IABSD.fr/src/lib

Branch :


Log

Author Commit Date CI Message
fb69fb32 2025-05-23 00:40:05 When commons were deprecated, noone noticed that malloc_options in static binaries had become unlinkable. Change the libc definition to weak to solve that, and to "const char * const" so that noone will try to set it late. It must be stable before the first malloc() call, which could be before main()... discussion with otto, kettenis, tedu
896a7df4 2025-05-22 12:44:14 Do a clean up pass over the GCM code. Rework some logic, add explicit numerical checks, move assignment out of variable declaration and use post-increment/post-decrement unless there is a specific reason to do pre-increment. ok kenjiro@ tb@
38645cd8 2025-05-22 12:33:36 Use timingsafe_memcmp() in CRYPTO_gcm128_finish(). When checking the GCM tag, use timingsafe_memcmp() instead of memcmp(). ok tb@
a10bf9eb 2025-05-22 08:25:26 Simplify SSL_alert_desc_string SSL_alert_desc_string() is only used by our good old friends M2Crypto and Net::SSLeay. While some of the two-letter combinations can be made sense of without looking at the switch, I guess, this is just a completely useless interface. The same level of uselessness can be acchieved in a single line matching BoringSSL. ok joshua kenjiro
52de8363 2025-05-21 12:12:42 Reorder some functions.
772bd68a 2025-05-21 12:11:23 Remove GHASH_CHUNK and size_t related code from GCM encrypt/decrypt. This adds significant complexity to the code. On amd64 and aarch64 it results in a minimal slowdown for aligned inputs and a performance improvement for unaligned inputs. ok beck@ joshua@ tb@
ac7f5714 2025-05-21 11:37:07 Fix wrapping.
824f3632 2025-05-21 11:03:48 Remove now unused AES assembly generation scripts.
1800984b 2025-05-21 03:57:59 Remove more unused code. Discussed with tb@
ec8168ae 2025-05-21 03:53:20 Add NULL checks to HKDF and TLS1-PRF EVP_PKEY cleanup functions Check if ctx->data is NULL before calling freezero(). Also add HKDF and TLS1-PRF to the EVP_PKEY cleanup regression test, as they no longer crash with this change. ok tb@
9869d7d0 2025-05-21 02:18:11 Fix buffer size in MLKEM1024_marshal_public_key() Initialize the output buffer with MLKEM1024_PUBLIC_KEY_BYTES instead of MLKEM768_PUBLIC_KEY_BYTES. ok tb@
1c23c815 2025-05-21 01:27:29 Merge remaining parts of tzcode2013d. Fixes potential issues on 32-bit systems where time_t is 64-bit but long is 32-bit. OK tb@
48596faa 2025-05-20 18:21:34 Unbreak GHASH on some architectures setting GHASH_ASM The last #else branch in CRYPTO_gcm128_init() doesn't initialize the function pointers for gmult/ghash, which results in a segfault when using GCM on architectures taking this branch, notably sparc64. found by and fix from jca
c4fd9e40 2025-05-20 09:25:40 Simplify err_build_SYS_str_reasons This is currently done in a rather silly way. Shift the index by 1 and avoid weird pointer dances. Rather than relying on static initialization, use code to obviate a comment. ok beck joshua jsing
4d5c6b99 2025-05-20 07:47:43 Fix previous - names use underscores and not hyphens.
