summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Ignore ENGINE at the API boundarytb2023-11-291-3/+1
| | | | | | | | This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL. ok jsing
* Unifdef OPENSSL_NO_ENGINE in libcryptotb2023-11-191-34/+1
| | | | | | | This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing
* Fix X509_ALGOR_set0() usage in rsa_alg_set_oaep_padding()tb2023-11-091-4/+6
| | | | | | | | | | | Replace X509_ALGOR_set0() with X509_ALGOR_set0_by_nid(). This way there is no missing error checking for OBJ_nid2obj() and no nested functions. Slightly more importantly, this plugs two long standing potential leaks in this function (or previously rsa_cms_encrypt()) due to missing error checking: in the unlikely event that X509_ALGOR_set0() failed, astr/ostr would leak. ok jsing
* Use X509_ALGOR_set0_by_nid() in rsa_mgf1md_to_maskGenAlgorithm()tb2023-11-091-5/+2
| | | | ok jsing
* More minor cleanup in rsa_alg_set_oaep_padding()tb2023-11-081-4/+3
| | | | | Test and assign one more instance replace a useless comment by an empty line.
* Prepare further fixes of X509_ALGOR_set0() misusetb2023-11-081-8/+7
| | | | | | | | In rsa_alg_set_oaep_padding() rename los to ostr for consistency with astr, make it have function scope, free ostr in the error path and assume X509_ALGOR_set0() success. ok jca
* zap a stray spacetb2023-11-081-2/+2
|
* Rename os into astr in rsa_alg_set_oaep_padding()tb2023-11-081-6/+6
|
* Rename pkctx to pkey_ctx in rsa_alg_set_oaep_padding() and rsa_cms_encrypt()tb2023-11-081-9/+9
|
* Some simple cosmetics in rsa_alg_set_oaep_padding()tb2023-11-081-4/+8
| | | | | | | Rename rv into ret and split it on its own line, move labellen a bit down add some empty lines. To match style elsewhere. Most of this was requested by jsing
* Split OAEP padding handling into a helper functiontb2023-11-081-53/+59
| | | | | | | | This matches what is done for PKCS#1 1.5 and PSS. This function needs a lot of work still, but it's easier to do that without having to tiptoe around a lot of other garbage. ok jsing
* Move CMS_RecipientInfo_ktri_get0_algs() down a few lines and fix itstb2023-11-071-3/+6
| | | | error check
* Move CMS_RecipientInfo_get0_pkey_ctx() to first use of pkctxtb2023-11-071-3/+3
|
* Inline rsa_ctx_to_pss_string()tb2023-11-071-16/+6
| | | | | | After previous refactoring, rsa_all_set_pss_padding() is the last remaining caller of the weirdly named and ugly rsa_all_set_pss_padding(). This can be handled in a few simple lines now that this mess has slightly cleaner code.
* Rename pkctx to pkey_ctx in rsa_{cms,item}_sign()tb2023-11-071-26/+26
|
* Trivial cleanup in rsa_cms_sign()tb2023-11-071-5/+5
| | | | | Check and assign the EVP_PKEY_CTX and move the extraction of the algorithm identifier from the signer info a few lines down.
* Rework RSA_PKCS1_PSS_PADDING handling in rsa_item_sign()tb2023-11-071-14/+4
| | | | | | | | | | The current convoluted mess can be handled with two calls to the new rsa_alg_set_pss_padding() helper. Not that this would be obvious at all. This fixes two more leaks in case of X509_ALGOR_set0() failure. ok jsing
* Add a helper to set RSASSA-PSS padding parameterstb2023-11-071-10/+29
| | | | | | | | | | | | This sets the AlgorithmIdentifier's algorithm to id-RSASSA-PSS with appropriate RSASSA-PSS parameters. This pulls a chunk of code out of rsa_cms_sign() and rewrites it with proper error checking, thereby fixing a long-standing leak. This helper can also be used in rsa_item_sign(), but that part is a bit special, and will therefore be commmitted separately. ok jsing
* Add a helper to set RSA PKCS #1 v1.5 padding OIDtb2023-11-071-12/+15
| | | | | | | | This removes a few duplicated and unchecked X509_ALGOR_set0() calls and factors them into a helper function that sets the AlgorithmIdentifier on the recipient info or signer info to rsaEncryption with null parameters. ok jsing
* Rework the MD setting in the RSA ASN.1 methodtb2023-10-261-45/+95
| | | | | | | | | | | This streamlines the code to use safer idioms, do proper error checking and be slightly less convoluted. Sprinkle a few references to RFC 8017 and explain better what we are doing and why. Clarify ownership and use more consistent style. This removes the last internal use of X509_ALGOR_set_md(). ok jsing
* RSA's _free and _size also lose their int_ prefixtb2023-08-121-7/+7
|
* Fix a leak in rsa_pub_encode()tb2023-08-101-12/+19
| | | | | | | | rsa_param_encode() allocates the PSS parameters in an ASN1_STRING which is leaked if any error occurs later in rsa_pub_encode(). Convert the rest of the code to follow our ordinary idioms more closely. ok jsing
* rsa_priv_encode: plug leak on PKCS8_pkey_set0() failuretb2023-08-101-15/+19
| | | | | | Change the code to use safer idioms and avoid nested function calls. ok jsing
* Rework BN_BLINDING to use pthread_t directlytb2023-08-093-28/+18
| | | | | | | | | | Instead of CRYPTO_THREADID, which passes pthread_via through unsigned long, we can use pthread_self() and pthread_equal() directly. This commit keeps using the awkward 'local' nomenclature as that is used throughout the rsa code. This will be changed after the blinding code will have been fully merged into rsa_blinding.c. ok jsing
* Merge remainder of rsa_crpt.c into rsa_eay.ctb2023-08-092-128/+54
| | | | | Most of these are one line wrappers around methods implemented in rsa_eay.c by default.
