CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/22 08:50:45 Modified files: regress/lib/libssl/asn1: asn1test.c regress/lib/libssl/tlsext: tlsexttest.c Log message: Revise regress to match cipher suite values change.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/22 08:47:15 Modified files: lib/libssl : s3_lib.c ssl_asn1.c ssl_ciph.c ssl_ciphers.c ssl_clnt.c ssl_local.h ssl_pkt.c ssl_sess.c ssl_srvr.c ssl_txt.c tls13_client.c tls13_server.c Log message: Use cipher suite values instead of IDs. OpenSSL has had the concept of cipher IDs, which were a way of working around overlapping cipher suite values between SSLv2 and SSLv3. Given that we no longer have to deal with this issue, replace the use of IDs with cipher suite values. In particular, this means that we can stop mapping back and forth between the two, simplifying things considerably. While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[] table is no longer mutable, meaning that ciphers cannot be disabled at runtime (and we have `#if 0' if we want to do it at compile time). Clean up the comments and add/update RFC references for cipher suites. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/19 22:04:23 Modified files: lib/libssl : d1_pkt.c ssl_asn1.c ssl_ciph.c ssl_clnt.c ssl_lib.c ssl_local.h ssl_pkt.c ssl_sess.c ssl_srvr.c ssl_txt.c t1_enc.c tls13_client.c tls13_server.c Log message: Remove cipher from SSL_SESSION. For a long time SSL_SESSION has had both a cipher ID and a pointer to an SSL_CIPHER (and not both are guaranteed to be populated). There is also a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher being used for this connection. Some code has been using the cipher from SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE. Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE everywhere. If resuming from a session then we need to use the SSL_SESSION cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE cipher changes (this only occurs in a few places). ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/19 02:54:31 Modified files: lib/libssl : s3_lib.c ssl_lib.c ssl_local.h ssl_sess.c ssl_srvr.c tls13_server.c Log message: Move client ciphers from SSL_SESSION to SSL_HANDSHAKE. SSL_SESSION has a 'ciphers' member which contains a list of ciphers that were advertised by the client. Move this from SSL_SESSION to SSL_HANDSHAKE and rename it to match reality. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/19 02:56:17 Modified files: lib/libssl : ssl_clnt.c ssl_srvr.c Log message: Annotate issues with tls_session_secret_cb() related code.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/17 09:01:22 Modified files: regress/lib/libssl/ciphers: cipherstest.c Log message: Enable regress for SSL_CIPHER_get_handshake_digest() Turns out this is already linked statically.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/17 08:51:54 Modified files: regress/lib/libssl/ciphers: cipherstest.c Log message: Rework cipher find test to also provide coverage for SSL_CIPHER_*()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/16 08:38:59 Modified files: regress/lib/libssl/unit: tls_prf.c Log message: Update regress for removal of SSL_HANDSHAKE_MAC_DEFAULT.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/16 08:38:04 Modified files: lib/libssl : s3_lib.c ssl_ciph.c ssl_local.h Log message: Clean up SSL_HANDSHAKE_MAC_DEFAULT. The handshake MAC needs to be upgraded when TLSv1.0 and TLSv1.1 ciphersuites are used with TLSv1.2. Since we no longer support TLSv1.0 and TLSv1.1, we can simply upgrade the handshake MAC in the ciphersuite table and remove the various defines/macros/code that existed to handle the upgrade. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/15 08:45:15 Modified files: lib/libssl : s3_lib.c ssl_local.h Log message: Mop up TLS1_PRF* defines. These have not been used for a long time, however SSL_CIPHER was not opaque at the time, hence they had to stick around. Now that SSL_CIPHER is opaque we can simply mop them up. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/06/30 08:13:08 Modified files: lib/libcrypto/lhash: lhash.c lhash_local.h Log message: Remove lhash statistics. These are not exactly useful and we previously stopped exposing them. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/06/28 07:37:49 Modified files: lib/libssl : ssl_packet.c Log message: Remove handling of SSLv2 client hello messages. This code was only previously enabled if the minimum enabled version was TLSv1.0 and a non-version locked method is in use. Since TLSv1.0 and TLSv1.1 were disabled nearly a year ago, this code is no longer ever being used. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/06/25 08:10:45 Modified files: lib/libssl : Makefile ssl_local.h ssl_srvr.c Log message: Implement RSA key exchange in constant time. RSA key exchange is known to have multiple security weaknesses, including being potentially susceptible to padding oracle and timing attacks. The RSA key exchange code that we inherited from OpenSSL was riddled with timing leaks, many of which we fixed (or minimised) early on. However, a number of issues still remained, particularly those related to libcrypto's RSA decryption and padding checks. Rework the RSA key exchange code such that we decrypt with RSA_NO_PADDING and then check the padding ourselves in constant time. In this case, the pre-master secret is of a known length, hence the padding is also a known length based on the size of the RSA key. This makes it easy to implement a check that is much safer than having RSA_private_decrypt() depad for us. Regardless, we still strongly recommend disabling RSA key exchange and using other key exchange methods that provide perfect forward secrecy and do not depend on client generated keys. Thanks to Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky, Joerg Schwenk and Hubert Kario for raising these issues with us at various points in time. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/06/22 10:38:31 Modified files: lib/libcrypto/lhash: lhash.c Log message: Remove the less-than-useful change log. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/06/22 10:33:00 Modified files: lib/libcrypto/bn: bn_convert.c Log message: Rewrite BN_bn2mpi() using CBB. The content is effectively a u32 length prefixed field, so use CBB_add_u32_length_prefixed(). Use BN_bn2binpad() rather than manually padding if we need to extend and use sensible variable names so that the code becomes more readable. Note that since CBB can fail we now need to be able to indicate failure. This means that BN_bn2mpi() can now return -1 when it would not have previously (correct callers will check that BN_bn2mpi() returns a positive length). ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/06/22 09:32:51 Modified files: lib/libcrypto/bytestring: bs_cbb.c bytestring.h Log message: Sync bytestring from libssl.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/06/22 09:25:06 Modified files: lib/libssl : bs_cbb.c bytestring.h Log message: Provide CBB_add_u32_length_prefixed(). This is needed for an upcoming change in libcrypto. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/05/08 09:13:23 Modified files: regress/lib/libcrypto/lhash: lhash_test.c Log message: Add more regress coverage for lhash.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/05/07 07:40:42 Modified files: lib/libcrypto/lhash: lhash.c Log message: Reorder functions and drop static function prototypes. No functional change.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/05/06 08:38:20 Modified files: lib/libcrypto/lhash: lhash.c Log message: Fix function wrapping.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/05/06 08:37:26 Modified files: regress/lib/libcrypto: Makefile Log message: Enable lhash regress.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/05/06 08:36:05 Modified files: lib/libcrypto/lhash: lhash.c Log message: Guard call to contract() from doall_util_fn(). It is not safe to unconditionally call contract() - when called repeatedly it will shrink the bucket array to zero and then attempt to access that allocation on the next call. Use the same guard that is used in lh_delete(). Issue found when investigating haproxy crashes reported by wizard-it on GitHub. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/05/06 08:31:25 Added files: regress/lib/libcrypto/lhash: Makefile lhash_test.c Log message: Provide initial regress for lhash. For now, this is very limited and only tests calling lh_doall_arg() multiple times on an empty linked hash. This process currently triggers a SIGSEGV, which will be soon fixed.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/05/06 08:24:21 src/regress/lib/libcrypto/lhash Update of /cvs/src/regress/lib/libcrypto/lhash In directory cvs.openbsd.org:/tmp/cvs-serv75180/lhash Log Message: Directory /cvs/src/regress/lib/libcrypto/lhash added to the repository
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/25 08:27:29 Modified files: regress/lib/libcrypto: Makefile Added files: regress/lib/libcrypto/crypto: Makefile crypto_test.c Log message: Add regress coverage for crypto_ct_*_u8()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/25 08:19:45 src/regress/lib/libcrypto/crypto Update of /cvs/src/regress/lib/libcrypto/crypto In directory cvs.openbsd.org:/tmp/cvs-serv77624/crypto Log Message: Directory /cvs/src/regress/lib/libcrypto/crypto added to the repository
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/17 08:47:17 Modified files: lib/libcrypto/bn: bn_convert.c Log message: Rewrite BN_mpi2bn() using CBS and bn_bin2bn_cbs(). ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/17 08:45:46 Modified files: lib/libcrypto/bn: bn_convert.c Log message: Rewrite BN_lebin2bn() using CBS. We get an implementation of this for free by having bn_bin2bn_cbs() use CBS_get_u8() instead of CBS_get_last_u8(). ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/17 08:43:37 Modified files: lib/libcrypto : crypto_internal.h Log message: Provide constant time operations for uint8_t. These will be used in upcoming changes. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/17 02:51:11 Modified files: regress/lib/libcrypto/bn: bn_convert.c Log message: Add regress coverage for BN_lebin2bn().
