| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
| |
This is a minimal and readable SHA3 implementation.
ok tb@
|
| |
|
|
|
|
|
| |
This adds support for SHA512/224 and SHA512/256, as specified in FIPS
FIPS 180-4. These are truncated versions of the SHA512 hash.
ok tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various code in libcrypto needs bitwise rotation - rather than defining
different versions across the code base, provide a common set that can
be reused. Any sensible compiler optimises these to a single instruction
where the architecture supports it, which means we can ditch the inline
assembly.
On the chance that we need to provide a platform specific versions, this
follows the approach used in BN where a MD crypto_arch.h header could be
added in the future, which would then provide more specific versions of
these functions.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
It is common to need to store data in a specific endianness - rather than
handrolling and deduplicating code to do this, provide a
crypto_store_htobe64() function that converts from host endian to big
endian, before storing the data to a location with unknown alignment.
ok tb@
|
| |
|
|
|
|
| |
Use htobe64() instead of testing BYTE_ORDER and then handrolling htobe64().
Thanks to tobhe for providing most of the fix via openiked-portable
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
Rather than sprinkling BYTE_ORDER checks throughout the implementation,
always define PULL64 - on big endian platforms it just becomes a no-op.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
| |
In the case that the pure C implementation of SHA512 is being used, the
prototype is unnecessary as the function is declared static and exists
in dependency order. Simply omit the prototype rather than using #ifndef
to toggle the static prefix.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
| |
Another set of mechnical replacements for "a,b" with "a, b".
No change in generated assembly.
|
| |
|
|
|
|
| |
Mechanically replace "a,b" with "a, b".
No change to generated assembly.
|
| |
|
|
|
|
|
| |
Mechanically replace "a,b" with "a, b", followed with some manual
indentation clean up.
No change in generated assembly.
|
| |
|
|
| |
No change in generated assembly.
|
| |
|
|
|
|
|
|
|
| |
MD32_XARRAY (formerly SHA_XARRAY) was added as a workaround for a broken
HP C compiler (circa 1999). Clean it up to simplify the code.
No change in generated assembly.
ok miod@ tb@
|
| |
|
|
|
|
| |
This follows what is done for other SHA implementations.
ok miod@ tb@
|
| |
|
|
| |
No intended functional change.
|
| | |
|
| |
|
|
|
| |
The only reason to use HASH_BLOCK_DATA_ORDER in the implementation is to
make the code harder to read.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Nothing other than sha1dst.c uses this header - pull it in to sha1dgst.c
directly (sha_local.h will be removed at a later date).
|
| | |
|
| |
|
|
| |
No change to generated assembly.
|
| | |
|
| | |
|
| |
|
|
| |
No change in generated assembly.
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
|
| |
At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws
Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to
make it happy.
ok deraadt miod
|
| | |
|
| |
|
|
| |
responsible from getting the proper address of those blocks.
|
| |
|
|
|
|
| |
responsible from getting the proper address of those blocks.
ok tb@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
| |
OpenBSD/macppc will enforce xonly on PowerPC G5, then libcrypto's
sha256 would crash by SIGSEGV, because it can't read text.
Use ELF relocations "@ha" and "@l" to find the table in rodata. This
might break the PowerPC asm on a not-ELF platform (like AIX or Mac OS)
if someone would try it there.
ok kettenis@ deraadt@
|
| |
|
|
|
|
| |
These are just creating clutter and cause grep noise.
ok miod@
|
| |
|
|
|
| |
on amd64. no pic handling is neccessary since amd64 has full reach.
ok kettenis
|
| |
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok kettenis@
|
| |
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok jsing@ kettenis@
|
| |
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
|
|
| |
defined as they rely on unaligned access.
ok joel@
|
| |
|
|
|
|
|
|
| |
the assembly code in libcrypto assumes unaligned access is allowed for
ARMv7. Make these paths conditional on __STRICT_ALIGNMENT not being
defined and define __STRICT_ALIGNMENT in arm_arch.h for OpenBSD.
ok tom@
|
| |
|
|
| |
ok jca@
|
