| #
9c6dcd48 |
| 28-Aug-2024 |
tb <tb@openbsd.org> |
Fix underlying pkey of RSA-PSS
There are currently very few differences between the rsa_asn1_meth for
plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously
necessary differnces fo
Fix underlying pkey of RSA-PSS
There are currently very few differences between the rsa_asn1_meth for
plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously
necessary differnces for base_method, pkey_id, pem_str and info (and the
fact that RSA has support for legacy private key encoding). This had the
lucky side effect that it didn't really matter which ameth one ended up
using after OBJ_find_sigid_algs().
With the upcoming support for X509_get_signature_infO() for RSA-PSS, this
needs to change as for RSA-PSS we need to decode the PSS parameters for
extracting the "security level", whereas for RSA we can just use the hash
length. Thus, for RSA-PSS switch pkey_id from the incorrect rsaEncryption
to rassaPss.
ok jsing
PS: OBJ_find_sigid_algs() manual is no longer entirely correct, but this
has been the case since we added Ed25519 support to obj_xref.
show more ...
|
| #
0dadb9f5 |
| 27-Jan-2024 |
tb <tb@openbsd.org> |
Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3
This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3
signature algorithms. With this diff, ECDSA certificates and CMS
Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3
This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3
signature algorithms. With this diff, ECDSA certificates and CMS products
using ECDSA with SHA-3 can be generated using the openssl command line tool.
ok jsing
show more ...
|
| #
35f2f589 |
| 28-Jul-2023 |
tb <tb@openbsd.org> |
Remove OBJ_add_sigid() and OBJ_sigid_free()
Another bit of unused extensibility that was responsible for a lot
of complexity until recently. This removes the remaining stubs from
the public API.
ok
Remove OBJ_add_sigid() and OBJ_sigid_free()
Another bit of unused extensibility that was responsible for a lot
of complexity until recently. This removes the remaining stubs from
the public API.
ok jsing
show more ...
|
| #
f0e1aa8e |
| 22-Jul-2023 |
tb <tb@openbsd.org> |
Align argument names of OBJ_add_sigid() with the other functions.
|
| #
8e6e37e3 |
| 22-Jul-2023 |
tb <tb@openbsd.org> |
Rewrite obj_xref.c
Instead of having two unreadable tables placed in a header generated by a
janky perl script from an ugly text file, use a single table inlined in
the C file. This table is used to
Rewrite obj_xref.c
Instead of having two unreadable tables placed in a header generated by a
janky perl script from an ugly text file, use a single table inlined in
the C file. This table is used to translate between signature algorithm
OIDs and pairs of OIDs of a message digest and a cipher. The table has
fewer than fifty entries and isn't used in a hot path. Using binary search
is overkill. Just do two linear searches, one for each translation. None
of the original code remains apart from the API.
ok jsing
show more ...
|
| #
6afed99b |
| 22-Jul-2023 |
tb <tb@openbsd.org> |
Neuter OBJ_add_sigid() and OBJ_sigid_free()
These functions will be removed in the upcoming bump. Nothing uses them,
so it won't hurt if they become noops. This allows us to garbage collect
the sig_
Neuter OBJ_add_sigid() and OBJ_sigid_free()
These functions will be removed in the upcoming bump. Nothing uses them,
so it won't hurt if they become noops. This allows us to garbage collect
the sig_app and sigx_app stacks and make a first step towards simplifying
the OBJ_bsearch_() dances. Also sprinkle some const correctness... because
we can.
intermediate step towards a diff that is ok jsing
show more ...
|
| #
1e9308c1 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide symbols in objects
ok tb@
|
| #
76ce35bf |
| 21-Jan-2017 |
jsing <jsing@openbsd.org> |
Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.
No change to generated assembly excluding line numbers.
|
| #
c3d6a26a |
| 12-Jun-2014 |
deraadt <deraadt@openbsd.org> |
tags as requested by miod and tedu
|
| #
ac1920f8 |
| 07-Jun-2014 |
deraadt <deraadt@openbsd.org> |
Remove various test stubs. The good ones have been moved by jsing
and others to the regress framework. These remaining ones just
muddle us up when re-reading code repeatedly.
ok jsing
|
| #
b97bb891 |
| 29-May-2014 |
deraadt <deraadt@openbsd.org> |
ok, next pass after review: when possible, put the reallocarray arguments
in the "size_t nmemb, size_t size"
|
| #
af519d3e |
| 29-May-2014 |
deraadt <deraadt@openbsd.org> |
convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53
potential integer overflows easily changed into an allocation return
of NULL, with errno nicely set if need be. checks for an allocati
convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53
potential integer overflows easily changed into an allocation return
of NULL, with errno nicely set if need be. checks for an allocations
returning NULL are commonplace, or if the object is dereferenced
(quite normal) will result in a nice fault which can be detected &
repaired properly.
ok tedu
show more ...
|
| #
223e7da0 |
| 19-Apr-2014 |
jsing <jsing@openbsd.org> |
KNF.
|
| #
6f3a6cb1 |
| 17-Apr-2014 |
beck <beck@openbsd.org> |
Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| #
ec07fdf1 |
| 13-Oct-2012 |
djm <djm@openbsd.org> |
import OpenSSL-1.0.1c
|
| #
f1535dc8 |
| 01-Oct-2010 |
djm <djm@openbsd.org> |
import OpenSSL-1.0.0a
|