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/16 07:14:46 Modified files: lib/libcrypto/bn: bn_convert.c Log message: Invert BN_BITS2 handling in bn_bin2bn_cbs() and bn_hex2bn_cbs(). This results in simpler code. Suggested by tb@ during review.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/16 07:11:37 Modified files: lib/libcrypto/bn: bn_convert.c Log message: Rewrite BN_bin2bn() using CBS. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/16 07:07:14 Modified files: lib/libcrypto/bn: bn_lib.c bn_local.h Log message: Provide bn_expand_bytes(). This will be used in an upcoming change. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/16 07:04:05 Modified files: lib/libcrypto/bn: bn_convert.c bn_lib.c bn_local.h Log message: Rename bn_expand() to bn_expand_bits(). Also change the bits type from int to size_t, since that's what the callers are passing and we can avoid unnecessary input validation. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/15 08:36:16 Modified files: regress/lib/libcrypto/bn: bn_bits.c Log message: Enable negative zero checks for BN_clear_bit() and BN_mask_bits().
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/15 08:35:25 Modified files: lib/libcrypto/bn: bn_lib.c Log message: Prevent negative zero from being created via BN bit functions. Both BN_clear_bit() and BN_mask_bits() can create zero values - in both cases ensure that the negative sign is correctly handled if the value becomes zero. Thanks to Guido Vranken for providing a reproducer. Fixes oss-fuzz #67901 ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/09 08:59:57 Modified files: regress/lib/libcrypto/bn: Makefile Added files: regress/lib/libcrypto/bn: bn_bits.c Log message: Add initial regress for BN_set_bit(), BN_clear_bit() and BN_mask_bits().
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/04/09 08:56:21 Modified files: regress/lib/libcrypto/bn: bn_convert.c Log message: Add regress coverage for BN_bn2mpi()/BN_mpi2bn().
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 22:34:17 Modified files: lib/libcrypto/rsa: rsa_pk1.c Log message: Rewrite RSA_padding_add_PKCS1_type_{1,2}() with CBS/CBB. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 20:20:39 Modified files: regress/lib/libcrypto/rsa: rsa_padding_test.c Log message: Do multiple padding add/check iterations. This increases the chance of triggering bugs due to input and/or randomised padding.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 18:36:14 Modified files: regress/lib/libcrypto/rsa: Makefile Added files: regress/lib/libcrypto/rsa: rsa_padding_test.c Log message: Add initial regress for RSA padding.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 18:34:40 Modified files: regress/lib/libcrypto/dsa: Makefile regress/lib/libcrypto/rsa: Makefile Log message: Tidy indentation. Requested by tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 18:32:13 Modified files: regress/lib/libcrypto/dsa: Makefile regress/lib/libcrypto/rsa: Makefile Log message: Remove -app2_1 flags being passed to dsa and rsa regress. Nothing does flag handling in these tests.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 05:19:01 Modified files: lib/libcrypto/aes: aes_core.c Log message: Tweak defines since the Td4 table is only used for AES_{encrypt,decrypt}
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 05:00:58 Modified files: lib/libcrypto/aes: aes_core.c lib/libcrypto/aes/asm: aes-586.pl aes-armv4.pl aes-mips.pl aes-parisc.pl aes-ppc.pl aes-sparcv9.pl aes-x86_64.pl lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/arm: Makefile.inc lib/libcrypto/arch/hppa: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc lib/libcrypto/arch/mips64: Makefile.inc lib/libcrypto/arch/sparc64: Makefile.inc Log message: Always use C functions for AES_{encrypt,decrypt}(). Always provide AES_{encrypt,decrypt}() via C functions, which then either use a C implementation or call the assembly implementation. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 01:45:36 Removed files: lib/libcrypto/idea: i_cbc.c Log message: Remove previously missed idea file.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 01:36:38 Modified files: lib/libcrypto : Makefile Added files: lib/libcrypto/cast: cast.c Removed files: lib/libcrypto/cast: c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c cast_s.h Log message: Consolidate cast code.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 01:26:21 Modified files: lib/libcrypto : Makefile lib/libcrypto/camellia: camellia.c Removed files: lib/libcrypto/camellia: cmll_cbc.c cmll_cfb.c cmll_ctr.c cmll_ecb.c cmll_local.h cmll_misc.c cmll_ofb.c Log message: Consolidate camellia code.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 01:24:09 Modified files: lib/libcrypto : Makefile lib/libcrypto/arch/aarch64: Makefile.inc lib/libcrypto/arch/alpha: Makefile.inc lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/arm: Makefile.inc lib/libcrypto/arch/hppa: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc lib/libcrypto/arch/mips64: Makefile.inc lib/libcrypto/arch/powerpc: Makefile.inc lib/libcrypto/arch/powerpc64: Makefile.inc lib/libcrypto/arch/riscv64: Makefile.inc lib/libcrypto/arch/sparc64: Makefile.inc Log message: Move camellia to primary Makefile. These files are now built on all platforms.