_util_fn().

It is not safe to unconditionally call contract() - when called repeatedly
it will shrink the bucket array to zero and then attempt to access that
allocation on the next call. Use the same guard that is used in
lh_delete().

Issue found when investigating haproxy crashes reported by wizard-it on
GitHub.

ok tb@

CVS: cvs.openbsd.org: src

2024-05-06 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/05/06 08:31:25

Added files:
regress/lib/libcrypto/lhash: Makefile lhash_test.c 

Log message:
Provide initial regress for lhash.

For now, this is very limited and only tests calling lh_doall_arg()
multiple times on an empty linked hash. This process currently triggers
a SIGSEGV, which will be soon fixed.

CVS: cvs.openbsd.org: src

2024-05-06 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/05/06 08:24:21

src/regress/lib/libcrypto/lhash

Update of /cvs/src/regress/lib/libcrypto/lhash
In directory cvs.openbsd.org:/tmp/cvs-serv75180/lhash

Log Message:
Directory /cvs/src/regress/lib/libcrypto/lhash added to the repository

CVS: cvs.openbsd.org: src

2024-04-25 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/25 08:27:29

Modified files:
regress/lib/libcrypto: Makefile 
Added files:
regress/lib/libcrypto/crypto: Makefile crypto_test.c 

Log message:
Add regress coverage for crypto_ct_*_u8()

CVS: cvs.openbsd.org: src

2024-04-25 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/25 08:19:45

src/regress/lib/libcrypto/crypto

Update of /cvs/src/regress/lib/libcrypto/crypto
In directory cvs.openbsd.org:/tmp/cvs-serv77624/crypto

Log Message:
Directory /cvs/src/regress/lib/libcrypto/crypto added to the repository

CVS: cvs.openbsd.org: src

2024-04-17 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/17 08:47:17

Modified files:
lib/libcrypto/bn: bn_convert.c 

Log message:
Rewrite BN_mpi2bn() using CBS and bn_bin2bn_cbs().

ok tb@

CVS: cvs.openbsd.org: src

2024-04-17 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/17 08:45:46

Modified files:
lib/libcrypto/bn: bn_convert.c 

Log message:
Rewrite BN_lebin2bn() using CBS.

We get an implementation of this for free by having bn_bin2bn_cbs() use
CBS_get_u8() instead of CBS_get_last_u8().

ok tb@

CVS: cvs.openbsd.org: src

2024-04-17 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/17 08:43:37

Modified files:
lib/libcrypto  : crypto_internal.h 

Log message:
Provide constant time operations for uint8_t.

These will be used in upcoming changes.

ok tb@

CVS: cvs.openbsd.org: src

2024-04-17 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/17 02:51:11

Modified files:
regress/lib/libcrypto/bn: bn_convert.c 

Log message:
Add regress coverage for BN_lebin2bn().

CVS: cvs.openbsd.org: src

2024-04-16 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/16 07:14:46

Modified files:
lib/libcrypto/bn: bn_convert.c 

Log message:
Invert BN_BITS2 handling in bn_bin2bn_cbs() and bn_hex2bn_cbs().

This results in simpler code.

Suggested by tb@ during review.

CVS: cvs.openbsd.org: src

2024-04-16 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/16 07:11:37

Modified files:
lib/libcrypto/bn: bn_convert.c 

Log message:
Rewrite BN_bin2bn() using CBS.

ok tb@

CVS: cvs.openbsd.org: src

2024-04-16 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/16 07:07:14

Modified files:
lib/libcrypto/bn: bn_lib.c bn_local.h 

Log message:
Provide bn_expand_bytes().

This will be used in an upcoming change.

ok tb@

CVS: cvs.openbsd.org: src

2024-04-16 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/16 07:04:05

Modified files:
lib/libcrypto/bn: bn_convert.c bn_lib.c bn_local.h 

Log message:
Rename bn_expand() to bn_expand_bits().

Also change the bits type from int to size_t, since that's what the callers
are passing and we can avoid unnecessary input validation.

ok tb@

CVS: cvs.openbsd.org: src

2024-04-15 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/15 08:36:16

Modified files:
regress/lib/libcrypto/bn: bn_bits.c 

Log message:
Enable negative zero checks for BN_clear_bit() and BN_mask_bits().

CVS: cvs.openbsd.org: src

2024-04-15 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/15 08:35:25

Modified files:
lib/libcrypto/bn: bn_lib.c 

Log message:
Prevent negative zero from being created via BN bit functions.

Both BN_clear_bit() and BN_mask_bits() can create zero values - in both
cases ensure that the negative sign is correctly handled if the value
becomes zero.

