summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Simplify err_build_SYS_str_reasonstb2025-05-201-19/+13
| | | | | | | | This is currently done in a rather silly way. Shift the index by 1 and avoid weird pointer dances. Rather than relying on static initialization, use code to obviate a comment. ok beck joshua jsing
* Fix previous - names use underscores and not hyphens.jsing2025-05-201-3/+3
|
* Add ML-KEM768 Hybrid Kems to obj_mac.numbeck2025-05-201-0/+3
| | | | ok tb@, joshua@
* Add ML-KEM768 Hybrid Kems to objects.txtbeck2025-05-201-0/+6
| | | | ok tb@, joshua@
* Don't use the array index as the group_idbeck2025-05-201-51/+97
| | | | | | | | | | | | This is a precursor to adding new group ids for post quantum stuff which are up in the 4000 range, so using the array index as the group id will be silly. Instead we just add the group id to the structure and we walk the list to find it. This should never be a very large list for us, so no need to do anything cuter than linear search for now. ok jsing@, joshua@
* Make MLKEM1024_marshal_private_key consistent with the public_key funcitonsbeck2025-05-202-27/+44
| | | | | | | | Even though this should remain internal, make it the same as the public key marshal function, and make the needed fallout changes in regress. ok kenjiro@, tb@
* Whitespace nits from tbbeck2025-05-201-1/+4
| | | | ok tb@
* Fix up MLKEM768_marshal_private_key to not use a passed in CBBbeck2025-05-192-27/+43
| | | | | | | | | | | | Even though this should remain internal, make it the same as the public key marshal function, and make the needed fallout changes in regress. This does not yet do the bikeshed of renaming the structure field in the regress ctx, that will wait until a follow on to convert 1024 in a similar manner ok tb@
* Remove the boringssl if || ideom from mlkembeck2025-05-192-34/+46
| | | | ok jsing@, joshua@
* API changes for ML-KEMbeck2025-05-194-78/+126
| | | | | | | | | - Get rid of CBB/CBS usage in public api - Make void functions return int that can fail if malloc fails. Along with some fallout and resulting bikeshedding in the regress tests. ok jsing@, tb@
* Simplify EVP AES code for ECB.jsing2025-05-192-33/+46
| | | | | | | | | | AES_ecb_encrypt() does not really do ECB - provide an aes_ecb_encrypt_internal that actually does multiple blocks and call this from aes_ecb_cipher(). Provide ECB with its own key initialisation function, which allows aes_init_key() to be simplified considerably. The block function pointer is now unused, so mop this up. ok joshua@ tb@
* Remove block128_f function casts.jsing2025-05-191-8/+20
| | | | | | | Provide aes_{en,de}crypt_block128() which have correct function signatures and use these when calling the various mode functions. ok joshua@ tb@
* Simplify EVP AES code for OFB.jsing2025-05-191-7/+19
| | | | | | | Provide AES-NI with its own aesni_ofb_cipher() and switch aes_ofb_cipher() to call AES_ofb128_encrypt() directly. ok joshua@ tb@
* Simplify EVP AES code for CFB.jsing2025-05-191-25/+79
| | | | | | | | Provide AES-NI with its own aesni_cfb*_cipher() functions, which then allows us to change the existing aes_cfb*_cipher() functions to () to call AES_cfb*_encrypt() directly. ok beck@ tb@
* EC_POINT_new: wording tweaks in the BUGS sectiontb2025-05-181-6/+6
|
* Simplify EVP AES code for CTR.jsing2025-05-181-22/+23
| | | | | | | | Provide AES-NI with its own aesni_ctr_cipher(), which then allows us to change aes_ctr_cipher() to call AES_ctr128_encrypt() directly. The stream.ctr function pointer is now unused and can be mopped up. ok beck@ tb@
* Unifdef AES_CTR_ASM.jsing2025-05-181-14/+1
| | | | This is a remnant from s390x assembly.
* Simplify EVP code for AES CBC.jsing2025-05-181-26/+33
| | | | | | | | | Change aes_cbc_cipher() to call AES_cbc_encrypt() directly, rather than via the stream.cbc function pointer. Remove stream.cbc since it is no longer used. Also provide a separate aes_cbc_init_key() function which makes this standalone and does not require checking mode flags. ok joshua@ tb@
* add missing u64/uint64_t conversionbcook2025-05-181-3/+3
| | | | ok jsing@
* Use stdint types instead of u64/u32/u8.jsing2025-05-185-134/+127
| | | | No change in generated assembly.
