| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
All supported releases of LibreSSL ensure that the corresponding callbacks
are called in a predefined order rather than honoring the order in which a
client sends its extensions. Therefore the ALPN callback for apache-httpd's
virtual host setups can rely on SNI information being available and we no
longer need to work around this on hte client side. Cuts the amount of code
needed for tlsext randomization in half.
ok jsing
|
|
The next commit will remove the kludge for compatibility of Apache with
older libressl, so remove the corresponding regress coverage and only
check that PSK is the last extension.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This replaces the giant, poor quality and outdated EC_GROUP_copy.3,
EC_GROUP_new.3, and EC_POINT_new.3 manuals with seven new manuals
written from scratch.
* EC_GROUP_new_by_curve_name() is the entry point for builtin curves,
* EC_GROUP_new_curve_GFp() describes lower level API that should not
usually be needed apart from a handful of accessors.
* EC_GROUP_check() contains two functions that applications should not
need because either you know for certain something is an elliptic
curve (so these checks are pointless) or you should not use it.
* EC_GROUP_get_curve_name() describes some low level ASN.1 footguns
and corresponding getters.
* EC_POINT_new() contains the simple EC_POINT allocation and freeing API
* EC_POINT_get_affine_coordinates() contains the coordinate accessors
* EC_POINT_point2oct() is about encoding elliptic curve points
While all this is quite far from perfect, the diff is getting too big
and it will be easier to improve this in tree. It is definitely more
repetitive than I would like it to be.
Reviews, tweaks and general feedback are of course welcome.
discussed with jsing
|
|
-This type should be considered opaque and fields should not be modified
-or accessed directly.
The type has long been opaque and reasonable people will not do things
that permit them to access the fields of opaque types directly. Of course,
in the vicinity of OpenSSL code and API all sorts of insanity actually exist.
|
|
Also condition on defined(GHASH_CHUNK) since this is used within these
blocks. This makes the conditionals consistent with other usage.
Fixes build with TABLE_BITS == 1.
|
|
ok tb@
|
|
A modern compiler will unroll these loops - LLVM produces identical code
(at least on arm64). Drop the manually unrolled version and have code that
is more readable and maintainable.
ok tb@
|
|
ok beck@ tb@
|
|
We're already using 64 bit variables, so just continue to do so and let
the compiler deal with code generation. While here, use unsigned right
shifts instead of relying on signed right shifts and implementation-defined
behaviour (which the original code did).
Feedback from lucas@
ok beck@ tb@
|
|
This appears to have been broken since 2013 when OpenSSL commit 3b4be0018b5
landed. This added in_t and out_t variables, but continued to use in and
out instead. Yet another reason why untested conditional code is a bad
thing.
ok beck@ tb@
|
|
We do not build with OPENSSL_SMALL_FOOTPRINT and it removes more untested
code paths.
Request by tb@ (and it was already on my TODO list!)
|
|
|
|
While here, tidy up the assignment of n and test directly.
ok tb@
|
|
ok tb@
|
|
ok tb@
|
|
|
|
|
|
|
|
Replace u32 with uint32_t, remove unused u16 and replace u8 with uint8_t.
ok tb@
|
|
This is where almost all of the public functions exist.
ok beck@ tb@
|
|
Feedback OK tb
|
|
|
|
The bitsliced and vector permutation AES implementations were created
around 2009, in attempts to speed up AES on Intel hardware. Both require
SSSE3 which existed from around 2006. Intel introduced AES-NI in 2008 and
a large percentage of Intel/AMD CPUs made in the last 15 years include it.
AES-NI is significantly faster and requires less code.
Furthermore, the BS-AES and VP-AES implementations are wired directly into
EVP (as is AES-NI currently), which means that any consumers of the AES_*
API are not able to benefit from acceleration. Removing these greatly
simplifies the EVP AES code - if you just happen to have a CPU that
supports SSSE3 but not AES-NI, then you'll now use the regular AES assembly
implementations instead.
ok kettenis@ tb@
|
|
|
|
ok jsing
|
|
ok tb@
|
|
|
|
ok tb@
|
|
ok tb@
|
|
ok tb@
|
|
The mix of SHA256 and SHA-256 is jarring, so use FIPS's spelling.
Leave HMAC-SHA256 as it is and fix a nearby RIPEMD-160.
|
|
Now that libc is fixed, we can do this also for md5, rmd160 and sha1.
|
|
|
|
Prompted by a pending diff by claudio
|
|
ok jmc jsing
|
|
The nineties called and wanted their garbage back.
ok jsing
|
|
gcc 14 needs a hint that ld != NULL beyond the use of ld->data in the
previous line. I guess aggressive inlining is becoming too aggressive.
What a pile of junk.
|
|
Some OS declare arc4random() with __attribute__((warn_unused_result))
causing this test to whine. So explicitly ignore the return value.
Reported by scheiba in libressl/portable
Fixes #1151
|
|
|
|
|
|
|
|
|
