| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RC4_CHUNK related code is intended to process native word sized
chunks if the input and output are naturally aligned. However, RC4_CHUNK
is currently a mess of machine dependent defines.
Replace this with uint64_t on all architectures - 64 bit architectures will
be happy with this and on 32 bit architectures the compiler can decompose
this into multiple 32 bit operations. Provide separate rc4_chunk()
implementations for big and little endian, since not all architectures
have a byte swap instruction that would make this a cheap conversion.
Thanks to gkoehler@ and tb@ for testing on big endian.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Provide a static inline rc4_step() function that replaces the near
identical RC4_STEP and RC4_LOOP macros. Simplify the processing loop and
use for loops with small constants, which the compiler can unroll if it
wants to do so.
Inline the SK_LOOP macro in rc4_set_key_internal(), also using a small loop
that the compiler will most likely unroll.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of the constants here are only defined if a specific header is in
scope. So move the machine-independent macros to those headers and lose
the header guards. Most of these should actually be typedefs but let's
change this when we're bumping the major since this technically has ABI
impact.
IDEA_INT RC2_INT and RC4_INT are always unsigned int
DES_LONG is always unsigned int except on i386
This preserves the existing situation on OpenBSD. If you're using
portable on i386 with a compiler that does not define __i386__,
there's an ABI break.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The RC4_INDEX define switches between base pointer indexing and per-byte
pointer increment. This supposedly made a huge difference to performance
on x86 at some point, however compilers have improved somewhat since then.
There is no change (or effectively no change) in generated assembly on
a the majority of LLVM platforms and even when there is some change
(e.g. aarch64), there is no noticable performance difference.
Simplify the (still messy) macros/code and mop up RC4_INDEX.
ok tb@
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
|
| |
Provide a per architecture crypto_arch.h - this will be used in a similar
manner to bn_arch.h and will allow for architecture specific #defines and
static inline functions. Move the HAVE_AES_* and HAVE_RC4_* defines here.
ok tb@
|
| | |
|
| |
|
|
| |
ok jsing tb beck
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than having public API switch between C and assembly, always
use C functions as entry points, which then call an assembly
implementation (if available). This makes it significantly easier
to deal with symbol aliasing/namespaces and it also means we
benefit from vulnerability prevention provided by the C compiler.
Rename the assembly generated functions from RC4() to rc4_internal()
and RC4_set_key() to rc4_set_key_internal(). Always include rc4.c
and change it to use defines that are similar to those used in BN.
ok beck@ joshua@ tb@
|
| |
|
|
| |
This is already disabled since it is "about 35% slower than C code".
|
| |
|
|
| |
Discussed with tb@
|
| |
|
|
|
| |
The stitched modes have been removed, so having assembly for them is of
little use.
|
| |
|
|
| |
Discussed with tb@
|
| |
|
|
| |
This does not exist in libcrypto.
|
| |
|
|
|
|
|
|
|
| |
cet.h is needed for other platforms to emit the relevant .gnu.properties
sections that are necessary for them to enable IBT. It also avoids issues
with older toolchains on macOS that explode on encountering endbr64.
based on a diff by kettenis
ok beck kettenis
|
| |
|
|
| |
build tested by miod
|
| |
|
|
|
|
|
|
|
|
| |
Various, ancient ciphers exposed some of their innards via an _options()
API. Apart from openssl version/speed, only some lua thingie in nmap ever
looked at these. Go figure.
hppa testing by miod, i386 testing by sthen. Thanks!
ok jsing
|
| |
|
|
| |
ok jsing, and kind of tb an earlier version
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
|
| |
At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws
Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to
make it happy.
ok deraadt miod
|
| |
|
|
|
|
| |
responsible from getting the proper address of those blocks.
ok tb@ jsing@
|
| |
|
|
|
| |
on amd64. no pic handling is neccessary since amd64 has full reach.
ok kettenis
|
| |
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok jsing@ kettenis@
|
| |
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok guenther@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.
While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.
Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.
i386 tests and ok jsing@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
will end up doing a read and write of up to 7 bytes beyond the specified
length. This is effectively a non-issue since we read and write back the
same data and due to alignment it is within a page boundary.
Regardless, avoid this by removing the "special" handling for the remaining
length and allow the standard (non-chunk) code to process the remaining
bytes, which does not result in overrun.
Reported by Pascal Cuoq <cuoq at trust-in-soft.com> - thanks!
ok beck@ miod@
|
| | |
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
ok jsing@ miod@
|
| |
|
|
| |
done for other symmetric algorithms recently.
|
| |
|
|
|
|
|
|
| |
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
| |
|
|
|
|
|
|
|
| |
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
| |
|
|
|
| |
more friendly to systems where the underscore flavours may be defined as empty.
Found the hard way be bcook@; joint brainstrom with bcook beck and guenther
|
| |
|
|
|
|
| |
Also remove unused des_ver.h, which exports some of these strings, but is not installed.
ok miod@ tedu@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
scripts. We certainly do not need an identical copy of the win64
exception handler in each script (surely one copy would be sufficient).
ok miod@
|
| | |
|
| |
|
|
|
| |
lacking an explicit `case 0:' construct. But Ultrix has been dead for more than
15 years, really. Don't give it any reason to move out of its coffin.
|
| |
|
|
|
|
|
| |
<machine/endian.h>, rather than writing 1 to a 32-bit variable and checking
whether the first byte is nonzero.
tweaks and ok matthew@; ok beck@ tedu@
|
| |
|
|
| |
for 20th century historians, and can be put in the Attic.
|
| | |
|
| |
|
|
| |
a maze of conditional #define's
|
| | |
|