c46aa735 2025-05-20 05:42:40 Add ML-KEM768 Hybrid Kems to obj_mac.num ok tb@, joshua@
95a83615 2025-05-20 05:41:47 Add ML-KEM768 Hybrid Kems to objects.txt ok tb@, joshua@
87f63e75 2025-05-20 05:39:08 Don't use the array index as the group_id This is a precursor to adding new group ids for post quantum stuff which are up in the 4000 range, so using the array index as the group id will be silly. Instead we just add the group id to the structure and we walk the list to find it. This should never be a very large list for us, so no need to do anything cuter than linear search for now. ok jsing@, joshua@
da0eb453 2025-05-20 02:43:01 document EFTYPE, clarify +t on file behaviour; OK millert
513d920f 2025-05-20 00:33:40 Make MLKEM1024_marshal_private_key consistent with the public_key funcitons Even though this should remain internal, make it the same as the public key marshal function, and make the needed fallout changes in regress. ok kenjiro@, tb@
f7309d00 2025-05-20 00:30:38 Whitespace nits from tb ok tb@
2fc058fc 2025-05-19 07:53:00 Fix up MLKEM768_marshal_private_key to not use a passed in CBB Even though this should remain internal, make it the same as the public key marshal function, and make the needed fallout changes in regress. This does not yet do the bikeshed of renaming the structure field in the regress ctx, that will wait until a follow on to convert 1024 in a similar manner ok tb@
c11128da 2025-05-19 07:40:17 Remove the boringssl if || ideom from mlkem ok jsing@, joshua@
423d77d9 2025-05-19 06:50:48 nd6_debug sysctl is gone. input & OK kn, OK bluhm
c0402f88 2025-05-19 06:47:40 API changes for ML-KEM - Get rid of CBB/CBS usage in public api - Make void functions return int that can fail if malloc fails. Along with some fallout and resulting bikeshedding in the regress tests. ok jsing@, tb@
db896637 2025-05-19 04:32:51 Simplify EVP AES code for ECB. AES_ecb_encrypt() does not really do ECB - provide an aes_ecb_encrypt_internal that actually does multiple blocks and call this from aes_ecb_cipher(). Provide ECB with its own key initialisation function, which allows aes_init_key() to be simplified considerably. The block function pointer is now unused, so mop this up. ok joshua@ tb@
a151dcdd 2025-05-19 04:01:07 Remove block128_f function casts. Provide aes_{en,de}crypt_block128() which have correct function signatures and use these when calling the various mode functions. ok joshua@ tb@
b7c26f81 2025-05-19 03:55:09 Simplify EVP AES code for OFB. Provide AES-NI with its own aesni_ofb_cipher() and switch aes_ofb_cipher() to call AES_ofb128_encrypt() directly. ok joshua@ tb@
1184d9e8 2025-05-19 01:49:23 Simplify EVP AES code for CFB. Provide AES-NI with its own aesni_cfb*_cipher() functions, which then allows us to change the existing aes_cfb*_cipher() functions to () to call AES_cfb*_encrypt() directly. ok beck@ tb@
3094a09a 2025-05-18 20:44:30 EC_POINT_new: wording tweaks in the BUGS section
79839f6c 2025-05-18 11:11:12 Simplify EVP AES code for CTR. Provide AES-NI with its own aesni_ctr_cipher(), which then allows us to change aes_ctr_cipher() to call AES_ctr128_encrypt() directly. The stream.ctr function pointer is now unused and can be mopped up. ok beck@ tb@
8562f4b1 2025-05-18 11:07:45 Unifdef AES_CTR_ASM. This is a remnant from s390x assembly.
f0ec6e16 2025-05-18 09:47:38 Simplify EVP code for AES CBC. Change aes_cbc_cipher() to call AES_cbc_encrypt() directly, rather than via the stream.cbc function pointer. Remove stream.cbc since it is no longer used. Also provide a separate aes_cbc_init_key() function which makes this standalone and does not require checking mode flags. ok joshua@ tb@
3f7d12af 2025-05-18 09:21:29 add missing u64/uint64_t conversion ok jsing@
6da293ff 2025-05-18 09:05:59 Use stdint types instead of u64/u32/u8. No change in generated assembly.
