#
9c6dcd48 |
| 28-Aug-2024 |
tb <tb@openbsd.org> |
Fix underlying pkey of RSA-PSS
There are currently very few differences between the rsa_asn1_meth for plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously necessary differnces fo
Fix underlying pkey of RSA-PSS
There are currently very few differences between the rsa_asn1_meth for plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously necessary differnces for base_method, pkey_id, pem_str and info (and the fact that RSA has support for legacy private key encoding). This had the lucky side effect that it didn't really matter which ameth one ended up using after OBJ_find_sigid_algs().
With the upcoming support for X509_get_signature_infO() for RSA-PSS, this needs to change as for RSA-PSS we need to decode the PSS parameters for extracting the "security level", whereas for RSA we can just use the hash length. Thus, for RSA-PSS switch pkey_id from the incorrect rsaEncryption to rassaPss.
ok jsing
PS: OBJ_find_sigid_algs() manual is no longer entirely correct, but this has been the case since we added Ed25519 support to obj_xref.
show more ...
|
#
0dadb9f5 |
| 27-Jan-2024 |
tb <tb@openbsd.org> |
Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3
This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3 signature algorithms. With this diff, ECDSA certificates and CMS
Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3
This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3 signature algorithms. With this diff, ECDSA certificates and CMS products using ECDSA with SHA-3 can be generated using the openssl command line tool.
ok jsing
show more ...
|
#
35f2f589 |
| 28-Jul-2023 |
tb <tb@openbsd.org> |
Remove OBJ_add_sigid() and OBJ_sigid_free()
Another bit of unused extensibility that was responsible for a lot of complexity until recently. This removes the remaining stubs from the public API.
ok
Remove OBJ_add_sigid() and OBJ_sigid_free()
Another bit of unused extensibility that was responsible for a lot of complexity until recently. This removes the remaining stubs from the public API.
ok jsing
show more ...
|
#
f0e1aa8e |
| 22-Jul-2023 |
tb <tb@openbsd.org> |
Align argument names of OBJ_add_sigid() with the other functions.
|
#
8e6e37e3 |
| 22-Jul-2023 |
tb <tb@openbsd.org> |
Rewrite obj_xref.c
Instead of having two unreadable tables placed in a header generated by a janky perl script from an ugly text file, use a single table inlined in the C file. This table is used to
Rewrite obj_xref.c
Instead of having two unreadable tables placed in a header generated by a janky perl script from an ugly text file, use a single table inlined in the C file. This table is used to translate between signature algorithm OIDs and pairs of OIDs of a message digest and a cipher. The table has fewer than fifty entries and isn't used in a hot path. Using binary search is overkill. Just do two linear searches, one for each translation. None of the original code remains apart from the API.
ok jsing
show more ...
|
#
6afed99b |
| 22-Jul-2023 |
tb <tb@openbsd.org> |
Neuter OBJ_add_sigid() and OBJ_sigid_free()
These functions will be removed in the upcoming bump. Nothing uses them, so it won't hurt if they become noops. This allows us to garbage collect the sig_
Neuter OBJ_add_sigid() and OBJ_sigid_free()
These functions will be removed in the upcoming bump. Nothing uses them, so it won't hurt if they become noops. This allows us to garbage collect the sig_app and sigx_app stacks and make a first step towards simplifying the OBJ_bsearch_() dances. Also sprinkle some const correctness... because we can.
intermediate step towards a diff that is ok jsing
show more ...
|
#
1e9308c1 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide symbols in objects
ok tb@
|
#
76ce35bf |
| 21-Jan-2017 |
jsing <jsing@openbsd.org> |
Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.
No change to generated assembly excluding line numbers.
|
#
c3d6a26a |
| 12-Jun-2014 |
deraadt <deraadt@openbsd.org> |
tags as requested by miod and tedu
|
#
ac1920f8 |
| 07-Jun-2014 |
deraadt <deraadt@openbsd.org> |
Remove various test stubs. The good ones have been moved by jsing and others to the regress framework. These remaining ones just muddle us up when re-reading code repeatedly. ok jsing
|
#
b97bb891 |
| 29-May-2014 |
deraadt <deraadt@openbsd.org> |
ok, next pass after review: when possible, put the reallocarray arguments in the "size_t nmemb, size_t size"
|
#
af519d3e |
| 29-May-2014 |
deraadt <deraadt@openbsd.org> |
convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53 potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocati
convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53 potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocations returning NULL are commonplace, or if the object is dereferenced (quite normal) will result in a nice fault which can be detected & repaired properly. ok tedu
show more ...
|
#
223e7da0 |
| 19-Apr-2014 |
jsing <jsing@openbsd.org> |
KNF.
|
#
6f3a6cb1 |
| 17-Apr-2014 |
beck <beck@openbsd.org> |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
ec07fdf1 |
| 13-Oct-2012 |
djm <djm@openbsd.org> |
import OpenSSL-1.0.1c
|
#
f1535dc8 |
| 01-Oct-2010 |
djm <djm@openbsd.org> |
import OpenSSL-1.0.0a
|