* Remove contortions with the rem_4bit table.jsing2025-05-181-28/+9
| | | | | | | | | Instead of using size_t and a PACK macro, store the entries as uint16_t and then uncondtionally left shift 48 bits. This gives a small performance gain on some architectures and has the advantage of reducing the size of the table from 1024 bits to 256 bits. ok beck@ joshua@ tb@
* Inline REDUCE1BIT macro.jsing2025-05-181-15/+6
| | | | | | | | | The REDUCE1BIT macro is now only used in one place, so just inline it. Additionally we do not need separate 32 bit and 64 bit versions - just use the 64 bit version and let the compiler deal with it (we effectively get the same code on i386). ok beck@ joshua@
* bio_mem: avoid pointer arithmetic on NULLtb2025-05-181-2/+4
| | | | | | Prompted by a diff by Kenjiro Nakayama ok jsing
* rc2: two files escaped the lure of the attic, set these poor souls freetb2025-05-182-241/+0
|
* Remove TABLE_BITS from gcm128.jsing2025-05-172-248/+3
| | | | | | | | | TABLE_BITS is always currently defined as 4 - 8 is considered to be insecure due to timing leaks and 1 is considerably slower. Remove code that is not regularly tested, does not serve a lot of purpose and is making clean up harder than it needs to be. ok tb@
* Replace GCM_MUL/GHASH defines with static inline functions.jsing2025-05-161-121/+99
| | | | | | | | | Rather than having defines for GCM_MUL/GHASH (along with the wonder that is GCM_FUNCREF_4BIT) then conditioning on their availability, provide and call gcm_mul()/gcm_ghash() unconditionally. This simplifies all of the call sites. ok tb@
* Increase default PKCS12_SALT_LEN from 8 to 16 bytestb2025-05-101-2/+2
| | | | | | | | | | | | | | Currently PKCS12_setup_mac() function uses salt length of 8 bytes / 64 bits when no salt length is specified. Increase this fallback default to 16 bytes / 128 bits, as recommended by NIST SP 800-132. Note this is for interoperability purposes. Some FIPS implementations enforce minimum salt length of 16 bytes. Examples of such FIPS implemenations are Bouncycastle FIPS Java API and Chainguard FIPS Provider for OpenSSL. Also future v3.6 release of OpenSSL will also increase the default salt length to 16 bytes. From Dimitri John Ledkov, thanks
* asn_moid: move inclusion of err_local.h to the proper placetb2025-05-101-2/+2
|
* Sort FOOerror() in ASCII ordertb2025-05-101-18/+18
|
* Simplify the remaining FOOerror()tb2025-05-101-26/+28
| | | | | | | | Redirect through an additional macro that adds the repeated function, file and line macros. Reduces the eyesore and makes the whole thing much more redable. similar to a suggestion by jsing a while back
* Remove unused internal FOOerror()tb2025-05-101-11/+1
| | | | pointed out by djm a while back
* Remove error macros except PEMerr(), RSAerr() and SSLerr()tb2025-05-101-37/+4
| | | | | | | These three are still used in about half a dozen ports. All the others are unused. ok jsing
* ssl_local.h: stop guarding SYSerror() with an #ifdeftb2025-05-101-3/+1
|
* Move the internal FOOerror() to err_local.htb2025-05-102-40/+38
| | | | | | | These are now only used in libcrypto. They should never have been in a public header in the first place. ok jsing
* Use err_local.h rather than err.h in most placestb2025-05-10222-456/+454
| | | | ok jsing
* ssl_local: provide an SSL-internal version of SYSerror()tb2025-05-101-1/+4
|
* SSL_error_internal: remove a superfluous pair of parenstb2025-05-101-3/+2
|
* ssl_local.h: adjust some whitespacetb2025-05-101-3/+3
|
* const correct SSL_error_internal()tb2025-05-102-4/+4
|
* Garbage collect docs of BIO_dump{,_indent}_{cb,fp}()tb2025-05-091-35/+3
| | | | | The _cb() variants were only documented as intentionally undocumented. Be that as it may, they left the building more than a year ago.
* bss_log.c: don't rely on err.h pulling in bio.htb2025-05-091-2/+2
| | | | ok jsing
* Fix up two markup mistakes with .Fn and .Xrtb2025-05-041-4/+4
|
* sigh. pqueue_find() also needs a const treatmenttb2025-05-042-4/+4
|
* pqueue.h: zap trailing whitespacetb2025-05-041-3/+3
|
* const correct first argument of pitem_new()tb2025-05-042-4/+4
| | | | Makes upcoming changes in regress less ugly.
* Remove the X9.62 prime239v{1,2,3} curvestb2025-05-041-179/+1
| | | | | | | | | | | | | While RFC 3279 allows these curves for use in X.509 certificates (*), no one actually does this. Certs using these curves cannot be used for TLS and the curves aren't accepted by FIPS either. codesearch shows no actual uses of these curves, only their OIDs are listed. At this point these have become useless historical baggage. ok jsing (*) Of the 27 curves listed in RFC 3279 the only one that seems to have seen actual use in certificates is P-256.
* Move P-256 where it belongstb2025-05-041-67/+67
| | | | ok jsing
* Fix typo in curve comment: P224r2 -> P224t1tb2025-05-031-2/+2
|
* CTASSERT that internal pub/priv keys match the sizes exposed in mlkem.htb2025-05-032-2/+10
| | | | | | | This will need reworking (especially deduplicating) anyway, but it doesn't hurt now. From Kenjiro Nakayama
* More space around .Dl + a typo on toptb2025-05-012-5/+11
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-21 19:25:59 +0000