openbsd/src/lib/libcrypto/rsa, branch OPENBSD_7_1

openbsd/src/lib/libcrypto/rsa, branch OPENBSD_7_1_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_1_BASE 2022-02-20T19:16:34+00:00 Fix a buffer overread in OAEP padding removal 2022-02-20T19:16:34+00:00 tb 2022-02-20T19:16:34+00:00 urn:sha1:7628b3cbf8e092fc94951499208d3a7c349c590c This only occurs on very small payloads and tightly allocated buffers that don't usually occur in practice. This is OpenSSL f61c6804 ok inoguchi jsing Fix check for BN_mod_inverse_ct return value 2022-01-20T11:12:14+00:00 inoguchi 2022-01-20T11:12:14+00:00 urn:sha1:1ca471b8e14d63d9b7059b86938ef989ff0857db ok jsing@ millert@ tb@ Add check for BN_sub return value 2022-01-20T11:10:11+00:00 inoguchi 2022-01-20T11:10:11+00:00 urn:sha1:846b7466150d7ed07fc6523804e2e33a1d6d16eb CID 24839 ok jsing@ millert@ tb@ Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque 2022-01-14T08:34:39+00:00 tb 2022-01-14T08:34:39+00:00 urn:sha1:0264d15b2db8e92add54fc0b024d5430c53683d3 Move the struct internals to rsa_locl.h and provide a missing typedef in ossl_typ.h. ok inoguchi jsing Remove obsolete key formats 2022-01-14T08:12:31+00:00 tb 2022-01-14T08:12:31+00:00 urn:sha1:52dcf108ffdd923eecabf36d4015036834354df8 This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET, Netscape_RSA things. Some of the nasty tentacles that could go in principle are used in some test suites, so we need to keep them... All this was removed as part of OpenSSL commit 0bc2f365. ok inoguchi jsing Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API 2022-01-14T07:49:49+00:00 tb 2022-01-14T07:49:49+00:00 urn:sha1:82ec18edf4e632f36b6f79c239fdb6961d421a82 This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits). Prepare to provide EVP_PKEY_check() 2022-01-10T11:52:43+00:00 tb 2022-01-10T11:52:43+00:00 urn:sha1:c4f6925dc73274ba5f411d30fbd78b6be1580782 This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively. The corresponding setters are EVP_PKEY_{asn1,meth}_set_check(). It is unclear why the PKEY method has no const while the ASN.1 method has const. Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3 ok inoguchi jsing Check that the RSA exponent is neither even nor 1 in RSA_check_key() 2022-01-10T00:03:02+00:00 tb 2022-01-10T00:03:02+00:00 urn:sha1:7ca5a7aaa49e29b98846195b536e53a1a1499b53 Part of OpenSSL commit 464d59a5 ok inoguchi jsing include asn1_locl.h where it will be needed for the bump. 2022-01-07T11:13:55+00:00 tb 2022-01-07T11:13:55+00:00 urn:sha1:204a46a7c8e5bf3414ba115aae9636162c92a39a discussed with jsing Prepare to make RSA and RSA_METHOD opaque by including rsa_locl.h 2022-01-07T09:55:32+00:00 tb 2022-01-07T09:55:32+00:00 urn:sha1:443c3d5c755f7f540390fcf1a11c8a443b2553cc where it will be needed in the upcoming bump. discussed with jsing