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 01:09:37 Removed files: lib/libcrypto/camellia/asm: cmll-x86.pl cmll-x86_64.pl Log message: Remove now unused camellia assembly implementations.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 01:06:21 Modified files: lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc Log message: Stop building camellia assembly on amd64 and i386. This is a legacy algorithm and the assembly is only marginally faster than the C code. Discussed with beck@ and tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/29 00:03:21 Modified files: lib/libcrypto : Makefile lib/libcrypto/arch/aarch64: Makefile.inc lib/libcrypto/arch/alpha: Makefile.inc lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/arm: Makefile.inc lib/libcrypto/arch/hppa: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc lib/libcrypto/arch/mips64: Makefile.inc lib/libcrypto/arch/powerpc: Makefile.inc lib/libcrypto/arch/powerpc64: Makefile.inc lib/libcrypto/arch/riscv64: Makefile.inc lib/libcrypto/arch/sparc64: Makefile.inc Log message: Move aes_core.c to the primary Makefile. This is now built on all platforms.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 23:23:50 Modified files: lib/libcrypto : Makefile Added files: lib/libcrypto/idea: idea.c Removed files: lib/libcrypto/idea: i_cfb64.c i_ecb.c i_ofb64.c i_skey.c Log message: Consolidate idea into a single C file.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 23:03:48 Modified files: lib/libcrypto/rc2: rc2_local.h Log message: Remove unused n2ln, l2nn, n2l and l2n macros.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 22:39:54 Modified files: lib/libcrypto/aes: aes_core.c lib/libcrypto/aes/asm: aes-586.pl aes-armv4.pl aes-mips.pl aes-x86_64.pl lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/arm: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc lib/libcrypto/arch/mips64: Makefile.inc Log message: Always use C functions for AES_set_{encrypt,decrypt}_key(). Always include aes_core.c and provide AES_set_{encrypt,decrypt}_key() via C functions, which then either use a C implementation or call the assembly implementation. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 20:41:49 Modified files: lib/libcrypto : Makefile Added files: lib/libcrypto/whrlpool: whirlpool.c Removed files: lib/libcrypto/whrlpool: wp_block.c wp_dgst.c wp_local.h Log message: Consolidate whirlpool into a single C file. Buy a vowel at the same time, since we're no longer limited to 8.3 file names. Discussed with tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 20:38:45 Removed files: lib/libcrypto/whrlpool/asm: wp-mmx.pl wp-x86_64.pl Log message: Remove now unused assembly implementations of whirlpool.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 20:33:45 Modified files: lib/libcrypto : Makefile lib/libcrypto/arch/aarch64: Makefile.inc lib/libcrypto/arch/alpha: Makefile.inc lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/arm: Makefile.inc lib/libcrypto/arch/hppa: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc lib/libcrypto/arch/mips64: Makefile.inc lib/libcrypto/arch/powerpc: Makefile.inc lib/libcrypto/arch/powerpc64: Makefile.inc lib/libcrypto/arch/riscv64: Makefile.inc lib/libcrypto/arch/sparc64: Makefile.inc Log message: Move wp_block.c to the primary Makefile. This is now built on all platforms.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 20:30:25 Modified files: regress/lib/libcrypto/symbols: symbols.awk Log message: Remove CMS special now that we do not depend on pem.h being included first.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 20:28:51 Modified files: lib/libcrypto/cms: cms.h Log message: Stop playing #ifdef HEADER_PEM_H games in cms.h. Rather than making prototypes appear and disappear depending on whether or not you've included pem.h before cms.h, just include pem.h from cms.h itself. ok joshua@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 20:22:18 Modified files: lib/libcrypto/err: err_all.c lib/libcrypto/pem: pem.h Log message: Stop using pem2.h. Somewhere in the past 25 years, the circular dependency between err and pem went away. Stop pulling in pem2.h and just use pem.h directly (pem2.h can probably be removed at some point, but that remains for another day). ok joshua@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 19:27:42 Modified files: lib/libcrypto/aes/asm: aes-x86_64.pl Log message: Rename AES_cbc_encrypt to aes_cbc_encrypt_internal for the SEH handlers. Should fix windows build.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 19:24:07 Modified files: lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc Log message: Stop building whirlpool assembly on amd64 and i386. This is a legacy algorithm and the assembly is only marginally faster than the C code. Discussed with beck@ and tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 18:16:22 Modified files: lib/libcrypto/whrlpool: wp_dgst.c Log message: Apply style(9) hammer. The code is still a horrific mess, but at least the braces are in the right place...
