| Commit message (Collapse) | Author | Files | Lines |
|---|
|
OPENSSL_cpuid_setup() is already called from OPENSSL_crypto_init(), hence
we do not need or want automatic initialisation on library load.
ok tb@
|
|
Replace loads with crypto_load_le32toh() or le32toh(). Use
crypto_store_htole32() or htole32() for stores.
ok joshua@ tb@
|
|
|
|
|
|
|
|
|
|
|
|
No change to generated assembly.
|
|
No change in generated assembly.
|
|
ok jsing tb beck
|
|
No functional change.
|
|
|
|
No change in generated assembly.
|
|
|
|
|
|
No change in generated assembly.
|
|
|
|
Replace macros with static inline functions and use names that follow
the spec more closely. Unlike SHA256/SHA512, the functions and constants do
not align with the number of words loaded, which means we cannot easily loop
and just end up just unrolling everything.
ok joshua@ tb@
|
|
|
|
No assembly implementations remain, hence we can clean the mess up and
replace it with a single static void function.
|
|
ok beck tb
|
|
|
|
ok tb@
|
|
|
|
No change to generated assembly.
|
|
No functional change.
|
|
No change to generated assembly.
|
|
|
|
|
|
ok jsing
|
|
This is now built on all platforms.
|
|
Rather than having public API switch between C and assembly, always
use C functions as entry points, which then call an assembly
implementation (if available). This makes it significantly easier
to deal with symbol aliasing/namespaces and it also means we
benefit from vulnerability prevention provided by the C compiler.
Rename the assembly generated functions from RC4() to rc4_internal()
and RC4_set_key() to rc4_set_key_internal(). Always include rc4.c
and change it to use defines that are similar to those used in BN.
ok beck@ joshua@ tb@
|
|
|
|
The function call can't actually fail, but all other calls check its
return value.
ok joshua jsing
|
|
Now that all platforms use a C des implementation, move it to the primary
Makefile.
|
|
|
|
This one was hiding behind an m4 script.
Build tested by tb@
|
|
|
|
This is the only architecture that has an assembly implementation for these
algorithms. There is little to gain from accelerating legacy algorithms on
a legacy architecture.
Discussed with beck@ and tb@
|
|
Discussed with tb@
|
|
|
|
So we initially kept this hack around for f5 boxes that
should have been patched in 2014, and were not as of 2017.
The f5 article for the bug archived on their web site,
and any of these devices on the public internet will have
since been upgraded to deal with a host of record layer, TLS,
and other bugs, or they likely won't be talking to modern
stacks, since as of this point the software with the bug
would not have been updated in 10 years.
So just make this spec compliant and reject a supported groups
extension that should not have been sent by a server.
ok tb@ jsing@
|
|
ok tb@
|
|
Ensure that the client can not provide a duplicate key share
for any group, or send more key shares than groups they support.
Ensure that the key shares must be provided in the same order
as the client preference order specified in supported_groups.
Ensure we only will choose to use a key share that is for the
most preferred group by the client that we also support,
to avoid the client being downgraded by sending a less preferred
key share. If we do not end up with a key share for the most preferred
mutually supported group, will then do a hello retry request
selecting that group.
Add regress for this to regress/tlsext/tlsexttest.c
ok jsing@
|
|
This is already disabled since it is "about 35% slower than C code".
|
|
|
|
Discussed with tb@
|
|
The stitched modes have been removed, so having assembly for them is of
little use.
|
|
Discussed with tb@
|
|
This does not exist in libcrypto.
|
