summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_ameth.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Rework rsa_priv_decode()tb2023-12-281-14/+17
| | | | | | | Turn the function into single exit and error check EVP_PKEY_assign() for style. ok jsing
* Clean up old_rsa_priv_decode()tb2023-12-281-4/+13
| | | | | | | Again change this function into the single exit idiom, and error check EVP_PKEY_assign(). ok jsing
* Fix X509_ALGOR_set0() usage in rsa_alg_set_oaep_padding()tb2023-11-091-4/+6
| | | | | | | | | | | Replace X509_ALGOR_set0() with X509_ALGOR_set0_by_nid(). This way there is no missing error checking for OBJ_nid2obj() and no nested functions. Slightly more importantly, this plugs two long standing potential leaks in this function (or previously rsa_cms_encrypt()) due to missing error checking: in the unlikely event that X509_ALGOR_set0() failed, astr/ostr would leak. ok jsing
* Use X509_ALGOR_set0_by_nid() in rsa_mgf1md_to_maskGenAlgorithm()tb2023-11-091-5/+2
| | | | ok jsing
* More minor cleanup in rsa_alg_set_oaep_padding()tb2023-11-081-4/+3
| | | | | Test and assign one more instance replace a useless comment by an empty line.
* Prepare further fixes of X509_ALGOR_set0() misusetb2023-11-081-8/+7
| | | | | | | | In rsa_alg_set_oaep_padding() rename los to ostr for consistency with astr, make it have function scope, free ostr in the error path and assume X509_ALGOR_set0() success. ok jca
* zap a stray spacetb2023-11-081-2/+2
|
* Rename os into astr in rsa_alg_set_oaep_padding()tb2023-11-081-6/+6
|
* Rename pkctx to pkey_ctx in rsa_alg_set_oaep_padding() and rsa_cms_encrypt()tb2023-11-081-9/+9
|
* Some simple cosmetics in rsa_alg_set_oaep_padding()tb2023-11-081-4/+8
| | | | | | | Rename rv into ret and split it on its own line, move labellen a bit down add some empty lines. To match style elsewhere. Most of this was requested by jsing
* Split OAEP padding handling into a helper functiontb2023-11-081-53/+59
| | | | | | | | This matches what is done for PKCS#1 1.5 and PSS. This function needs a lot of work still, but it's easier to do that without having to tiptoe around a lot of other garbage. ok jsing
* Move CMS_RecipientInfo_ktri_get0_algs() down a few lines and fix itstb2023-11-071-3/+6
| | | | error check
* Move CMS_RecipientInfo_get0_pkey_ctx() to first use of pkctxtb2023-11-071-3/+3
|
* Inline rsa_ctx_to_pss_string()tb2023-11-071-16/+6
| | | | | | After previous refactoring, rsa_all_set_pss_padding() is the last remaining caller of the weirdly named and ugly rsa_all_set_pss_padding(). This can be handled in a few simple lines now that this mess has slightly cleaner code.
* Rename pkctx to pkey_ctx in rsa_{cms,item}_sign()tb2023-11-071-26/+26
|
* Trivial cleanup in rsa_cms_sign()tb2023-11-071-5/+5
| | | | | Check and assign the EVP_PKEY_CTX and move the extraction of the algorithm identifier from the signer info a few lines down.