5b96f810 2025-05-18 07:26:09 Remove contortions with the rem_4bit table. Instead of using size_t and a PACK macro, store the entries as uint16_t and then uncondtionally left shift 48 bits. This gives a small performance gain on some architectures and has the advantage of reducing the size of the table from 1024 bits to 256 bits. ok beck@ joshua@ tb@
6decc3d5 2025-05-18 07:13:48 Inline REDUCE1BIT macro. The REDUCE1BIT macro is now only used in one place, so just inline it. Additionally we do not need separate 32 bit and 64 bit versions - just use the 64 bit version and let the compiler deal with it (we effectively get the same code on i386). ok beck@ joshua@
21b9f6be 2025-05-18 06:38:11 bio_mem: avoid pointer arithmetic on NULL Prompted by a diff by Kenjiro Nakayama ok jsing
656fe457 2025-05-18 06:32:36 rc2: two files escaped the lure of the attic, set these poor souls free
8c960797 2025-05-17 14:43:17 Remove TABLE_BITS from gcm128. TABLE_BITS is always currently defined as 4 - 8 is considered to be insecure due to timing leaks and 1 is considerably slower. Remove code that is not regularly tested, does not serve a lot of purpose and is making clean up harder than it needs to be. ok tb@
c505c9db 2025-05-17 07:46:49 Set EOVERFLOW for overflow conditions to match POSIX. This brings the wprintf family of functions back in sync with printf family of functions which have been already adjusted. While at it, also sync the documentation to explain possible errno values. OK deraadt@, millert@
007267a8 2025-05-16 15:09:26 Replace GCM_MUL/GHASH defines with static inline functions. Rather than having defines for GCM_MUL/GHASH (along with the wonder that is GCM_FUNCREF_4BIT) then conditioning on their availability, provide and call gcm_mul()/gcm_ghash() unconditionally. This simplifies all of the call sites. ok tb@
f47d9bee 2025-05-16 14:24:39 Use %lld to format a time_t, not %ld
f07d4489 2025-05-16 13:54:31 Merge changes from tzcode2013a o Mark functions that have no side effects with __pure. o settzname: Ensure that tzname values are set. OK tb@
31eb8153 2025-05-12 05:40:24 Use EC_POINT_[sg]et_affine_coordinates() It is available in all supported OpenSSL flavors/versions and the _GFp variants will be removed from LibreSSL. ok hshoexer jsing
836be986 2025-05-10 19:01:16 Increase default PKCS12_SALT_LEN from 8 to 16 bytes Currently PKCS12_setup_mac() function uses salt length of 8 bytes / 64 bits when no salt length is specified. Increase this fallback default to 16 bytes / 128 bits, as recommended by NIST SP 800-132. Note this is for interoperability purposes. Some FIPS implementations enforce minimum salt length of 16 bytes. Examples of such FIPS implemenations are Bouncycastle FIPS Java API and Chainguard FIPS Provider for OpenSSL. Also future v3.6 release of OpenSSL will also increase the default salt length to 16 bytes. From Dimitri John Ledkov, thanks
9ae92282 2025-05-10 11:51:01 asn_moid: move inclusion of err_local.h to the proper place
8f25c064 2025-05-10 09:44:39 kqueue: Implement EVFILT_USER Implement EVFILT_USER in kqueue(2)/kevent(2). This allows user-triggerable events with plain kevent(2). EVFILT_USER originally appeared in FreeBSD but is now available also in DragonFly BSD, NetBSD, and macOS, and probably others. The maximum number of user events is limited per process. The limit (1024) is hard-coded at the moment. Manual page tweak by jmc@ tedu@ likes this OK mvs@
ef68f023 2025-05-10 06:45:46 Sort FOOerror() in ASCII order
5ec83552 2025-05-10 06:35:22 Simplify the remaining FOOerror() Redirect through an additional macro that adds the repeated function, file and line macros. Reduces the eyesore and makes the whole thing much more redable. similar to a suggestion by jsing a while back
e223f0a4 2025-05-10 06:22:08 Remove unused internal FOOerror() pointed out by djm a while back
a0eb9462 2025-05-10 06:17:09 Remove error macros except PEMerr(), RSAerr() and SSLerr() These three are still used in about half a dozen ports. All the others are unused. ok jsing
bdb0d0cc 2025-05-10 06:04:36 ssl_local.h: stop guarding SYSerror() with an #ifdef
3e51b078 2025-05-10 06:03:38 Move the internal FOOerror() to err_local.h These are now only used in libcrypto. They should never have been in a public header in the first place. ok jsing
27854fe4 2025-05-10 05:54:38 Use err_local.h rather than err.h in most places ok jsing
e3034ce0 2025-05-10 05:49:56 ssl_local: provide an SSL-internal version of SYSerror()
a77d91e1 2025-05-10 05:49:21 SSL_error_internal: remove a superfluous pair of parens
b4e54e6f 2025-05-10 05:37:22 ssl_local.h: adjust some whitespace
a7723dc5 2025-05-10 05:31:21 const correct SSL_error_internal()
fa4c866e 2025-05-09 13:24:37 Garbage collect docs of BIO_dump{,_indent}_{cb,fp}() The _cb() variants were only documented as intentionally undocumented. Be that as it may, they left the building more than a year ago.