Thanks to Guido Vranken for providing a reproducer.

Fixes oss-fuzz #67901

ok tb@

CVS: cvs.openbsd.org: src

2024-04-09 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/09 08:59:57

Modified files:
regress/lib/libcrypto/bn: Makefile 
Added files:
regress/lib/libcrypto/bn: bn_bits.c 

Log message:
Add initial regress for BN_set_bit(), BN_clear_bit() and BN_mask_bits().

CVS: cvs.openbsd.org: src

2024-04-09 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/04/09 08:56:21

Modified files:
regress/lib/libcrypto/bn: bn_convert.c 

Log message:
Add regress coverage for BN_bn2mpi()/BN_mpi2bn().

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 22:34:17

Modified files:
lib/libcrypto/rsa: rsa_pk1.c 

Log message:
Rewrite RSA_padding_add_PKCS1_type_{1,2}() with CBS/CBB.

ok tb@

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 20:20:39

Modified files:
regress/lib/libcrypto/rsa: rsa_padding_test.c 

Log message:
Do multiple padding add/check iterations.

This increases the chance of triggering bugs due to input and/or randomised
padding.

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 18:36:14

Modified files:
regress/lib/libcrypto/rsa: Makefile 
Added files:
regress/lib/libcrypto/rsa: rsa_padding_test.c 

Log message:
Add initial regress for RSA padding.

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 18:34:40

Modified files:
regress/lib/libcrypto/dsa: Makefile 
regress/lib/libcrypto/rsa: Makefile 

Log message:
Tidy indentation.

Requested by tb@

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 18:32:13

Modified files:
regress/lib/libcrypto/dsa: Makefile 
regress/lib/libcrypto/rsa: Makefile 

Log message:
Remove -app2_1 flags being passed to dsa and rsa regress.

Nothing does flag handling in these tests.

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 05:19:01

Modified files:
lib/libcrypto/aes: aes_core.c 

Log message:
Tweak defines since the Td4 table is only used for AES_{encrypt,decrypt}

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 05:00:58

Modified files:
lib/libcrypto/aes: aes_core.c 
lib/libcrypto/aes/asm: aes-586.pl aes-armv4.pl aes-mips.pl 
   aes-parisc.pl aes-ppc.pl aes-sparcv9.pl 
   aes-x86_64.pl 
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/arm: Makefile.inc 
lib/libcrypto/arch/hppa: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 
lib/libcrypto/arch/mips64: Makefile.inc 
lib/libcrypto/arch/sparc64: Makefile.inc 

Log message:
Always use C functions for AES_{encrypt,decrypt}().

Always provide AES_{encrypt,decrypt}() via C functions, which then either
use a C implementation or call the assembly implementation.

ok tb@

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 01:45:36

Removed files:
lib/libcrypto/idea: i_cbc.c 

Log message:
Remove previously missed idea file.

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 01:36:38

Modified files:
lib/libcrypto  : Makefile 
Added files:
lib/libcrypto/cast: cast.c 
Removed files:
lib/libcrypto/cast: c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c 
cast_s.h 

Log message:
Consolidate cast code.

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 01:26:21

Modified files:
lib/libcrypto  : Makefile 
lib/libcrypto/camellia: camellia.c 
Removed files:
lib/libcrypto/camellia: cmll_cbc.c cmll_cfb.c cmll_ctr.c 
cmll_ecb.c cmll_local.h cmll_misc.c 
cmll_ofb.c 

Log message:
Consolidate camellia code.

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 01:24:09

Modified files:
lib/libcrypto  : Makefile 
lib/libcrypto/arch/aarch64: Makefile.inc 
lib/libcrypto/arch/alpha: Makefile.inc 
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/arm: Makefile.inc 
lib/libcrypto/arch/hppa: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 
lib/libcrypto/arch/mips64: Makefile.inc 
lib/libcrypto/arch/powerpc: Makefile.inc 
lib/libcrypto/arch/powerpc64: Makefile.inc 
lib/libcrypto/arch/riscv64: Makefile.inc 
lib/libcrypto/arch/sparc64: Makefile.inc 

Log message:
Move camellia to primary Makefile.

These files are now built on all platforms.

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 01:09:37

Removed files:
lib/libcrypto/camellia/asm: cmll-x86.pl cmll-x86_64.pl 

Log message:
Remove now unused camellia assembly implementations.

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 01:06:21

Modified files:
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 

Log message:
Stop building camellia assembly on amd64 and i386.

This is a legacy algorithm and the assembly is only marginally faster than
the C code.

