summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_transcript.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2025-08-19same crank for libssl and libtls as for libcryptotb2-2/+2
2025-08-19bump libcrypto minor after symbol additiontb1-1/+1
2025-08-19Expose beck's version of BoringSSL's ML-KEM APitb1-0/+16
This includes interfaces for public and private keys for ML-KEM 768 and 1024. Marshalling and parsing of public keys and parsing of the wasteful NIST format of private keys (marshalling this private key format is deliberately omitted from the public API). Decapsulation and encapsulation of shared secrets. This will soon be used to implement the X25519MLKEM768 hybrid key agreement in libssl. ok beck jsing
2025-08-19Add back the ASN1_{,F,T}BOOLEAN_it ASN.1 itemstb1-0/+3
I was overeager to remove those a while back. This was dumb because this is about a basic ASN.1 type. The Gentoo maintainers found that tpm2-tools uses templated ASN.1 involving them. Fixes https://github.com/libressl/portable/issues/1178 ok beck jsing
2025-08-18sync with crypto_namespace.h: avoid asm("") for MSVCtb1-1/+5
Removes another patch in portable
2025-08-18Avoid asm("") for MSVCtb1-1/+5
This allows us to get rid of an ugly patch in portable. ok jsing
2025-08-17mlkem tests: include the public <openssl/mlkem.h>tb2-5/+5
2025-08-17Change gmtime() to return time in UTC rather than GMT, as required by our ownphessler1-79/+79
manpage, POSIX, C standards, and other OSes. OK kettenis@, millert@
2025-08-17Mop up the now unused RC4_CHUNK defines.jsing13-130/+0
ok tb@
2025-08-17Further simplify the rc4 implementation.jsing1-117/+45
The RC4_CHUNK related code is intended to process native word sized chunks if the input and output are naturally aligned. However, RC4_CHUNK is currently a mess of machine dependent defines. Replace this with uint64_t on all architectures - 64 bit architectures will be happy with this and on 32 bit architectures the compiler can decompose this into multiple 32 bit operations. Provide separate rc4_chunk() implementations for big and little endian, since not all architectures have a byte swap instruction that would make this a cheap conversion. Thanks to gkoehler@ and tb@ for testing on big endian. ok tb@
2025-08-15mlkem_tests: remove unneded ret variable from mlkem_{decap,keygen}_tests()tb1-19/+11
2025-08-15Fix includes in mlkem unit and iteration teststb4-16/+5
2025-08-15mlkem_tests no longer depends on mlkem_tests_utiltb1-2/+2
2025-08-15mlkem_tests: use public mlkem.h, no longer needs mlkem_tests_util.htb1-4/+3
2025-08-15mlkem_tests: mop up after feral openssl devs were heretb1-83/+91
2025-08-15mlkem_unittest: undo unnecessary variable renamingtb1-5/+5
2025-08-14Tweak comment in asn1_item_free: KNF, missing comma, wont -> won't.tb1-3/+4
2025-08-14unbreak tree after commiting from wrong placebeck1-223/+1
2025-08-14revert accidental disabling of ssl_security_cert() in -r1.52tb1-2/+2
2025-08-14Add a reasonable ML-KEM API for public use.beck14-897/+1783
Adapt the tests to use this API. This does not yet make the symbols public in Symbols.list which will happen shortly with a bump. This includes some partial rototilling of the non-public interfaces which will be shortly continued when the internal code is deduplicated to not have multiple copies for ML-KEM 768 and ML-KEM 1024 (which is just an artifact of unravelling the boring C++ code). ok jsing@, tb@
2025-08-14Use faster versions of bignum_{mul,sqr}_{4_8,6_12,8_16}() if possible.jsing1-10/+41
If ADX instructions are available, use the non-_alt version of s2n-bignum's bignum_{mul,sqr}_{4_8,6_12,8_16}(), which are faster than the _alt non-ADX versions. ok tb@
2025-08-14Provide amd64 specific versions of bn_mul_comba6() and bn_sqr_comba6().jsing2-2/+22
These use s2n-bignum's bignum_mul_6_12_alt() and bignum_sqr_6_12_alt() functions. ok tb@
2025-08-14Provide bn_mod_add_words() and bn_mod_sub_words() on amd64.jsing2-2/+25
These use s2n-bignum's bignum_modadd() and bignum_modsub() routines. ok tb@
2025-08-14Add special handling for multiplication and squaring of BNs with six words.jsing2-2/+6
In these cases make use of bn_mul_comba6() or bn_sqr_comba6(), which are faster than the normal path. ok tb@
2025-08-14Hook additional s2n-bignum routines to the amd64 build.jsing1-1/+11
2025-08-14Add CPU feature detection for ADX on amd64.jsing2-5/+10
Add detection of Multi-Precision Add-Carry Instruction Extensions on amd64. s2n-bignum provides a number of fast multiplication routines that can leverage these instructions. ok tb@
2025-08-14Clean up parts of rc4.jsing1-79/+40
Provide a static inline rc4_step() function that replaces the near identical RC4_STEP and RC4_LOOP macros. Simplify the processing loop and use for loops with small constants, which the compiler can unroll if it wants to do so. Inline the SK_LOOP macro in rc4_set_key_internal(), also using a small loop that the compiler will most likely unroll. ok tb@
2025-08-12Add benchmarks for 384 bit x 384 bit multiplication and 384 bit squaring.jsing1-1/+14
2025-08-12Revise include to match the name that we use.jsing10-20/+20
2025-08-12Replace SPDX-License-Identifier with actual license.jsing10-20/+130
2025-08-12Add RCS tags to new files.jsing10-0/+20
2025-08-12Bring in bignum_mod{add,sub}() from s2n-bignum.jsing2-0/+185
These provide modular addition and subtraction.
