openbsd/src/lib/libcrypto/objects, branch master A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=master 2025-11-19T23:04:07+00:00 Correct the MLKEM hybrid objects values. 2025-11-19T23:04:07+00:00 beck 2025-11-19T23:04:07+00:00 urn:sha1:507dc2007ce25f8363937e871b5ee06179163114 The ietf has had a bunch of back and forth over what will happen here. in the end the previously mentioned draft will not include the TLS hybrids, so we change this to use reference the correct draft for TLS, and use the same name everyone else is using, without an OID. While we will probably end up needing the *other* hybrids for things like CMS, we will bring them in when we need them and have official OID values from IANA. ok tb@ Fix previous - names use underscores and not hyphens. 2025-05-20T07:47:43+00:00 jsing 2025-05-20T07:47:43+00:00 urn:sha1:549b38434d063577bfe3b7973548ea642063b1fb Add ML-KEM768 Hybrid Kems to obj_mac.num 2025-05-20T05:42:40+00:00 beck 2025-05-20T05:42:40+00:00 urn:sha1:1637f58ae3db7781c5902be137af1d45644eca26 ok tb@, joshua@ Add ML-KEM768 Hybrid Kems to objects.txt 2025-05-20T05:41:47+00:00 beck 2025-05-20T05:41:47+00:00 urn:sha1:518b052e2a888b9a0902ab91ed53bf1592a87f53 ok tb@, joshua@ Use err_local.h rather than err.h in most places 2025-05-10T05:54:39+00:00 tb 2025-05-10T05:54:39+00:00 urn:sha1:41e8f99dd1625a9f0c80ce9d4383e95b18e85709 ok jsing obj_dat: remove parens from return 2025-02-26T10:48:25+00:00 tb 2025-02-26T10:48:25+00:00 urn:sha1:b1a938971212a7a592d7e2ede901063e035e033f obj_dat: don't shift a->length into the sign bit 2025-02-26T09:52:55+00:00 tb 2025-02-26T09:52:55+00:00 urn:sha1:f55cac4fee34533075692ff0c2e1942c5f2f5a6b For an OID of excessive length >= 2^12, a->length << 20L is undefined, so add a cast to the target type of (unsigned long). From Kenjiro Nakayama obj_dat: don't shift ca->type into the sign bit 2025-02-26T09:49:54+00:00 tb 2025-02-26T09:49:54+00:00 urn:sha1:8433b909f043d8d8afb48503656082d288e05934 This is undefined for a ca->type of ADDED_LNAME (2) and ADDED_NID (3) when ca->type << 30L results in a shift into the sign bit, so add a cast to the target type of unsigned long. From Kenjiro Nakayama Fix underlying pkey of RSA-PSS 2024-08-28T06:53:24+00:00 tb 2024-08-28T06:53:24+00:00 urn:sha1:d11fe5b2062a23e69f721c28b3f515c5bec8a3aa There are currently very few differences between the rsa_asn1_meth for plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously necessary differnces for base_method, pkey_id, pem_str and info (and the fact that RSA has support for legacy private key encoding). This had the lucky side effect that it didn't really matter which ameth one ended up using after OBJ_find_sigid_algs(). With the upcoming support for X509_get_signature_infO() for RSA-PSS, this needs to change as for RSA-PSS we need to decode the PSS parameters for extracting the "security level", whereas for RSA we can just use the hash length. Thus, for RSA-PSS switch pkey_id from the incorrect rsaEncryption to rassaPss. ok jsing PS: OBJ_find_sigid_algs() manual is no longer entirely correct, but this has been the case since we added Ed25519 support to obj_xref. Remove lhash_local.h. 2024-07-14T14:32:45+00:00 jsing 2024-07-14T14:32:45+00:00 urn:sha1:1ae23ffb91ba41cf24c39b874e0d6f164063cfe3 lhash_local.h was previously needed since conf/conf_api.c and objects/obj_dat.c were fiddling with lhash internals when deleting via a callback. Since we no longer need to do that, inline the structs in lhash.c and remove the header. ok tb@