11b3a765 2025-05-09 13:05:03 bss_log.c: don't rely on err.h pulling in bio.h ok jsing
c4e503b4 2025-05-04 15:58:48 Fix up two markup mistakes with .Fn and .Xr
8ee62dda 2025-05-04 10:53:38 sigh. pqueue_find() also needs a const treatment
e37f3117 2025-05-04 10:47:46 pqueue.h: zap trailing whitespace
f7843586 2025-05-04 10:47:02 const correct first argument of pitem_new() Makes upcoming changes in regress less ugly.
7639f023 2025-05-04 05:10:14 Remove the X9.62 prime239v{1,2,3} curves While RFC 3279 allows these curves for use in X.509 certificates (*), no one actually does this. Certs using these curves cannot be used for TLS and the curves aren't accepted by FIPS either. codesearch shows no actual uses of these curves, only their OIDs are listed. At this point these have become useless historical baggage. ok jsing (*) Of the 27 curves listed in RFC 3279 the only one that seems to have seen actual use in certificates is P-256.
8077efd2 2025-05-04 04:57:48 Move P-256 where it belongs ok jsing
53b64951 2025-05-03 10:15:50 Fix typo in curve comment: P224r2 -> P224t1
d84d1dff 2025-05-03 08:39:33 CTASSERT that internal pub/priv keys match the sizes exposed in mlkem.h This will need reworking (especially deduplicating) anyway, but it doesn't hurt now. From Kenjiro Nakayama
4a539f7d 2025-05-01 07:27:11 More space around .Dl + a typo on top
fe009f23 2025-05-01 00:35:23 lhash: add missing spaces before assignment operator
8e2d8607 2025-04-30 13:50:50 tlsext: stop sending SNI before ALPN in clients All supported releases of LibreSSL ensure that the corresponding callbacks are called in a predefined order rather than honoring the order in which a client sends its extensions. Therefore the ALPN callback for apache-httpd's virtual host setups can rely on SNI information being available and we no longer need to work around this on hte client side. Cuts the amount of code needed for tlsext randomization in half. ok jsing
eacfe1d9 2025-04-29 17:44:00 remove references to fs.posix.setuid; ok tedu
3f9d9c64 2025-04-29 02:24:32 remove the rest of the CTL_FS posix setuid sysctl
fc8da380 2025-04-28 17:42:42 EC_GROUP_check.3: rephrase a sentence to avoid a word repetition
487be35a 2025-04-28 17:41:55 EC_GROUP_new_by_curve_name.3: escape a - in code.
a436290e 2025-04-26 09:03:03 EC_POINT_point2oct: remove in_ prefix in RETURN VALUES
d1a18d55 2025-04-26 07:07:29 EC_GROUP_new_curve_GFp: some fixes in the RETURN VALUE section
104763b8 2025-04-26 05:31:27 Fix markup for EC_GROUP_set_point_conversion_form
5df3696e 2025-04-25 20:04:09 Fix up a few dangling references
4f0d0653 2025-04-25 19:57:12 Rework EC documentation This replaces the giant, poor quality and outdated EC_GROUP_copy.3, EC_GROUP_new.3, and EC_POINT_new.3 manuals with seven new manuals written from scratch. * EC_GROUP_new_by_curve_name() is the entry point for builtin curves, * EC_GROUP_new_curve_GFp() describes lower level API that should not usually be needed apart from a handful of accessors. * EC_GROUP_check() contains two functions that applications should not need because either you know for certain something is an elliptic curve (so these checks are pointless) or you should not use it. * EC_GROUP_get_curve_name() describes some low level ASN.1 footguns and corresponding getters. * EC_POINT_new() contains the simple EC_POINT allocation and freeing API * EC_POINT_get_affine_coordinates() contains the coordinate accessors * EC_POINT_point2oct() is about encoding elliptic curve points While all this is quite far from perfect, the diff is getting too big and it will be easier to improve this in tree. It is definitely more repetitive than I would like it to be. Reviews, tweaks and general feedback are of course welcome. discussed with jsing
8431d98b 2025-04-25 12:11:17 BN_new: zap an anachronistic admonition -This type should be considered opaque and fields should not be modified -or accessed directly. The type has long been opaque and reasonable people will not do things that permit them to access the fields of opaque types directly. Of course, in the vicinity of OpenSSL code and API all sorts of insanity actually exist.