Discussed with beck@ and tb@

CVS: cvs.openbsd.org: src

2024-03-29 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/29 00:03:21

Modified files:
lib/libcrypto  : Makefile 
lib/libcrypto/arch/aarch64: Makefile.inc 
lib/libcrypto/arch/alpha: Makefile.inc 
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/arm: Makefile.inc 
lib/libcrypto/arch/hppa: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 
lib/libcrypto/arch/mips64: Makefile.inc 
lib/libcrypto/arch/powerpc: Makefile.inc 
lib/libcrypto/arch/powerpc64: Makefile.inc 
lib/libcrypto/arch/riscv64: Makefile.inc 
lib/libcrypto/arch/sparc64: Makefile.inc 

Log message:
Move aes_core.c to the primary Makefile.

This is now built on all platforms.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 23:23:50

Modified files:
lib/libcrypto  : Makefile 
Added files:
lib/libcrypto/idea: idea.c 
Removed files:
lib/libcrypto/idea: i_cfb64.c i_ecb.c i_ofb64.c i_skey.c 

Log message:
Consolidate idea into a single C file.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 23:03:48

Modified files:
lib/libcrypto/rc2: rc2_local.h 

Log message:
Remove unused n2ln, l2nn, n2l and l2n macros.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 22:39:54

Modified files:
lib/libcrypto/aes: aes_core.c 
lib/libcrypto/aes/asm: aes-586.pl aes-armv4.pl aes-mips.pl 
   aes-x86_64.pl 
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/arm: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 
lib/libcrypto/arch/mips64: Makefile.inc 

Log message:
Always use C functions for AES_set_{encrypt,decrypt}_key().

Always include aes_core.c and provide AES_set_{encrypt,decrypt}_key() via C
functions, which then either use a C implementation or call the assembly
implementation.

ok tb@

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 20:41:49

Modified files:
lib/libcrypto  : Makefile 
Added files:
lib/libcrypto/whrlpool: whirlpool.c 
Removed files:
lib/libcrypto/whrlpool: wp_block.c wp_dgst.c wp_local.h 

Log message:
Consolidate whirlpool into a single C file.

Buy a vowel at the same time, since we're no longer limited to 8.3 file
names.

Discussed with tb@

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 20:38:45

Removed files:
lib/libcrypto/whrlpool/asm: wp-mmx.pl wp-x86_64.pl 

Log message:
Remove now unused assembly implementations of whirlpool.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 20:33:45

Modified files:
lib/libcrypto  : Makefile 
lib/libcrypto/arch/aarch64: Makefile.inc 
lib/libcrypto/arch/alpha: Makefile.inc 
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/arm: Makefile.inc 
lib/libcrypto/arch/hppa: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 
lib/libcrypto/arch/mips64: Makefile.inc 
lib/libcrypto/arch/powerpc: Makefile.inc 
lib/libcrypto/arch/powerpc64: Makefile.inc 
lib/libcrypto/arch/riscv64: Makefile.inc 
lib/libcrypto/arch/sparc64: Makefile.inc 

Log message:
Move wp_block.c to the primary Makefile.

This is now built on all platforms.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 20:30:25

Modified files:
regress/lib/libcrypto/symbols: symbols.awk 

Log message:
Remove CMS special now that we do not depend on pem.h being included first.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 20:28:51

Modified files:
lib/libcrypto/cms: cms.h 

Log message:
Stop playing #ifdef HEADER_PEM_H games in cms.h.

Rather than making prototypes appear and disappear depending on whether
or not you've included pem.h before cms.h, just include pem.h from cms.h
itself.

ok joshua@ tb@

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 20:22:18

Modified files:
lib/libcrypto/err: err_all.c 
lib/libcrypto/pem: pem.h 

Log message:
Stop using pem2.h.

Somewhere in the past 25 years, the circular dependency between err and pem
went away. Stop pulling in pem2.h and just use pem.h directly (pem2.h can
probably be removed at some point, but that remains for another day).

ok joshua@ tb@

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 19:27:42

Modified files:
lib/libcrypto/aes/asm: aes-x86_64.pl 

Log message:
Rename AES_cbc_encrypt to aes_cbc_encrypt_internal for the SEH handlers.

Should fix windows build.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 19:24:07

Modified files:
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 

Log message:
Stop building whirlpool assembly on amd64 and i386.

This is a legacy algorithm and the assembly is only marginally faster than
the C code.

Discussed with beck@ and tb@

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 18:16:22

Modified files:
lib/libcrypto/whrlpool: wp_dgst.c 

Log message:
Apply style(9) hammer.

