A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6 2024-08-28T06:53:24+00:00 2024-08-28T06:53:24+00:00 tb 2024-08-28T06:53:24+00:00 urn:sha1:d11fe5b2062a23e69f721c28b3f515c5bec8a3aa There are currently very few differences between the rsa_asn1_meth for plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously necessary differnces for base_method, pkey_id, pem_str and info (and the fact that RSA has support for legacy private key encoding). This had the lucky side effect that it didn't really matter which ameth one ended up using after OBJ_find_sigid_algs(). With the upcoming support for X509_get_signature_infO() for RSA-PSS, this needs to change as for RSA-PSS we need to decode the PSS parameters for extracting the "security level", whereas for RSA we can just use the hash length. Thus, for RSA-PSS switch pkey_id from the incorrect rsaEncryption to rassaPss. ok jsing PS: OBJ_find_sigid_algs() manual is no longer entirely correct, but this has been the case since we added Ed25519 support to obj_xref. 2024-07-14T14:32:45+00:00 jsing 2024-07-14T14:32:45+00:00 urn:sha1:1ae23ffb91ba41cf24c39b874e0d6f164063cfe3 lhash_local.h was previously needed since conf/conf_api.c and objects/obj_dat.c were fiddling with lhash internals when deleting via a callback. Since we no longer need to do that, inline the structs in lhash.c and remove the header. ok tb@ 2024-07-09T16:12:33+00:00 tb 2024-07-09T16:12:33+00:00 urn:sha1:1c16632db8d1b233cdbff0695e54a407ad1cc3b8 2024-07-09T16:12:08+00:00 tb 2024-07-09T16:12:08+00:00 urn:sha1:712ca3bd69cd2f308fd981241dab5387cacf3621 ok jsing 2024-06-24T06:43:23+00:00 tb 2024-06-24T06:43:23+00:00 urn:sha1:c9802a5afe29675d69b605ce906d34fd89c024ac These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing 2024-05-08T16:35:05+00:00 tb 2024-05-08T16:35:05+00:00 urn:sha1:5f69f6e958d0430cf996beff12703e8c0ea94797 2024-03-02T11:11:11+00:00 tb 2024-03-02T11:11:11+00:00 urn:sha1:26367add3db68a3e89bda58a3c85174507f8e71a This removes internals of these two special snowflakes and will allow further simplifications. Unfortunately, there are some pieces of software that actually use LHASH_OF() (looking at you, pound, Ruby, and openssl(1)), so we get to keep exposing this garbage, at least for now. Expose lh_error() as a symbol to replace a macro reaching into _LHASH. lh_down_load() is no longer available. _LHASH and _STACK are now opaque, LHASH_NODE becomes internal-only. from jsing 2024-03-02T09:51:36+00:00 tb 2024-03-02T09:51:36+00:00 urn:sha1:9c25037b962e7ec9fbd5b3f3abb73f588d8d3a30 This is an alias for OBJ_create(). I haven't dug into its history. ok jsing 2024-03-02T09:50:47+00:00 tb 2024-03-02T09:50:47+00:00 urn:sha1:328a8b94e02107beca6feae33daca3da2ecf6710 OBJ_NAME_TYPE_PKEY_METH and OBJ_NAME_TYPE_COMP_METH were never used as far as I can tell. Unfortunately, PHP and Python still use the weirdly named OBJ_NAME_do_all*() API to list available ciphers and digests, so the MD and CIPHER variants need to remain public. ok jsing 2024-03-02T09:49:45+00:00 tb 2024-03-02T09:49:45+00:00 urn:sha1:c2a8b27418d4c367c3ff2673c6d47caada8c4b1a This is another implementation detail that should never have leaked out of the library. Only OBJ_create() ever used this. ok jsing