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 06:52:58 Modified files: lib/libcrypto : Makefile lib/libcrypto/aes: aes.c lib/libcrypto/arch/aarch64: Makefile.inc lib/libcrypto/arch/alpha: Makefile.inc lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/arm: Makefile.inc lib/libcrypto/arch/hppa: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc lib/libcrypto/arch/mips64: Makefile.inc lib/libcrypto/arch/powerpc: Makefile.inc lib/libcrypto/arch/powerpc64: Makefile.inc lib/libcrypto/arch/riscv64: Makefile.inc lib/libcrypto/arch/sparc64: Makefile.inc Removed files: lib/libcrypto/aes: aes_cbc.c Log message: Merge aes_cbc.c into aes.c now that aes_cbc.c is used on all platforms.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 06:28:48 Modified files: lib/libcrypto/aes: aes_cbc.c lib/libcrypto/aes/asm: aes-586.pl aes-x86_64.pl lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc Log message: Make AES_cbc_encrypt() always be a C function. Rename the assembly generated functions from AES_cbc_encrypt() to aes_cbc_encrypt_internal(). Always include aes_cbc.c and change it to use defines that are similar to those used in BN. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 06:11:26 Modified files: lib/libcrypto/rc4: rc4.c Log message: Use static inline for rc4_set_key_internal().
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 06:09:09 Modified files: lib/libcrypto/sm3: sm3.c Log message: Remove unused SM3_Transform() Along with the misnamed SM3_transform() prototype.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 06:04:38 Modified files: lib/libcrypto/sm3: sm3.c Log message: Rename SM3_block_data_order() and make static.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 05:23:35 Removed files: lib/libcrypto : md32_common.h Log message: Remove md32_common.h since it is now (finally) unused.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 05:22:58 Modified files: lib/libcrypto/sm3: sm3.c Log message: Rework loads and stores for sm3. Replace loads with crypto_load_be32toh() or be32toh(). Use crypto_store_htobe32() or htobe32() for stores. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 05:21:12 Modified files: lib/libcrypto : x86cpuid.pl Log message: Remove .init section that calls OPENSSL_cpuid_setup on i386. OPENSSL_cpuid_setup() is already called from OPENSSL_crypto_init(), hence we do not need or want automatic initialisation on library load.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 05:16:32 Modified files: lib/libcrypto : x86_64cpuid.pl Log message: Remove .init section that calls OPENSSL_cpuid_setup on amd64. OPENSSL_cpuid_setup() is already called from OPENSSL_crypto_init(), hence we do not need or want automatic initialisation on library load. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 04:45:30 Modified files: lib/libcrypto/ripemd: ripemd.c Log message: Rework loads and stores in ripemd. Replace loads with crypto_load_le32toh() or le32toh(). Use crypto_store_htole32() or htole32() for stores. ok joshua@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 02:37:03 Modified files: lib/libcrypto/sm3: sm3.c Log message: Expand ROTATE macro to crypto_rol_u32().
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 02:36:13 Modified files: lib/libcrypto : crypto_internal.h Log message: Include stdint.h since we use uint*_t types.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 02:33:14 Modified files: lib/libcrypto/sm3: sm3.c Log message: Inline initial hash values.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 02:31:11 Modified files: lib/libcrypto/sm3: sm3.c Log message: Remove no unnecessary do { } while (0);
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 02:30:25 Modified files: lib/libcrypto/sm3: sm3.c Log message: Inline HASH_MAKE_STRING. No change to generated assembly.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 02:26:42 Modified files: lib/libcrypto/sm3: sm3.c Log message: Expand HASH_* defines. No change in generated assembly.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 02:13:11 Modified files: lib/libcrypto/sm3: sm3.c Log message: Reorder functions. No functional change.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 02:04:27 Modified files: lib/libcrypto/sm3: sm3.c Log message: Tidy includes.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 02:01:01 Modified files: lib/libcrypto/sm3: sm3.c Log message: Inline functions from md32_common.h. No change in generated assembly.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 02:00:08 Modified files: lib/libcrypto/md4: md4.c lib/libcrypto/md5: md5.c Log message: Load in the top of the loop, as we do for other hash implementations.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 01:29:41 Modified files: lib/libcrypto/ripemd: ripemd.c Log message: Remove now unnecessary do { } while (0);
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 01:28:48 Modified files: lib/libcrypto/ripemd: ripemd.c Log message: Inline HASH_MAKE_STRING. No change in generated assembly.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 01:13:02 Modified files: lib/libcrypto/ripemd: ripemd.c Log message: Expand ROTATE macro to crypto_rol_u32().
