Do not install mlkem.h and bytestring.h into /usr/include/openssl for now

More work in mlkem is needed and this was premature.

discussed with beck and jsing

Add ML-KEM 1024 from BoringSSL

Changes include conversion from C++, basic KNF, then adaptation to
use our sha3 functions for sha3 and shake instead of the BorinSSL
version. This Adds units tests to

Add ML-KEM 1024 from BoringSSL

Changes include conversion from C++, basic KNF, then adaptation to
use our sha3 functions for sha3 and shake instead of the BorinSSL
version. This Adds units tests to run against BoringSSL and NIST test
vectors.

The future public API is the same as Boring's - but is not yet exposed
pending making bytestring.h public (which will happen separately) and
a minor bump

Currently this will just ensure we build and run regress.

ok tb@ to get it into the tree and massage from there.

show more ...

Add ML-KEM 768 from BoringSSL

Changes include conversion from C++, basic KNF, then adaptation to
use our sha3 functions for sha3 and shake instead of the BorinSSL
version. This Adds units tests to r

Add ML-KEM 768 from BoringSSL

Changes include conversion from C++, basic KNF, then adaptation to
use our sha3 functions for sha3 and shake instead of the BorinSSL
version. This Adds units tests to run against BoringSSL and NIST test
vectors.

The future public API is the same as Boring's - but is not yet exposed
pending making bytesring.h public (which will happen separately) and
a minor bump

Currently this will just ensure we build and run regress.

ok tb@ to get it into the tree and massage from there.

show more ...

Merge ec_kmeth into ec_key

Merge ecp_mont.c into ecp_methods.c

Rename ecp_smpl.c to ecp_methods.c

While not the greatest of names, ecp_methods.c is better than ecp_smpl.c.
It matches the naming ecx_methods.c and in a subsequent commit it will
become the new hom

Rename ecp_smpl.c to ecp_methods.c

While not the greatest of names, ecp_methods.c is better than ecp_smpl.c.
It matches the naming ecx_methods.c and in a subsequent commit it will
become the new home of the stuff in ecp_mont.c as well.

discussed with jsing

show more ...

Rename malloc-wrapper.c to crypto_memory.c

Apparently it's important that five trivial one-line wrappers remain in a
file with the ISC license. So instead of cleaning the root directory of our
favor

Rename malloc-wrapper.c to crypto_memory.c

Apparently it's important that five trivial one-line wrappers remain in a
file with the ISC license. So instead of cleaning the root directory of our
favorite pigsty further by squashing all the useless legacy garbage into a
single file, rename the oddly-named malloc-wrapper.c into crypto_memory.c.

discussed with beck, jsing

show more ...

Rename cpt_err.c into crypto_err.c

It is a bit sad, because cpt is such an apt abbreviation for crypto that
everybody immediately understands.

discussed with jsing

Relocate FIPS stubs to crpyto_legacy.c

discussed with jsing

CRYPTO_mem_ctrl() is also relocated to crypto_legacy.c

discussed with jsing

Move OPENSSL_cleanse() to crypto_legacy()

The correct spelling is explicit_bzero() and it doesn't need its own file.

discussed with jsing

Fold cversion.c into crypto_legacy.c

discussed with jsing

Rename cryptlib.c into crypto_legacy.c

discussed with jsing

Merge compressed coordinate setting back into ecp_smpl and ec_lib

The reason these were in separate files was FIPS. Not our problem.

sort

Move the point2bn and point2hex API to ec_convert.c

discussed with jsing

Move public point <-> octets API to a new ec_convert.c

discussed with jsing

Move EC_GROUP_check() to ec_lib.c

EC_GROUP_check() is quite simple. It doesn't need to use its own file.

Inline last use of OPENSSL_load_builtin_modules()

This used to be a trivial wrapper of the ASN1_add_oid_module() horror.
It's no longer exported, so it can go away. It moves from the terribly
named

Inline last use of OPENSSL_load_builtin_modules()

This used to be a trivial wrapper of the ASN1_add_oid_module() horror.
It's no longer exported, so it can go away. It moves from the terribly
named file conf_mall.c to the equally terribly named file conf_sap.c.
I have no idea what mall and sap are supposed to mean in this context.

show more ...

Move EC_GROUP_new_curve_GFp() into ec_lib.c

Another single-function file goes away.

Combine DES code into a smaller set of files.

Discussed with tb@

Merge fcrypt_b.c into fcrypt.c.

There is no need for these to be separate (presumably done due to assembly
implementations, even though there are #ifdef as well).

Discussed with tb@

Unexport OPENSSL_cpuid_setup and OPENSSL_ia32cap_P

This allows us in particular to get rid of the MD Symbols.list which
were needed on amd64 and i386 for llvm 16 a while back. OPENSSL_ia32cap_P
was

Unexport OPENSSL_cpuid_setup and OPENSSL_ia32cap_P

This allows us in particular to get rid of the MD Symbols.list which
were needed on amd64 and i386 for llvm 16 a while back. OPENSSL_ia32cap_P
was never properly exported since the symbols were marked .hidden in the
asm.

ok beck jsing

show more ...

Nuke the whrlpool (named after the galaxy) from orbit

It's just gross. Only used by a popular disk encryption utility on an
all-too-popular OS one or two decades back.

ok beck jsing

Remove DES_enc_{read,write} and DES_rw_mode

Unfortunately we'll probably never be able to get rid of DES entirely.
One part of it that is old enough to be a grandparent can go, though.

ok beck jsing