* Rework RSA_PKCS1_PSS_PADDING handling in rsa_item_sign()tb2023-11-071-14/+4
| | | | | | | | | | The current convoluted mess can be handled with two calls to the new rsa_alg_set_pss_padding() helper. Not that this would be obvious at all. This fixes two more leaks in case of X509_ALGOR_set0() failure. ok jsing
* Add a helper to set RSASSA-PSS padding parameterstb2023-11-071-10/+29
| | | | | | | | | | | | This sets the AlgorithmIdentifier's algorithm to id-RSASSA-PSS with appropriate RSASSA-PSS parameters. This pulls a chunk of code out of rsa_cms_sign() and rewrites it with proper error checking, thereby fixing a long-standing leak. This helper can also be used in rsa_item_sign(), but that part is a bit special, and will therefore be commmitted separately. ok jsing
* Add a helper to set RSA PKCS #1 v1.5 padding OIDtb2023-11-071-12/+15
| | | | | | | | This removes a few duplicated and unchecked X509_ALGOR_set0() calls and factors them into a helper function that sets the AlgorithmIdentifier on the recipient info or signer info to rsaEncryption with null parameters. ok jsing
* Rework the MD setting in the RSA ASN.1 methodtb2023-10-261-45/+95
| | | | | | | | | | | This streamlines the code to use safer idioms, do proper error checking and be slightly less convoluted. Sprinkle a few references to RFC 8017 and explain better what we are doing and why. Clarify ownership and use more consistent style. This removes the last internal use of X509_ALGOR_set_md(). ok jsing
* RSA's _free and _size also lose their int_ prefixtb2023-08-121-7/+7
|
* Fix a leak in rsa_pub_encode()tb2023-08-101-12/+19
| | | | | | | | rsa_param_encode() allocates the PSS parameters in an ASN1_STRING which is leaked if any error occurs later in rsa_pub_encode(). Convert the rest of the code to follow our ordinary idioms more closely. ok jsing
* rsa_priv_encode: plug leak on PKCS8_pkey_set0() failuretb2023-08-101-15/+19
| | | | | | Change the code to use safer idioms and avoid nested function calls. ok jsing
* Mop up remaining uses of ASN1_bn_print()tb2023-07-071-41/+10
| | | | | | | This removes lots of silly buffers and will allow us to make this API go away. ok jsing
* Add missing rsa_security_bit() handler to the RSA-PSS ASN1_METHODtb2023-05-191-1/+2
| | | | | | Prompted by a report by Steffen Ullrich on libressl@openbsd.org ok jsing
* Pull in <openssl/rsa.h> directlytb2023-03-251-1/+2
| | | | | | This is needed for many reasons. It is currently pulled in via x509.h but only when OPENSSL_NO_DEPRECATED is undefined. Again this should be fixed in the public header as well.
* Make internal header file names consistenttb2022-11-261-4/+4
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Prepare to provide EVP_PKEY_security_bits()tb2022-06-271-1/+8
| | | | | | | This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing
* Prepare to provide EVP_PKEY_check()tb2022-01-101-4/+14
| | | | | | | | | | | | | | | | | | This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively. The corresponding setters are EVP_PKEY_{asn1,meth}_set_check(). It is unclear why the PKEY method has no const while the ASN.1 method has const. Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3 ok inoguchi jsing
* Fix rsa key output formatinoguchi2019-11-201-5/+12
| | | | | | This fixes openssl(1) rsa -text output format ok tb@
* Bring back some icky buffer allocation code so that pkey_rsa_print()jsing2019-11-021-9/+41
| | | | | | works again with the horrific API that is ASN1_bn_print(). Issue spotted by inoguchi@
* Add RSA CMS support.jsing2019-11-011-3/+252
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Update RSA ASN.1 code to handle RSA-PSS.jsing2019-11-011-299/+380
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Add support for RSA-PSS.jsing2019-10-311-1/+119
| | | | | | From OpenSSL 1.1.1d. ok inoguchi@
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-241-2/+2
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-18/+14
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-301-3/+3
|
* unifdef OPENSSL_NO_CMSjsing2016-10-191-15/+1
|
* Fix for OpenSSL CVE-2015-3194beck2015-12-031-2/+2
| | | | ok krw@
* Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.beck2015-02-111-1/+15
|
* get rid of OPENSSL_NO_CMS code we do not use.beck2015-02-111-15/+1
| | | | ok miod@
* Remove duplicate 0x for salt len in output; Martin Kaiser via OpenSSL trunk.miod2014-07-111-2/+2
|
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-4/+6
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+4
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* ASN1_STRING_free can handle NULL, so callers don't need to check. ok miodtedu2014-07-091-3/+2
|
* More KNF.jsing2014-07-091-12/+15
|
* KNFmiod2014-07-091-245/+217
|
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* malloc() result does not need a cast.deraadt2014-06-071-1/+1
| | | | ok miod
* more: no need to null check before free; ok guentherderaadt2014-05-301-1/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-28 07:07:41 +0000