openbsd/src/lib/libcrypto/rsa, branch OPENBSD_7

openbsd/src/lib/libcrypto/rsa, branch OPENBSD_7_5 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_5 2024-02-18T15:45:42+00:00 Use EVP_MD_CTX_legacy_clear() internally 2024-02-18T15:45:42+00:00 tb 2024-02-18T15:45:42+00:00 urn:sha1:ff3e386de60f6149938edb124d31bc2fd7ae04f6 ok jsing Inline rsa_is_pss() and rsa_pkey_is_pss() 2024-01-10T14:59:19+00:00 tb 2024-01-10T14:59:19+00:00 urn:sha1:7ec6c7c4fd30cef0339bceb9e61f996b3177e7a2 It's more explicit and not that much longer. ok jsing Replace .pkey_base_id with a .base_method pointer 2024-01-04T17:01:26+00:00 tb 2024-01-04T17:01:26+00:00 urn:sha1:9f1cd2582409ac5778c5a0e28dfb77f18d122c98 Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias. As such it resolves to an underlying ASN.1 method (in one step). This information can be stored in a base_method pointer in allusion to the pkey_base_id, which is the name for the nid (aka pkey_id aka type) of the underlying method. For an ASN.1 method, the base method is itself, so the base method is set as a pointer to itself. For an alias it is of course a pointer to the underlying method. Then obviously ameth->pkey_base_id is the same as ameth->base_method->pkey_id, so rework all ASN.1 methods to follow that. ok jsing Split ameth arrays into individual methods 2024-01-04T16:41:56+00:00 tb 2024-01-04T16:41:56+00:00 urn:sha1:b1aedf2a14d9cd341b6b3b19a90343383ec0209f For some reason DSA, GOST, and RSA had their ASN.1 methods stored in an array. This is clumsy and the only benefit is that one saves a few externs in p_lib.c. They were also arranged by ascending NID because of bsearch() madness. Split them up and arrange the methods by name, which is much saner and simpler. ok jsing pkey_is_pss() and pkey_ctx_is_pss() to rsa_ameth.c 2024-01-01T15:43:02+00:00 tb 2024-01-01T15:43:02+00:00 urn:sha1:47d1fa801e401851a63a646963373a1fc697be9f These aren't particularly helpful and should probably both be expanded. For now move them to the only place where they are actually used. Rework pkey_rsa_keygen() 2023-12-28T21:59:07+00:00 tb 2023-12-28T21:59:07+00:00 urn:sha1:47ec95f1d429e392c3f445da28dfe9072f2af623 As usual, make the function single exit. Initialize the pkey callback pointer and the BN_GENCB on the stack at the top rather than relying on the weird trans_cb() in evp_pkey_set_cb_translate() to do so. Greatly simplify the control flow and add missing error checks. ok jsing Rework rsa_priv_decode() 2023-12-28T21:58:12+00:00 tb 2023-12-28T21:58:12+00:00 urn:sha1:5c5cb0e5889fb400fae65afbc9f199da98feccac Turn the function into single exit and error check EVP_PKEY_assign() for style. ok jsing Clean up old_rsa_priv_decode() 2023-12-28T21:57:08+00:00 tb 2023-12-28T21:57:08+00:00 urn:sha1:b54ba16dd462ce5c4a95988db37fa997f963d8ea Again change this function into the single exit idiom, and error check EVP_PKEY_assign(). ok jsing Ignore ENGINE at the API boundary 2023-11-29T21:35:57+00:00 tb 2023-11-29T21:35:57+00:00 urn:sha1:69bbc5fea4f411f0c0033ecb0fc5126c895ea82a This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL. ok jsing Unifdef OPENSSL_NO_ENGINE in libcrypto 2023-11-19T15:46:10+00:00 tb 2023-11-19T15:46:10+00:00 urn:sha1:593d97e74cc873d99aced677883cf55625efe62d This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing