openbsd/src/lib/libcrypto/rsa, branch libressl-v3.8.0

openbsd/src/lib/libcrypto/rsa, branch libressl-v3.8.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.8.0 2023-05-19T17:31:20+00:00 Add missing rsa_security_bit() handler to the RSA-PSS ASN1_METHOD 2023-05-19T17:31:20+00:00 tb 2023-05-19T17:31:20+00:00 urn:sha1:0b00347fea79c6974677b979aa53aff432dac2b2 Prompted by a report by Steffen Ullrich on libressl@openbsd.org ok jsing Salt shares the blame of the continued existence of the X9.31 padding mode 2023-05-05T12:30:40+00:00 tb 2023-05-05T12:30:40+00:00 urn:sha1:8ea4c2a512bf29a8ba458782be6c1306906080ec Add back support for RSA_X931_PADDING 2023-05-05T12:21:44+00:00 tb 2023-05-05T12:21:44+00:00 urn:sha1:c167f76677a4e5f366fabdcac0782677114c0a66 This makes the custom stalt stack work again. Tested by robert as part of a larger diff ok jsing Bring back the X9.31 padding helpers 2023-05-05T12:19:37+00:00 tb 2023-05-05T12:19:37+00:00 urn:sha1:f111e4ae45162645e2c020fbfe9a889764389615 Nothing should be using this anymore, except that salt decided to use it in its home-cooked protocol, which already had its share of issues. Hopefully the efforts to switch salt to something more reasonable and standardized like mTLS will succeed sooner rather than later. tested as part of a larger patch by robert ok jsing Remove X9.31 support 2023-04-25T16:50:33+00:00 tb 2023-04-25T16:50:33+00:00 urn:sha1:6d1b09464d90372ecff93cbb2a1e61cb9de814cc ok jsing Wire up truncated SHA-2, SHA-3 and related things 2023-04-25T15:48:48+00:00 tb 2023-04-25T15:48:48+00:00 urn:sha1:8c449d8a1445a23c96b8b2f389e256ea32662e36 from jsing Bring includes into canonical order 2023-04-18T08:47:28+00:00 tb 2023-04-18T08:47:28+00:00 urn:sha1:34eb49714b89be6d0c4cddab0bcab8580b6ca809 Requested by jsing Move some includes out of OPENSSL_NO_DEPRECATED 2023-04-18T08:33:43+00:00 tb 2023-04-18T08:33:43+00:00 urn:sha1:7c140db45f1d1b8f4daf0a81424b35e3a5ff8e29 Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes that eventually the mess of everything includes everything will magically resolve itself. Of course everyone would end up building openssl with OPENSSL_NO_DEPRECATED over time... Right. Surprisingly, the ecosystem has come to rely on these implicit inclusions, so about two dozen ports would fail to build because of this. Patching this would be easy but really not worth the effort. ok jsing Stop supporting the long-retired X9.31 standard 2023-04-15T18:48:52+00:00 tb 2023-04-15T18:48:52+00:00 urn:sha1:252c3b7366e10df7f94c0f10ec01513675fac0a3 This isolates the three API functions from the library so they can be easily removed and any attempt to use RSA_X931_PADDING mode will now result in an error. ok jsing Prepare rsa.h for X9.31 support removal 2023-04-15T18:44:17+00:00 tb 2023-04-15T18:44:17+00:00 urn:sha1:95868339c86e594d93142ad6781d7e0d49a93c4d This wraps the three public functions in the usual #if stanza. RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang. Therefore it will remain visible to avoid breaking the build of lang/rust. Its use in the library will be neutered shortly. ok jsing