summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/sha (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add support for truncated SHA512 variants.jsing2023-04-142-2/+115
| | | | | | | This adds support for SHA512/224 and SHA512/256, as specified in FIPS FIPS 180-4. These are truncated versions of the SHA512 hash. ok tb@
* Use memset() and only initialise non-zero struct members.jsing2023-04-141-7/+7
| | | | ok tb@
* Remove now unused sha_local.h.jsing2023-04-121-419/+0
|
* Provide and use crypto_ro{l,r}_u{32,64}().jsing2023-04-121-14/+2
| | | | | | | | | | | | | | | Various code in libcrypto needs bitwise rotation - rather than defining different versions across the code base, provide a common set that can be reused. Any sensible compiler optimises these to a single instruction where the architecture supports it, which means we can ditch the inline assembly. On the chance that we need to provide a platform specific versions, this follows the approach used in BN where a MD crypto_arch.h header could be added in the future, which would then provide more specific versions of these functions. ok tb@
* Provide and use crypto_store_htobe64().jsing2023-04-121-23/+9
| | | | | | | | | It is common to need to store data in a specific endianness - rather than handrolling and deduplicating code to do this, provide a crypto_store_htobe64() function that converts from host endian to big endian, before storing the data to a location with unknown alignment. ok tb@
* Recommit jsing's r1.27 - portable is readytb2023-04-111-23/+4
| | | | | | Use htobe64() instead of testing BYTE_ORDER and then handrolling htobe64(). Thanks to tobhe for providing most of the fix via openiked-portable
* Back out r1.27 using htobe64() - apparently some OS don't have it.tb2023-04-111-4/+23
| | | | ok jsing
* Consolidate sha1 into a single file.jsing2023-04-112-88/+21
|
* Simplify handling of big vs little endian.jsing2023-04-111-40/+5
| | | | | | | Rather than sprinkling BYTE_ORDER checks throughout the implementation, always define PULL64 - on big endian platforms it just becomes a no-op. ok tb@
* Use htobe64() instead of testing BYTE_ORDER and then handrolling htobe64().jsing2023-04-111-23/+4
| | | | ok tb@
* Omit sha512_block_data_order() prototype when assembly is not being used.jsing2023-04-111-4/+3
| | | | | | | | | In the case that the pure C implementation of SHA512 is being used, the prototype is unnecessary as the function is declared static and exists in dependency order. Simply omit the prototype rather than using #ifndef to toggle the static prefix. ok tb@
* Remove less than useful implementation notes.jsing2023-04-111-36/+1
| | | | ok tb@
* More whitespace fixes.jsing2023-03-291-51/+51
| | | | | | Another set of mechnical replacements for "a,b" with "a, b". No change in generated assembly.
* Whitespace fixes.jsing2023-03-291-133/+133
| | | | | | Mechanically replace "a,b" with "a, b". No change to generated assembly.
* Whitespace fixes.jsing2023-03-291-68/+68
| | | | | | | Mechanically replace "a,b" with "a, b", followed with some manual indentation clean up. No change in generated assembly.
* Use multiple statements instead of a statement with multiple expressions.jsing2023-03-291-4/+5
| | | | No change in generated assembly.
* Mop up MD32_XARRAY from SHA1.jsing2023-03-291-162/+135
| | | | | | | | | MD32_XARRAY (formerly SHA_XARRAY) was added as a workaround for a broken HP C compiler (circa 1999). Clean it up to simplify the code. No change in generated assembly. ok miod@ tb@
* Inline initial hash data values for SHA1.jsing2023-03-291-13/+9
| | | | | | This follows what is done for other SHA implementations. ok miod@ tb@
* Reorder functions/code.jsing2023-03-271-238/+238
| | | | No intended functional change.
* Tidy includes.jsing2023-03-271-5/+4
|
* Replace HASH_BLOCK_DATA_ORDER with sha1_block_data_order.jsing2023-03-261-4/+4
| | | | | The only reason to use HASH_BLOCK_DATA_ORDER in the implementation is to make the code harder to read.