The code is still a horrific mess, but at least the braces are in the right
place...

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 06:52:58

Modified files:
lib/libcrypto  : Makefile 
lib/libcrypto/aes: aes.c 
lib/libcrypto/arch/aarch64: Makefile.inc 
lib/libcrypto/arch/alpha: Makefile.inc 
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/arm: Makefile.inc 
lib/libcrypto/arch/hppa: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 
lib/libcrypto/arch/mips64: Makefile.inc 
lib/libcrypto/arch/powerpc: Makefile.inc 
lib/libcrypto/arch/powerpc64: Makefile.inc 
lib/libcrypto/arch/riscv64: Makefile.inc 
lib/libcrypto/arch/sparc64: Makefile.inc 
Removed files:
lib/libcrypto/aes: aes_cbc.c 

Log message:
Merge aes_cbc.c into aes.c now that aes_cbc.c is used on all platforms.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 06:28:48

Modified files:
lib/libcrypto/aes: aes_cbc.c 
lib/libcrypto/aes/asm: aes-586.pl aes-x86_64.pl 
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 

Log message:
Make AES_cbc_encrypt() always be a C function.

Rename the assembly generated functions from AES_cbc_encrypt() to
aes_cbc_encrypt_internal(). Always include aes_cbc.c and change it
to use defines that are similar to those used in BN.

ok tb@

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 06:11:26

Modified files:
lib/libcrypto/rc4: rc4.c 

Log message:
Use static inline for rc4_set_key_internal().

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 06:09:09

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Remove unused SM3_Transform()

Along with the misnamed SM3_transform() prototype.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 06:04:38

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Rename SM3_block_data_order() and make static.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 05:23:35

Removed files:
lib/libcrypto  : md32_common.h 

Log message:
Remove md32_common.h since it is now (finally) unused.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 05:22:58

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Rework loads and stores for sm3.

Replace loads with crypto_load_be32toh() or be32toh(). Use
crypto_store_htobe32() or htobe32() for stores.

ok tb@

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 05:21:12

Modified files:
lib/libcrypto  : x86cpuid.pl 

Log message:
Remove .init section that calls OPENSSL_cpuid_setup on i386.

OPENSSL_cpuid_setup() is already called from OPENSSL_crypto_init(), hence
we do not need or want automatic initialisation on library load.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 05:16:32

Modified files:
lib/libcrypto  : x86_64cpuid.pl 

Log message:
Remove .init section that calls OPENSSL_cpuid_setup on amd64.

OPENSSL_cpuid_setup() is already called from OPENSSL_crypto_init(), hence
we do not need or want automatic initialisation on library load.

ok tb@

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 04:45:30

Modified files:
lib/libcrypto/ripemd: ripemd.c 

Log message:
Rework loads and stores in ripemd.

Replace loads with crypto_load_le32toh() or le32toh(). Use
crypto_store_htole32() or htole32() for stores.

ok joshua@ tb@

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 02:37:03

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Expand ROTATE macro to crypto_rol_u32().

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 02:36:13

Modified files:
lib/libcrypto  : crypto_internal.h 

Log message:
Include stdint.h since we use uint*_t types.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 02:33:14

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Inline initial hash values.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 02:31:11

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Remove no unnecessary do { } while (0);

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 02:30:25

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Inline HASH_MAKE_STRING.

No change to generated assembly.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 02:26:42

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Expand HASH_* defines.

No change in generated assembly.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 02:13:11

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Reorder functions.

No functional change.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 02:04:27

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Tidy includes.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 02:01:01

Modified files:
lib/libcrypto/sm3: sm3.c 

Log message:
Inline functions from md32_common.h.

No change in generated assembly.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 02:00:08

Modified files:
lib/libcrypto/md4: md4.c 
lib/libcrypto/md5: md5.c 

Log message:
Load in the top of the loop, as we do for other hash implementations.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 01:29:41

Modified files:
lib/libcrypto/ripemd: ripemd.c 

Log message:
Remove now unnecessary do { } while (0);

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 01:28:48

Modified files:
lib/libcrypto/ripemd: ripemd.c 

Log message:
Inline HASH_MAKE_STRING.

No change in generated assembly.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 01:13:02

Modified files:
lib/libcrypto/ripemd: ripemd.c 

Log message:
Expand ROTATE macro to crypto_rol_u32().

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 01:06:12

Modified files:
lib/libcrypto/sha: sha1.c 

Log message:
Demacro sha1.

