openbsd/src/lib/libcrypto/mlkem, branch OPENBSD_7

openbsd/src/lib/libcrypto/mlkem, branch OPENBSD_7_7 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_7 2025-03-28T12:17:16+00:00 typos: us -> is, te -> the (twice) 2025-03-28T12:17:16+00:00 tb 2025-03-28T12:17:16+00:00 urn:sha1:88db2f5852df3e02e139cc00bca104a07aa0a4ea Fix typo: multipy -> multiply 2025-01-03T08:19:24+00:00 tb 2025-01-03T08:19:24+00:00 urn:sha1:c6e381d24484f1d816ac45b3ad277202cd45110c Reflow the comment to avoid some very unfortunate line wraps. "Note that" is like "literally" a bunch of generally useless noise and best omitted. Do not assume mlkem.h and bytestring.h are public in libcrypto 2024-12-19T23:52:26+00:00 tb 2024-12-19T23:52:26+00:00 urn:sha1:b3603514668e75c05a1c5fd2790d630535217361 As long as is not quite clear what we want to do about the public API aspect of MLKEM, keep things internal for now. discussed with beck and jsing mlkem: fix whitespace 2024-12-18T10:55:21+00:00 tb 2024-12-18T10:55:21+00:00 urn:sha1:e225fd4c5925e3d3400574d34b206c1692bcea15 Avoid a reduce once that can cause Clang misoptomization. 2024-12-17T17:06:10+00:00 beck 2024-12-17T17:06:10+00:00 urn:sha1:0041335a5da26af316acae55edc47de3ee74dcb3 Some versions of Clang compile this to non-constant time code. The fix is adapted from boring. For full details see: https://boringssl-review.googlesource.com/c/boringssl/+/74447 ok tb@ Plug two memory leaks in MLKEM*_generate_key_external_entropy() 2024-12-17T07:13:47+00:00 tb 2024-12-17T07:13:47+00:00 urn:sha1:e213ffbcbebdc06b6bf1aefe2e6aa8391ca02b4b This needs more thinking. These are void functions that allocate... Left an XXX for now. From Kenjiro Nakayama mlkem: clean up top matter in headers 2024-12-17T06:43:32+00:00 tb 2024-12-17T06:43:32+00:00 urn:sha1:f6e2d2266415fd6b005faa7b805d8f56684e0668 Add ML-KEM 1024 from BoringSSL 2024-12-13T00:17:18+00:00 beck 2024-12-13T00:17:18+00:00 urn:sha1:ee07c6bc022a26df0601ff3acffd488777cb32fa Changes include conversion from C++, basic KNF, then adaptation to use our sha3 functions for sha3 and shake instead of the BorinSSL version. This Adds units tests to run against BoringSSL and NIST test vectors. The future public API is the same as Boring's - but is not yet exposed pending making bytestring.h public (which will happen separately) and a minor bump Currently this will just ensure we build and run regress. ok tb@ to get it into the tree and massage from there. KNF nit tb wanted me to fix 2024-12-13T00:09:02+00:00 beck 2024-12-13T00:09:02+00:00 urn:sha1:6d94ba19b3aad3bfdeca665a771586c1a68a3f66 Add ML-KEM 768 from BoringSSL 2024-12-13T00:03:57+00:00 beck 2024-12-13T00:03:57+00:00 urn:sha1:c3bf83f7cf1ff567aae1e260425898b2af6bf4cc Changes include conversion from C++, basic KNF, then adaptation to use our sha3 functions for sha3 and shake instead of the BorinSSL version. This Adds units tests to run against BoringSSL and NIST test vectors. The future public API is the same as Boring's - but is not yet exposed pending making bytesring.h public (which will happen separately) and a minor bump Currently this will just ensure we build and run regress. ok tb@ to get it into the tree and massage from there.