* Remove unnecessary HIDDEN_DECLS.jsing2023-03-261-6/+1
|
* Removes some unwanted spaces.jsing2023-03-261-7/+7
|
* Whack sha1dgst.c with the style(9) stick again.jsing2023-03-261-193/+246
|
* Tidy up includes.jsing2023-03-261-9/+5
|
* Inline sha_local.h in sha1dgst.c.jsing2023-03-261-3/+360
| | | | | Nothing other than sha1dst.c uses this header - pull it in to sha1dgst.c directly (sha_local.h will be removed at a later date).
* Add license to sha256.c/sha512.c.jsing2023-03-262-6/+100
|
* Use multiple statements instead of comma separated expressions.jsing2023-03-261-24/+33
| | | | No change to generated assembly.
* Add blank lines for readability.jsing2023-03-261-1/+4
|
* Add some blank lines for readability, along with some more style(9) tweaks.jsing2023-03-262-7/+24
|
* Whack sha with a style(9) stick.jsing2023-03-264-505/+706
| | | | No change in generated assembly.
* Use explicit .text instead of .previous to please Windows/MinGW on amd64tb2023-02-232-3/+3
| | | | ok miod
* Use .section .rodata instead of a plain .rodatatb2023-02-093-4/+4
| | | | | | | | At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to make it happy. ok deraadt miod
* Remove AIX toc data after every function. NFCmiod2023-02-022-13/+0
|
* Move all data blocks from .text to .rodata and cleanup up and homogeneize codemiod2023-02-021-1/+0
| | | | responsible from getting the proper address of those blocks.
* Move all data blocks from .text to .rodata and cleanup up and homogeneize codemiod2023-02-013-29/+29
| | | | | | responsible from getting the proper address of those blocks. ok tb@ jsing@
* For xonly, move sha512-ppc.pl's table from text to rodatagkoehler2023-02-011-18/+7
| | | | | | | | | | | OpenBSD/macppc will enforce xonly on PowerPC G5, then libcrypto's sha256 would crash by SIGSEGV, because it can't read text. Use ELF relocations "@ha" and "@l" to find the table in rodata. This might break the PowerPC asm on a not-ELF platform (like AIX or Mac OS) if someone would try it there. ok kettenis@ deraadt@
* Remove various unused assembly files and assembly generation scripts.jsing2023-01-192-867/+0
| | | | | | These are just creating clutter and cause grep noise. ok miod@
* Move constants out of text segment into rodata to prepare for xonly supportderaadt2023-01-142-1/+6
| | | | | on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
* Move all data tables from .text section to .rodata, and update the code tomiod2023-01-133-12/+27
| | | | | | | fetch them correctly when building PIC. Also drop unused data, and remove --no-execute-only from linker flags. ok kettenis@
* Move all data tables from .text section to .rodata, and update the code tomiod2023-01-132-21/+9
| | | | | | | fetch them correctly when building PIC. Also drop unused data, and remove --no-execute-only from linker flags. ok jsing@ kettenis@
* spelling fixes; from paul tagliamontejmc2022-12-265-9/+9
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Make internal header file names consistenttb2022-11-262-3/+3
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Switch to <endian.h> from <machine/endian.h> for better portability.bcook2021-11-093-8/+6
| | | | ok tb@
* lenght -> lengthjsg2019-01-211-2/+2
|
* Make the NEON codepaths conditional on __STRICT_ALIGNMENT not beingkettenis2018-01-241-2/+2
| | | | | | defined as they rely on unaligned access. ok joel@
* On OpenBSD/armv7 we deliberately trap unaligned access. Unfortunatelykettenis2018-01-073-4/+4
| | | | | | | | the assembly code in libcrypto assumes unaligned access is allowed for ARMv7. Make these paths conditional on __STRICT_ALIGNMENT not being defined and define __STRICT_ALIGNMENT in arm_arch.h for OpenBSD. ok tom@
* Move __BEGIN_HIDDEN_DECLS out of the middle of a function declaration.patrick2016-12-231-3/+3
| | | | ok jca@
* Explicitly export a list of symbols from libcrypto.jsing2016-12-211-1/+6
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
* Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] bymiod2016-11-043-10/+11
| | | | | | | | | | | | | | | meaningful constants in a private header file, so that reviewers can actually get a chance to figure out what the code is attempting to do without knowing all cpuid bits. While there, turn it from an array of two 32-bit ints into a properly aligned 64-bit int. Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will now always use OPENSSL_cpu_caps() and check for the proper bits in the whole 64-bit word it returns. i386 tests and ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-29 07:19:35 +0000