| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are currently very few differences between the rsa_asn1_meth for
plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously
necessary differnces for base_method, pkey_id, pem_str and info (and the
fact that RSA has support for legacy private key encoding). This had the
lucky side effect that it didn't really matter which ameth one ended up
using after OBJ_find_sigid_algs().
With the upcoming support for X509_get_signature_infO() for RSA-PSS, this
needs to change as for RSA-PSS we need to decode the PSS parameters for
extracting the "security level", whereas for RSA we can just use the hash
length. Thus, for RSA-PSS switch pkey_id from the incorrect rsaEncryption
to rassaPss.
ok jsing
PS: OBJ_find_sigid_algs() manual is no longer entirely correct, but this
has been the case since we added Ed25519 support to obj_xref.
|
| |
|
|
|
|
|
|
| |
This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3
signature algorithms. With this diff, ECDSA certificates and CMS products
using ECDSA with SHA-3 can be generated using the openssl command line tool.
ok jsing
|
| |
|
|
|
|
|
|
| |
Another bit of unused extensibility that was responsible for a lot
of complexity until recently. This removes the remaining stubs from
the public API.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of having two unreadable tables placed in a header generated by a
janky perl script from an ugly text file, use a single table inlined in
the C file. This table is used to translate between signature algorithm
OIDs and pairs of OIDs of a message digest and a cipher. The table has
fewer than fifty entries and isn't used in a hot path. Using binary search
is overkill. Just do two linear searches, one for each translation. None
of the original code remains apart from the API.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
These functions will be removed in the upcoming bump. Nothing uses them,
so it won't hurt if they become noops. This allows us to garbage collect
the sig_app and sigx_app stacks and make a first step towards simplifying
the OBJ_bsearch_() dances. Also sprinkle some const correctness... because
we can.
intermediate step towards a diff that is ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
No change to generated assembly excluding line numbers.
|
| | |
|
| |
|
|
|
|
| |
and others to the regress framework. These remaining ones just
muddle us up when re-reading code repeatedly.
ok jsing
|
| |
|
|
| |
in the "size_t nmemb, size_t size"
|
| |
|
|
|
|
|
|
|
| |
potential integer overflows easily changed into an allocation return
of NULL, with errno nicely set if need be. checks for an allocations
returning NULL are commonplace, or if the object is dereferenced
(quite normal) will result in a nice fault which can be detected &
repaired properly.
ok tedu
|
| | |
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| | |
|
| |
|
