openbsd/src/lib/libcrypto/modes, branch OPENBSD_7_6 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6 2024-09-06T09:57:32+00:00 Reenable AES-NI in libcrypto 2024-09-06T09:57:32+00:00 tb 2024-09-06T09:57:32+00:00 urn:sha1:de922e906737ea318d3a84723ec68b62581dd51c The OPENSSL_cpu_caps() change after the last bump missed a crucial bit: there is more MD mess in the MI code than anticipated, with the result that AES is now used without AES-NI on amd64 and i386, hurting machines that previously greatly benefitted from it. Temporarily add an internal crypto_cpu_caps_ia32() API that returns the OPENSSL_ia32cap_P or 0 like OPENSSL_cpu_caps() previously did. This can be improved after the release. Regression reported and fix tested by Mark Patruck. No impact on public ABI or API. with/ok jsing PS: Next time my pkg_add feels very slow, I should perhaps not mechanically blame IEEE 802.11... Add a few missing endbr64 to libcrypto 2024-02-24T17:53:20+00:00 tb 2024-02-24T17:53:20+00:00 urn:sha1:2c66b949eac93a66838f31bcbbd5e3c769038538 gcm_{gmult,ghash}_4bit(), aesni_ccm64_decrypt_blocks(), aes_cbc_encrypt(), and aesni_xts_{en,de}crypt() were overlooked in previous passes. Found with a diff for ld.lld by kettenis ok kettenis Replace uses of endbr64 with _CET_ENDBR from cet.h 2024-02-24T15:30:14+00:00 tb 2024-02-24T15:30:14+00:00 urn:sha1:c730c3b3b1845cc7c4a4aceff2031f1135faa6bb cet.h is needed for other platforms to emit the relevant .gnu.properties sections that are necessary for them to enable IBT. It also avoids issues with older toolchains on macOS that explode on encountering endbr64. based on a diff by kettenis ok beck kettenis Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386 2024-01-24T15:24:28+00:00 tb 2024-01-24T15:24:28+00:00 urn:sha1:6db1ed1feaf59b64e81222f16bc861cdb38889ad This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6. The code path is only reachable on machines without FXSR or PCLMUL. ok jsing Avoid a four byte overread in gcm_ghash_4bit() on amd64. 2024-01-24T13:39:44+00:00 jsing 2024-01-24T13:39:44+00:00 urn:sha1:00bd760df094460f9eef0ddf96b36d21660bc5ed The assembly code for gcm_ghash_4bit() reads one too many times from Xi, resulting in a four byte overread. Prevent this by not loading the next value in the final iteration of the loop. If another full iteration is required the next Xi value will be loaded at the top of the outer_loop. Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding and reporting this issue, along with a detailed reproducer. Same diff from deraadt@ ok tb@ Improve byte order handling in gcm128. 2023-08-10T07:18:43+00:00 jsing 2023-08-10T07:18:43+00:00 urn:sha1:57fb22bed4878a004183540db78caf8da42e64b3 Replace a pile of byte order handling mess with htobe*() and be*toh(). ok tb@ Hide symbols in modes.h 2023-07-08T14:56:54+00:00 beck 2023-07-08T14:56:54+00:00 urn:sha1:92f05086c3ac20f5ecd50bf024faf42cd8d87ce2 ok tb@ Hit modes with the loving mallet of knfmt 2023-07-08T14:55:36+00:00 beck 2023-07-08T14:55:36+00:00 urn:sha1:4f899716cb251019c62cd8513613dd6011120a9a ok tb@ xts128 mode: avoid two -Wshadow warnings in the BIG_ENDIAN code path. 2023-05-07T14:38:04+00:00 tb 2023-05-07T14:38:04+00:00 urn:sha1:b636157a143eeba2e11ada9659b55728a9f0cbe9 Found by, compile tested & ok bluhm. Remove CTS mode 2023-04-25T17:54:10+00:00 tb 2023-04-25T17:54:10+00:00 urn:sha1:c6ff6e6d0b18990be9d85a02fdf3241622890d01 ok jsing