Replace macros with static inline functions and use names that follow
the spec more closely. Unlike SHA256/SHA512, the functions and constants do
not align with the number of words loaded, which means we cannot easily loop
and just end up just unrolling everything.

ok joshua@ tb@

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 01:04:21

Modified files:
lib/libcrypto/ripemd: ripemd.c 

Log message:
Inline initial hash values.

CVS: cvs.openbsd.org: src

2024-03-28 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/28 01:03:25

Modified files:
lib/libcrypto/ripemd: ripemd.c 

Log message:
Clean up various defines and prototypes.

No assembly implementations remain, hence we can clean the mess up and
replace it with a single static void function.

CVS: cvs.openbsd.org: src

2024-03-27 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/27 23:21:20

Modified files:
lib/libcrypto/ripemd: ripemd.c 

Log message:
Tidy includes.

CVS: cvs.openbsd.org: src

2024-03-27 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/27 23:16:11

Modified files:
lib/libcrypto/ripemd: ripemd.c 

Log message:
Expand HASH_* defines.

No change to generated assembly.

CVS: cvs.openbsd.org: src

2024-03-27 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/27 23:00:27

Modified files:
lib/libcrypto/ripemd: ripemd.c 

Log message:
Reorder functions.

No functional change.

CVS: cvs.openbsd.org: src

2024-03-27 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/27 22:56:47

Modified files:
lib/libcrypto/ripemd: ripemd.c 

Log message:
Inline functions from md32_common.h for ripemd.

No change to generated assembly.

CVS: cvs.openbsd.org: src

2024-03-27 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/27 22:23:02

Modified files:
lib/libcrypto/sha: sha256.c 

Log message:
Fix line wrapping.

CVS: cvs.openbsd.org: src

2024-03-27 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/27 20:09:28

Modified files:
lib/libcrypto  : Makefile 

Log message:
Remove fallback files that are now always included in the build.

CVS: cvs.openbsd.org: src

2024-03-27 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/27 19:57:00

Modified files:
lib/libcrypto  : Makefile 
lib/libcrypto/arch/aarch64: Makefile.inc 
lib/libcrypto/arch/alpha: Makefile.inc 
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/arm: Makefile.inc 
lib/libcrypto/arch/hppa: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 
lib/libcrypto/arch/mips64: Makefile.inc 
lib/libcrypto/arch/powerpc: Makefile.inc 
lib/libcrypto/arch/powerpc64: Makefile.inc 
lib/libcrypto/arch/riscv64: Makefile.inc 
lib/libcrypto/arch/sparc64: Makefile.inc 

Log message:
Move rc4.c to primary Makefile.

This is now built on all platforms.

CVS: cvs.openbsd.org: src

2024-03-27 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/27 19:49:29

Modified files:
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 
lib/libcrypto/rc4: rc4.c 
lib/libcrypto/rc4/asm: rc4-586.pl rc4-x86_64.pl 

Log message:
Use C functions for RC4 public API.

Rather than having public API switch between C and assembly, always
use C functions as entry points, which then call an assembly
implementation (if available). This makes it significantly easier
to deal with symbol aliasing/namespaces and it also means we
benefit from vulnerability prevention provided by the C compiler.

Rename the assembly generated functions from RC4() to rc4_internal()
and RC4_set_key() to rc4_set_key_internal(). Always include rc4.c
and change it to use defines that are similar to those used in BN.

ok beck@ joshua@ tb@

CVS: cvs.openbsd.org: src

2024-03-27 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/27 19:41:16

Modified files:
lib/libcrypto  : Makefile 
lib/libcrypto/arch/aarch64: Makefile.inc 
lib/libcrypto/arch/alpha: Makefile.inc 
lib/libcrypto/arch/amd64: Makefile.inc 
lib/libcrypto/arch/arm: Makefile.inc 
lib/libcrypto/arch/hppa: Makefile.inc 
lib/libcrypto/arch/i386: Makefile.inc 
lib/libcrypto/arch/mips64: Makefile.inc 
lib/libcrypto/arch/powerpc: Makefile.inc 
lib/libcrypto/arch/powerpc64: Makefile.inc 
lib/libcrypto/arch/riscv64: Makefile.inc 
lib/libcrypto/arch/sparc64: Makefile.inc 

Log message:
Move des sources to primary Makefile.

Now that all platforms use a C des implementation, move it to the primary
Makefile.

CVS: cvs.openbsd.org: src

2024-03-27 Thread Joel Sing

CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2024/03/27 19:35:22

Removed files:
lib/libcrypto/des/asm: des-586.pl des_enc.m4 desboth.pl 

Log message:
Remove now unused des assembly.

1 2 3 4 5 6 7 8 9 10 >

1 - 100 of 4126 matches

Mail list logo