openbsd/src/lib/libcrypto/aes, branch OPENBSD_7_2 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_2 2022-07-30T13:51:31+00:00 Add stack frames to AES-NI x86_64 assembly. 2022-07-30T13:51:31+00:00 jsing 2022-07-30T13:51:31+00:00 urn:sha1:30f1a78757d14295127ac8f3bff0c411fc8a0911 The current AES-NI x86_64 assembly does some strange, although valid things, such as making internal function calls without creating stack frames. In this case, the return address lands in the red zone (which it allows for when making use of the stack) and everything works as expected. However, this trips a false positive in valgrind, which seems to think that any data saved on the stack prior to the internal function call is now "undefined" once the function returns. Avoid this by actually using stack frames - this brings in most of 6a40ebe86b4 from OpenSSL, omitting the unnecessary explicit stack alignment (which was apparently added so this code could be used in the Linux kernel with an incorrectly aligned stack). Valgrind issue reported by Steffen Jaeckel (@sjaeckel), found via libstrophe unit tests. ok tb@ Use memmove instead of memcpy for overlapping memory 2022-01-22T00:43:41+00:00 inoguchi 2022-01-22T00:43:41+00:00 urn:sha1:a1bf0e94d1d1be83c314efb2e94ca9dfabffae16 CID 250936 251103 OK beck@ jsing@ millert@ tb@ Use memmove() instead of memcpy() to get rid of the need for 2018-11-07T18:31:16+00:00 tb 2018-11-07T18:31:16+00:00 urn:sha1:1ccfdc4633eea23918743a87973b287510d77c28 non-overlapping *in and *out buffers as we're already implementing the "in place (un)wrapping" algorithms as given in RFC 3394. This removes a gratuitous API difference to OpenSSLin these undocumented functions. Found while working on wycheproof regress tests. ok beck jsing RFC 3394 section 2 states that we need at least two 64 bit blocks 2018-10-20T15:53:09+00:00 tb 2018-10-20T15:53:09+00:00 urn:sha1:030940374172037385e4db118b4bec57b798f314 for wrapping and, accordingly, three 64 bit blocks for unwrapping. That is: we need at least 16 bytes for wrapping and 24 bytes for unwrapping. This also matches the lower bounds that OpenSSL have in their CRYPTO_128_{un,}wrap() functions. In fact, if we pass an input with 'inlen < 8' to AES_unwrap_key(), this results in a segfault since then inlen -= 8 underflows. Found while playing with the Wycheproof keywrap test vectors. ok bcook KNF: move two opening curly braces of function bodies to their own lines 2018-04-03T21:59:37+00:00 tb 2018-04-03T21:59:37+00:00 urn:sha1:426a421e14686f45bc9d7f73c4ea02bac4262e4d On OpenBSD/armv7 we deliberately trap unaligned access. Unfortunately 2018-01-07T12:35:52+00:00 kettenis 2018-01-07T12:35:52+00:00 urn:sha1:849b82a11d72ca02a63517d93855de2ddddff11b the assembly code in libcrypto assumes unaligned access is allowed for ARMv7. Make these paths conditional on __STRICT_ALIGNMENT not being defined and define __STRICT_ALIGNMENT in arm_arch.h for OpenBSD. ok tom@ http://repzret.org/p/repzret/ 2017-12-11T05:48:01+00:00 deraadt 2017-12-11T05:48:01+00:00 urn:sha1:06a79a412573b1755b84374f8fdb1970ca59f1b6 My read of this: Long time ago (Think Conan, not dinasaurs) during the race to make speedier processors, a cpu vendor built a pipeline with a bad stall, and proposed a tremendously hasky workaround. A wizard adopted this into his perl scroll, and failed to reflect later when no compiler adopted the practice. This relic remains at the tail end of some functions in OpenSSL as ".byte 0xf3,0xc3". Banish it straight to hell. ok mlarkin, others also stared blankly Explicitly export a list of symbols from libcrypto. 2016-12-21T15:49:29+00:00 jsing 2016-12-21T15:49:29+00:00 urn:sha1:18adabd97858ed28289c9dc31e8042c515840be4 Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@ Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by 2016-11-04T17:30:30+00:00 miod 2016-11-04T17:30:30+00:00 urn:sha1:1a12fc8399638223feca8f853e2ac2cc22eeb471 meaningful constants in a private header file, so that reviewers can actually get a chance to figure out what the code is attempting to do without knowing all cpuid bits. While there, turn it from an array of two 32-bit ints into a properly aligned 64-bit int. Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will now always use OPENSSL_cpu_caps() and check for the proper bits in the whole 64-bit word it returns. i386 tests and ok jsing@ Less S390. 2016-09-04T14:31:29+00:00 jsing 2016-09-04T14:31:29+00:00 urn:sha1:d613aa0d6ef93fa8587113d3e866da6c582bdd0d ok deraadt@