A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6 2024-06-01T08:11:44+00:00 2024-06-01T08:11:44+00:00 tb 2024-06-01T08:11:44+00:00 urn:sha1:190b65bcba805bde4d88ae0942543e183a2f3891 2024-06-01T07:44:11+00:00 tb 2024-06-01T07:44:11+00:00 urn:sha1:2d4c4d8a62665e7e18f808fffc2503822482f6d7 requested by jsing on review 2024-06-01T07:36:17+00:00 tb 2024-06-01T07:36:17+00:00 urn:sha1:0cd26255605cab2a8643bb8585c4148069240e3c HMAC() and the one-step digests used to support passing a NULL buffer and would return the digest in a static buffer. This design is firmly from the nineties, not thread safe and it saves callers a single line. The few ports that used to rely this were fixed with patches sent to non-hostile (and non-dead) upstreams. It's early enough in the release cycle that remaining uses hidden from the compiler should be caught, at least the ones that matter. There won't be that many since BoringSSL removed this feature in 2017. https://boringssl-review.googlesource.com/14528 Add non-null attributes to the headers and add a few missing bounded attributes. ok beck jsing 2024-03-28T07:06:12+00:00 jsing 2024-03-28T07:06:12+00:00 urn:sha1:40ab5b46122eb72915f2ceb3598d2af6b9accaa9 Replace macros with static inline functions and use names that follow the spec more closely. Unlike SHA256/SHA512, the functions and constants do not align with the number of words loaded, which means we cannot easily loop and just end up just unrolling everything. ok joshua@ tb@ 2024-03-28T04:23:02+00:00 jsing 2024-03-28T04:23:02+00:00 urn:sha1:315693de05b08c3f051a52e78d7a801d8025ee4e 2024-03-26T12:54:22+00:00 jsing 2024-03-26T12:54:22+00:00 urn:sha1:b77719ed8e84324dfca3cf384b8c08a3f0d310ec Use be32toh(), htobe32() and crypto_{load,store}_htobe32() as appropriate. Also use the same while() loop that is used for other hash functions. ok joshua@ tb@ 2024-02-24T15:30:14+00:00 tb 2024-02-24T15:30:14+00:00 urn:sha1:c730c3b3b1845cc7c4a4aceff2031f1135faa6bb cet.h is needed for other platforms to emit the relevant .gnu.properties sections that are necessary for them to enable IBT. It also avoids issues with older toolchains on macOS that explode on encountering endbr64. based on a diff by kettenis ok beck kettenis 2023-08-11T15:27:28+00:00 jsing 2023-08-11T15:27:28+00:00 urn:sha1:2ea556a1c666b7176ccef64d78e376f1bfabef7c Now that we're no longer dependent on md32_common.h, stop including it. Remove various defines that only existed for md32_common.h usage. 2023-08-11T15:25:36+00:00 jsing 2023-08-11T15:25:36+00:00 urn:sha1:e5c37e5e9f9d7f447090e5f144afac1bcc9341d9 Replace macros with static inline functions, as well as writing out the variable rotations instead of trying to outsmart the compiler. Also pull the message schedule update up and complete it prior to commencement of the round. Also use rotate right, rather than transposed rotate left. Overall this is more readable and more closely follows the specification. On some platforms (e.g. aarch64) there is no noteable change in performance, while on others there is a significant improvement (more than 25% on arm). ok miod@ tb@ 2023-08-10T07:15:23+00:00 jsing 2023-08-10T07:15:23+00:00 urn:sha1:13ecebf7d6c58d65f6df008731bbb41f4c2be2f6 This is a hack that is only enabled on a handful of 64 bit platforms, as a workaround for poor compiler optimisation. If you're running an archiac compiler on an archiac architecture, then you can deal with slightly lower performance. ok tb@