* Move RSA blinding API from rsa_crpt.c to rsa_blinding.ctb2023-08-092-102/+102
|
* Move RSA_blinding_{on,off}() to the bottom of the filetb2023-08-091-29/+29
|
* Move bn_blind.c to rsa_blinding.ctb2023-08-092-1/+269
| | | | discussed with jsing
* Merge BN_BLINDING_create_param() into BN_BLINDING_new()tb2023-08-091-2/+2
|
* Drop the unused BN_BLINDING argument of BN_BLINDING_create_param()tb2023-08-081-4/+5
|
* Simplify RSA_setup_blinding()tb2023-08-081-21/+16
| | | | | | | Make this look a bit more like other code we cleaned up avoiding nesting and unnecessary else branches. ok jsing
* Drop the _ex from BN_BLINDING_{convert,invert}_ex()tb2023-08-021-6/+6
|
* Make BN_BLINDING internaltb2023-07-284-6/+7
| | | | | | | | | | RSA is pretty bad. In my most optimistic moments I dream of a world that stopped using it. That won't happen during my lifetime, unfortunately. Blinding is one way of making it a little less leaky. Unfortunately this side-channel leak mitigation leaked out of the library for no good reason. Let's at least fix that aspect of it. ok jsing
* Add missing license for rsa_local.htb2023-07-211-1/+57
| | | | discussed with jsing
* Hide symbols in rsabeck2023-07-0816-18/+129
| | | | ok tb@
* Rename RSA_eay_* to rsa_*.jsing2023-07-071-44/+33
| | | | | | | | Rename all of the RSA_eay_* functions to rsa_*, as well as changing the method name (and naming). Reorder things slightly so that we can remove all of the prototypes for static functions. ok tb@
* Mop up remaining uses of ASN1_bn_print()tb2023-07-071-41/+10
| | | | | | | This removes lots of silly buffers and will allow us to make this API go away. ok jsing
* Add missing rsa_security_bit() handler to the RSA-PSS ASN1_METHODtb2023-05-191-1/+2
| | | | | | Prompted by a report by Steffen Ullrich on libressl@openbsd.org ok jsing
* Salt shares the blame of the continued existence of the X9.31 padding modetb2023-05-051-2/+2
|
* Add back support for RSA_X931_PADDINGtb2023-05-053-65/+127
| | | | | | | This makes the custom stalt stack work again. Tested by robert as part of a larger diff ok jsing
* Bring back the X9.31 padding helperstb2023-05-051-0/+164
| | | | | | | | | | Nothing should be using this anymore, except that salt decided to use it in its home-cooked protocol, which already had its share of issues. Hopefully the efforts to switch salt to something more reasonable and standardized like mTLS will succeed sooner rather than later. tested as part of a larger patch by robert ok jsing
* Remove X9.31 supporttb2023-04-252-173/+1
| | | | ok jsing
* Wire up truncated SHA-2, SHA-3 and related thingstb2023-04-251-1/+8
| | | | from jsing
* Bring includes into canonical ordertb2023-04-181-2/+3
| | | | Requested by jsing
* Move some includes out of OPENSSL_NO_DEPRECATEDtb2023-04-181-3/+1
| | | | | | | | | | | | | Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes that eventually the mess of everything includes everything will magically resolve itself. Of course everyone would end up building openssl with OPENSSL_NO_DEPRECATED over time... Right. Surprisingly, the ecosystem has come to rely on these implicit inclusions, so about two dozen ports would fail to build because of this. Patching this would be easy but really not worth the effort. ok jsing
* Stop supporting the long-retired X9.31 standardtb2023-04-152-113/+57
| | | | | | | | This isolates the three API functions from the library so they can be easily removed and any attempt to use RSA_X931_PADDING mode will now result in an error. ok jsing
* Prepare rsa.h for X9.31 support removaltb2023-04-151-1/+5
| | | | | | | | | | This wraps the three public functions in the usual #if stanza. RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang. Therefore it will remain visible to avoid breaking the build of lang/rust. Its use in the library will be neutered shortly. ok jsing
* The NBs have been duly noted and ignored. Drop them.tb2023-04-131-14/+1
|
* Remove files that definitely contain no code anymoretb2023-04-131-68/+0
| | | | (experts disagree whether they ever did)
* Move RSA_generate_key() from rsa_depr.c to rsa_gen.ctb2023-04-132-34/+35
| | | | Discussed with jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 03:34:11 +0000