A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.3.5 2018-11-07T18:31:16+00:00 2018-11-07T18:31:16+00:00 tb 2018-11-07T18:31:16+00:00 urn:sha1:1ccfdc4633eea23918743a87973b287510d77c28 non-overlapping *in and *out buffers as we're already implementing the "in place (un)wrapping" algorithms as given in RFC 3394. This removes a gratuitous API difference to OpenSSLin these undocumented functions. Found while working on wycheproof regress tests. ok beck jsing 2018-10-20T15:53:09+00:00 tb 2018-10-20T15:53:09+00:00 urn:sha1:030940374172037385e4db118b4bec57b798f314 for wrapping and, accordingly, three 64 bit blocks for unwrapping. That is: we need at least 16 bytes for wrapping and 24 bytes for unwrapping. This also matches the lower bounds that OpenSSL have in their CRYPTO_128_{un,}wrap() functions. In fact, if we pass an input with 'inlen < 8' to AES_unwrap_key(), this results in a segfault since then inlen -= 8 underflows. Found while playing with the Wycheproof keywrap test vectors. ok bcook 2018-04-03T21:59:37+00:00 tb 2018-04-03T21:59:37+00:00 urn:sha1:426a421e14686f45bc9d7f73c4ea02bac4262e4d 2018-01-07T12:35:52+00:00 kettenis 2018-01-07T12:35:52+00:00 urn:sha1:849b82a11d72ca02a63517d93855de2ddddff11b the assembly code in libcrypto assumes unaligned access is allowed for ARMv7. Make these paths conditional on __STRICT_ALIGNMENT not being defined and define __STRICT_ALIGNMENT in arm_arch.h for OpenBSD. ok tom@ 2017-12-11T05:48:01+00:00 deraadt 2017-12-11T05:48:01+00:00 urn:sha1:06a79a412573b1755b84374f8fdb1970ca59f1b6 My read of this: Long time ago (Think Conan, not dinasaurs) during the race to make speedier processors, a cpu vendor built a pipeline with a bad stall, and proposed a tremendously hasky workaround. A wizard adopted this into his perl scroll, and failed to reflect later when no compiler adopted the practice. This relic remains at the tail end of some functions in OpenSSL as ".byte 0xf3,0xc3". Banish it straight to hell. ok mlarkin, others also stared blankly 2016-12-21T15:49:29+00:00 jsing 2016-12-21T15:49:29+00:00 urn:sha1:18adabd97858ed28289c9dc31e8042c515840be4 Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@ 2016-11-04T17:30:30+00:00 miod 2016-11-04T17:30:30+00:00 urn:sha1:1a12fc8399638223feca8f853e2ac2cc22eeb471 meaningful constants in a private header file, so that reviewers can actually get a chance to figure out what the code is attempting to do without knowing all cpuid bits. While there, turn it from an array of two 32-bit ints into a properly aligned 64-bit int. Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will now always use OPENSSL_cpu_caps() and check for the proper bits in the whole 64-bit word it returns. i386 tests and ok jsing@ 2016-09-04T14:31:29+00:00 jsing 2016-09-04T14:31:29+00:00 urn:sha1:d613aa0d6ef93fa8587113d3e866da6c582bdd0d ok deraadt@ 2016-09-04T14:06:46+00:00 jsing 2016-09-04T14:06:46+00:00 urn:sha1:08b60d422d5acc1a98c47af6c53680ea9cc45bc2 ok deraadt@ 2015-11-05T21:59:13+00:00 miod 2015-11-05T21:59:13+00:00 urn:sha1:06241eadbc6296ead3b3ead7f6260bc292c81890 24 bits; if we don't, Td4[] gets cast to signed int, and according to C>=99 6.5.7, signed int shifted by enough bits to cause a the sign bit to be set is an UB. Reported by Pascal Cuoq on behalf of the trust-in-soft.com mafia I am {partial,slightly related} to.