summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove #error if OPENSSL_NO_FOO is definedtb2025-01-251-5/+1
| | | | discussed with jsing
* remove prototypes with no matching functionjsg2024-05-191-3/+1
| | | | feedback and ok tb@
* Make BN_BLINDING internaltb2023-07-281-2/+1
| | | | | | | | | | RSA is pretty bad. In my most optimistic moments I dream of a world that stopped using it. That won't happen during my lifetime, unfortunately. Blinding is one way of making it a little less leaky. Unfortunately this side-channel leak mitigation leaked out of the library for no good reason. Let's at least fix that aspect of it. ok jsing
* Salt shares the blame of the continued existence of the X9.31 padding modetb2023-05-051-2/+2
|
* Remove X9.31 supporttb2023-04-251-9/+1
| | | | ok jsing
* Bring includes into canonical ordertb2023-04-181-2/+3
| | | | Requested by jsing
* Move some includes out of OPENSSL_NO_DEPRECATEDtb2023-04-181-3/+1
| | | | | | | | | | | | | Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes that eventually the mess of everything includes everything will magically resolve itself. Of course everyone would end up building openssl with OPENSSL_NO_DEPRECATED over time... Right. Surprisingly, the ecosystem has come to rely on these implicit inclusions, so about two dozen ports would fail to build because of this. Patching this would be easy but really not worth the effort. ok jsing
* Prepare rsa.h for X9.31 support removaltb2023-04-151-1/+5
| | | | | | | | | | This wraps the three public functions in the usual #if stanza. RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang. Therefore it will remain visible to avoid breaking the build of lang/rust. Its use in the library will be neutered shortly. ok jsing
* Move a few functions out of OPENSSL_NO_DEPRECATEDtb2023-04-091-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope was that at some point some functions can be dropped. Most of the functions marked deprecated are actually unused nowadays but unfortunately some of them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED so we can define it without breaking the consumers in the next bump. ERR_remove_state() is still used by a dozen or so ports. This isn't a big deal since it is just a stupid wrapper for the not quite as deprecated ERR_remove_thread_state(). It's not worth patching these ports. Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still used. They "make use" of the old-style BN_GENCB callback, which is therefore more difficult to remove - in case you don't know know: that's the thing responsible for printing pretty '.', '+' and '*' when you generate keys. Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020 for "advanced DH support". This is very unfortunate since cargo bundles a rust-openssl and updates it only every few years or so. As a consequence we're going to be stuck with this nonsense for a good while. ok beck jsing
* Remove mkerr.pl remnants from LibreSSLkn2022-07-121-5/+1
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Expose new API in headers.tb2022-07-071-3/+1
| | | | | | | These are mostly security-level related, but there are also ASN1_TIME and ASN_INTEGER functions here, as well as some missing accessors. ok jsing
* Prepare to provide RSA_security_bits()tb2022-06-271-1/+5
| | | | ok beck jsing
* Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaquetb2022-01-141-81/+3
| | | | | | | Move the struct internals to rsa_locl.h and provide a missing typedef in ossl_typ.h. ok inoguchi jsing
* Remove obsolete key formatstb2022-01-141-13/+1
| | | | | | | | | | This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET, Netscape_RSA things. Some of the nasty tentacles that could go in principle are used in some test suites, so we need to keep them... All this was removed as part of OpenSSL commit 0bc2f365. ok inoguchi jsing
* Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_APItb2022-01-141-3/+1
| | | | | This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits).
* Prepare to provide a number of RSA accessorstb2022-01-051-1/+12
| | | | | | | This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will be exposed in the upcoming bump. ok inoguchi jsing
* Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.jsing2019-11-041-21/+19
| | | | | | Issue spotted by bcook@ ok bcook@ inoguchi@
* Provide RSA_PKCS1_OpenSSL().jsing2019-11-021-2/+2
| | | | Prompted by inoguchi@
* Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.jsing2019-11-021-1/+7
|
* Make RSA_OAEP_PARAMs public.jsing2019-11-021-1/+16
|
* Add RSA CMS support.jsing2019-11-011-1/+5
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Update RSA ASN.1 code to handle RSA-PSS.jsing2019-11-011-1/+2
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Add support for RSA-PSS.jsing2019-10-311-23/+41
| | | | | | From OpenSSL 1.1.1d. ok inoguchi@
* Update RSA OAEP code.jsing2019-10-291-6/+28
| | | | | | | This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP padding and providing various OAEP related controls. ok inoguchi@ tb@
* Add RSA_PSS_PARAMS pointer to RSA struct.jsing2019-10-241-1/+8
| | | | | | This will be used by upcoming RSA-PSS code. ok tb@
* Add maskHash field to RSA_PSS_PARAMS.jsing2019-10-241-1/+4
| | | | | | | This will be soon used as an optimisation and reduces the differences between OpenSSL. ok tb@
* Provide RSA_pkey_ctx_ctrl().jsing2019-10-241-1/+3
| | | | | | | | | This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be either RSA or RSA-PSS. From OpenSSL 1.1.1d. ok tb@
* provide getters and setters for the RSA_METHOD interfacegilles2019-06-051-1/+48
| | | | ok tb@, jsing@, sthen@
* Add some accessor functions:djm2018-09-121-1/+3
| | | | | | RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv() feedback and ok jsing@ tb@
* Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()tb2018-03-171-1/+10
| | | | | | | Note that these functions return NULL in out-of-memory situations, but contrary to OpenSSL's versions they do not set an error. ok jsing
* Provide RSA_{clear,set,test}_flasg()tb2018-02-201-1/+4
| | | | ok jsing
* Provide RSA_{g,s}et0_crt_params()tb2018-02-181-1/+4
| | | | ok jsing
* Use usual order of RSA_{g,s}et0_key().tb2018-02-181-2/+2
| | | | ok jsing
* Provide RSA_{g,s}et0_factors()tb2018-02-181-1/+3
| | | | ok jsing
* Provide RSA_bits()tb2018-02-181-1/+2
| | | | ok jsing
* Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),tb2018-02-171-1/+5
| | | | | | EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key(). ok jsing
* Bring back the RSA_SSLV23_PADDING define.jsing2017-08-301-1/+2
| | | | Several pieces of software expect this to be available unconditionally.
* Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and relatedjsing2017-08-281-8/+1
| | | | | | code. We removed SSLv2/SSLv3 a long time ago... Discussed with doug@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-4/+12
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Remove flags for disabling constant-time operations.bcook2016-06-301-11/+1
| | | | | | | | This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@
* Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217.miod2015-02-141-1/+2
| | | | ok jsing@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-2/+2
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+3
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Tweak some comments. We do not really need to know that "New!" flags werejsing2014-07-101-9/+8
| | | | added 10+ years ago (they're kinda somewhat stale by now...)
* Remove RSA_FLAG_NO_EXP_CONSTTIME, which was deprecated 12+ years ago.jsing2014-07-101-13/+1
| | | | | | sthen@ confirmed that no ports are referencing it. ok miod@.
* Make comments readable.jsing2014-07-091-27/+33
|
* KNF.jsing2014-07-091-118/+104
|
* Remove RSA_memory_lock(). This undocumented function sort-of serializes yourmiod2014-07-091-5/+1
| | | | | | | | | | RSA components to memory and clears them, but there is no unserializing function, so its usefulness is close to zero. A grep through the ports tree sources show that it is only present in ports embedding their own openssl copy, and never used otherwise. ok jsing@
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Everything sane has stdio, and FILE *. we don't need ifdefs for this.beck2014-05-291-2/+0
| | | | ok to firebomb from tedu@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 23:04:30 +0000