summaryrefslogtreecommitdiffstats
path: root/src/include/ipxe/rsa.h
Commit message (Collapse)AuthorAgeFilesLines
* [build] Mark known reviewed files as permitted for UEFI Secure BootMichael Brown2026-01-141-0/+1
| | | | | | | | | Some past security reviews carried out for UEFI Secure Boot signing submissions have covered specific drivers or functional areas of iPXE. Mark all of the files comprising these areas as permitted for UEFI Secure Boot. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Remove the concept of a public-key algorithm reusable contextMichael Brown2024-08-211-25/+0Star
| | | | | | | | | | | | | | | | | | | | | | | Instances of cipher and digest algorithms tend to get called repeatedly to process substantial amounts of data. This is not true for public-key algorithms, which tend to get called only once or twice for a given key. Simplify the public-key algorithm API so that there is no reusable algorithm context. In particular, this allows callers to omit the error handling currently required to handle memory allocation (or key parsing) errors from pubkey_init(), and to omit the cleanup calls to pubkey_final(). This change does remove the ability for a caller to distinguish between a verification failure due to a memory allocation failure and a verification failure due to a bad signature. This difference is not material in practice: in both cases, for whatever reason, the caller was unable to verify the signature and so cannot proceed further, and the cause of the error will be visible to the user via the return status code. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Expose RSA_CTX_SIZE constantMichael Brown2017-06-201-0/+3
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Support SHA-{224,384,512} in X.509 certificatesMichael Brown2015-08-021-0/+1
| | | | | | | | | Add support for SHA-224, SHA-384, and SHA-512 as digest algorithms in X.509 certificates, and allow the choice of public-key, cipher, and digest algorithms to be configured at build time via config/crypto.h. Originally-implemented-by: Tufan Karadere <tufank@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [legal] Relicense files under GPL2_OR_LATER_OR_UBDLMichael Brown2015-03-021-1/+1
| | | | | | | Relicense files for which I am the sole author (as identified by util/relicense.pl). Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Move all ASN.1 OIDs to asn1.hMichael Brown2012-03-211-75/+0Star
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Use linker tables for RSA digestInfo prefixesMichael Brown2012-03-201-0/+18
| | | | | | | Allow external code to specify RSA digestInfo prefixes for additional digest algorithms. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Force caller to provide temporary storage for modular calculationsMichael Brown2012-03-181-0/+2
| | | | | | | | | | | | | bigint_mod_multiply() and bigint_mod_exp() require a fixed amount of temporary storage for intermediate results. (The amount of temporary storage required depends upon the size of the integers involved.) When performing calculations for 4096-bit RSA the amount of temporary storage space required will exceed 2.5kB, which is too much to allocate on the stack. Avoid this problem by forcing the caller to allocate temporary storage. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add native RSA algorithmMichael Brown2012-03-181-3/+127
| | | | | | Add an implementation of RSA that uses the iPXE big-integer support. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [build] Rename gPXE to iPXEMichael Brown2010-04-201-0/+12
Access to the gpxe.org and etherboot.org domains and associated resources has been revoked by the registrant of the domain. Work around this problem by renaming project from gPXE to iPXE, and updating URLs to match. Also update README, LOG and COPYRIGHTS to remove obsolete information. Signed-off-by: Michael Brown <mcb30@ipxe.org>
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-04 23:21:40 +0100