2025-08-12Bring in bignum_{mul,sqr}_{4_8,8_16}() from s2n-bignum.jsing4-0/+877
These provide fast multiplication and squaring of inputs with 4 words or 8 words, producing an 8 or 16 word result. These versions require the CPU to support ADX instructions, while the _alt versions that have previously been imported do not.
2025-08-12Bring in bignum_{mul,sqr}_6_12{,_alt}() from s2n-bignum.jsing4-0/+807
These provide fast multiplication and squaring of inputs with 6x words, producing a 12 word result. The non-_alt versions require the CPU to support ADX instructions, while the _alt versions do not.
2025-08-12Add RCS tags.jsing2-0/+4
2025-08-12Add const to bignum_*() function calls.jsing1-16/+16
Now that s2n-bignum has marked various inputs as const, we can do the same. In most cases we were casting away const, which we no longer need to do.
2025-08-12Sync headers from s2n-bignum.jsing2-236/+588
This effectively brings in new function prototypes, a chunk of const additions and some new defines.
2025-08-11Add RCS tags.jsing11-0/+22
2025-08-11Resync s2n-bignum primitives for amd64 with upstream.jsing11-115/+113
This amounts to whitespace changes and label renaming.
2025-08-10Clean up and move define to correct place.beck2-5/+3
ok tb@
2025-08-09Add missing make dependency as the oclo binary depends onanton1-1/+3
ocloexec_verify. Take the easy route and ensure all binaries are built before the regress make target.
2025-08-06sync CA certificates from newer mozilla list, ok tb@sthen1-339/+1
https://raw.githubusercontent.com/mozilla-firefox/firefox/refs/heads/release/security/nss/lib/ckfw/builtins/certdata.txt SHA256 (certdata.txt) = 579f336ace2e5717b8ecc06002ce0cce96f70623d188e1999c34b0f77696d3e9 Removals: - /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root - /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services - /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) - /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA - /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority - /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority - /C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority Addition: + /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
2025-08-05Speed up bn_{mod,sqr}_mul_words() for specific inputs.jsing1-3/+25
Use bn_{mul,sqr}_comba{4,6,8}() and bn_montgomery_reduce_words() for specific input sizes. This is significantly faster than using bn_montgomery_multiply_words(). ok tb@
2025-08-05Provide bn_sqr_comba6().jsing2-2/+48
This allows for fast squaring of a 6 word array. ok tb@
2025-08-05Provide bn_mul_comba6().jsing2-2/+63
This allows for fast multiplication of two 6 word arrays. ok tb@
2025-08-05Mark the inputs to bn_mul_comba{4,8}() as const.jsing3-9/+9
This makes it consistent with bn_sqr_comba{4,8}() and simplifies an upcoming change. ok tb@
2025-08-04Sort NAME, RETURN VALUES, ERRORS, and STANDARDS in the same order as SYNOPSIS.schwarze1-16/+16
Sort HISTORY chronologically. No text change.
2025-08-04link illumos oclo test to the treetb1-2/+2
2025-08-04Implement the POSIX-2024 close-on-fork flag, but modified to beguenther2-9/+10
reset on exec as preserving it across exec is not necessary for its original purpose and has security and usability concerns. Many thanks to Ricardo Branco (rbranco (at) suse.de) who did an independent implementation, caught that /dev/fd/* needed to be handled, and provided a port of the illumos test suite. Thanks to tb@ for assistance with that. ok deraadt@
2025-08-04replace the flockfile backend with a per FILE recursive mutex.dlg1-1/+7
the flockfile implementation in thread/rthread_file.c used an external lock, and associated it with the relevant FILE * as needed. this isn't great for a lot of reasons, complexity being the big one, but the straw that broke the camels back is that it uses a single spinlock to coordinate all of this, which in turn generates a lot of sched_yield syscalls. this avoids all the code complexity and the spinlock by just embedding a small __rctmx in every FILE. tested by and ok tb@ jca@ ok claudio@