46ec9d37 2025-04-25 12:08:53 Restore two #if defined(GHASH) that were incorrectly removed. Also condition on defined(GHASH_CHUNK) since this is used within these blocks. This makes the conditionals consistent with other usage. Fixes build with TABLE_BITS == 1.
b55deaa6 2025-04-25 08:26:57 Unifdef OPENSSL_SMALL_FOOTPRINT. ok tb@
e4cddd55 2025-04-25 08:19:22 Use the OPENSSL_SMALL_FOOTPRINT code in gcm_init_4bit(). A modern compiler will unroll these loops - LLVM produces identical code (at least on arm64). Drop the manually unrolled version and have code that is more readable and maintainable. ok tb@
99b9efbb 2025-04-23 14:15:19 Mop up all of the GETU32/BSWAP4/BSWAP8 macros since they're now unused. ok beck@ tb@
b2c8f86f 2025-04-23 14:12:38 Rewrite gcm_gmult_1bit() to avoid sizeof(long) hacks. We're already using 64 bit variables, so just continue to do so and let the compiler deal with code generation. While here, use unsigned right shifts instead of relying on signed right shifts and implementation-defined behaviour (which the original code did). Feedback from lucas@ ok beck@ tb@
d68c0f8c 2025-04-23 10:58:48 Fix CRYPTO_gcm128_decrypt() when compiled with TABLE_BITS == 1. This appears to have been broken since 2013 when OpenSSL commit 3b4be0018b5 landed. This added in_t and out_t variables, but continued to use in and out instead. Yet another reason why untested conditional code is a bad thing. ok beck@ tb@
917643c9 2025-04-23 10:09:08 Unifdef OPENSSL_SMALL_FOOTPRINT. We do not build with OPENSSL_SMALL_FOOTPRINT and it removes more untested code paths. Request by tb@ (and it was already on my TODO list!)
f3dd4eeb 2025-04-23 10:08:20 Unifdef OPENSSL_SMALL_FOOTPRINT. We do not build with OPENSSL_SMALL_FOOTPRINT and it removes more untested code paths. Request by tb@ (and it was already on my TODO list!)
6e00e926 2025-04-22 14:09:20 Mop up OPENSSL_FIPSAPI define.
b002cf96 2025-04-22 14:08:24 Use OPENSSL_assert() instead of assert(). While here, tidy up the assignment of n and test directly. ok tb@
729143ef 2025-04-22 14:03:05 Remove now unused PUTU32 macros from modes_local.h. ok tb@
5474eaba 2025-04-22 14:01:07 Use crypto_load_be32toh()/crypto_store_htobe32() instead of GETU32/PUTU32. ok tb@
e3757882 2025-04-21 16:01:18 Mop up unused MODES_DEBUG.
96f14f6c 2025-04-21 16:00:14 Fix another #include that was hiding.
c93b9566 2025-04-21 15:54:32 Tidy includes.
b21238fd 2025-04-21 12:23:09 Use standard integer types rather than custom typedefs. Replace u32 with uint32_t, remove unused u16 and replace u8 with uint8_t. ok tb@
4b40278a 2025-04-20 09:17:53 Move AES public functions from aes_core.c to aes.c. This is where almost all of the public functions exist. ok beck@ tb@
ebe9080c 2025-04-18 13:25:03 Fix indentation and line wrapping.