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 01:06:12 Modified files: lib/libcrypto/sha: sha1.c Log message: Demacro sha1. Replace macros with static inline functions and use names that follow the spec more closely. Unlike SHA256/SHA512, the functions and constants do not align with the number of words loaded, which means we cannot easily loop and just end up just unrolling everything. ok joshua@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 01:04:21 Modified files: lib/libcrypto/ripemd: ripemd.c Log message: Inline initial hash values.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/28 01:03:25 Modified files: lib/libcrypto/ripemd: ripemd.c Log message: Clean up various defines and prototypes. No assembly implementations remain, hence we can clean the mess up and replace it with a single static void function.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/27 23:21:20 Modified files: lib/libcrypto/ripemd: ripemd.c Log message: Tidy includes.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/27 23:16:11 Modified files: lib/libcrypto/ripemd: ripemd.c Log message: Expand HASH_* defines. No change to generated assembly.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/27 23:00:27 Modified files: lib/libcrypto/ripemd: ripemd.c Log message: Reorder functions. No functional change.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/27 22:56:47 Modified files: lib/libcrypto/ripemd: ripemd.c Log message: Inline functions from md32_common.h for ripemd. No change to generated assembly.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/27 22:23:02 Modified files: lib/libcrypto/sha: sha256.c Log message: Fix line wrapping.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/27 20:09:28 Modified files: lib/libcrypto : Makefile Log message: Remove fallback files that are now always included in the build.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/27 19:57:00 Modified files: lib/libcrypto : Makefile lib/libcrypto/arch/aarch64: Makefile.inc lib/libcrypto/arch/alpha: Makefile.inc lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/arm: Makefile.inc lib/libcrypto/arch/hppa: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc lib/libcrypto/arch/mips64: Makefile.inc lib/libcrypto/arch/powerpc: Makefile.inc lib/libcrypto/arch/powerpc64: Makefile.inc lib/libcrypto/arch/riscv64: Makefile.inc lib/libcrypto/arch/sparc64: Makefile.inc Log message: Move rc4.c to primary Makefile. This is now built on all platforms.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/27 19:49:29 Modified files: lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc lib/libcrypto/rc4: rc4.c lib/libcrypto/rc4/asm: rc4-586.pl rc4-x86_64.pl Log message: Use C functions for RC4 public API. Rather than having public API switch between C and assembly, always use C functions as entry points, which then call an assembly implementation (if available). This makes it significantly easier to deal with symbol aliasing/namespaces and it also means we benefit from vulnerability prevention provided by the C compiler. Rename the assembly generated functions from RC4() to rc4_internal() and RC4_set_key() to rc4_set_key_internal(). Always include rc4.c and change it to use defines that are similar to those used in BN. ok beck@ joshua@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/27 19:41:16 Modified files: lib/libcrypto : Makefile lib/libcrypto/arch/aarch64: Makefile.inc lib/libcrypto/arch/alpha: Makefile.inc lib/libcrypto/arch/amd64: Makefile.inc lib/libcrypto/arch/arm: Makefile.inc lib/libcrypto/arch/hppa: Makefile.inc lib/libcrypto/arch/i386: Makefile.inc lib/libcrypto/arch/mips64: Makefile.inc lib/libcrypto/arch/powerpc: Makefile.inc lib/libcrypto/arch/powerpc64: Makefile.inc lib/libcrypto/arch/riscv64: Makefile.inc lib/libcrypto/arch/sparc64: Makefile.inc Log message: Move des sources to primary Makefile. Now that all platforms use a C des implementation, move it to the primary Makefile.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/03/27 19:35:22 Removed files: lib/libcrypto/des/asm: des-586.pl des_enc.m4 desboth.pl Log message: Remove now unused des assembly.