Skip to content

refactor: extract setup_pss_sign_ctx() to deduplicate sign/verify PSS setup#158

Merged
atoomic merged 1 commit intocpan-authors:mainfrom
atoomic:koan.atoomic/fix-issue-154
Apr 3, 2026
Merged

refactor: extract setup_pss_sign_ctx() to deduplicate sign/verify PSS setup#158
atoomic merged 1 commit intocpan-authors:mainfrom
atoomic:koan.atoomic/fix-issue-154

Conversation

@Koan-Bot
Copy link
Copy Markdown
Contributor

@Koan-Bot Koan-Bot commented Apr 3, 2026
edited
Loading

Summary

The PSS context-setup logic (padding auto-promote to PSS, signature digest, MGF1 hash, salt length) was copied verbatim into both sign() and verify() on OpenSSL 3.x. Any future change — e.g. configurable salt length — had to be applied in two places or the two operations could silently diverge, risking sign/verify mismatches.

Fixes #154

Changes

  • Add static int setup_pss_sign_ctx(EVP_PKEY_CTX *ctx, int padding, int hash_nid, EVP_MD **md_out) inside the #if >= 0x30000000L block, encapsulating the shared PSS/PKCS1 context-setup logic
  • Replace the 14-line duplicated block in sign() with a single THROW(setup_pss_sign_ctx(...)) call
  • Replace the 13-line duplicated block in verify() with a single THROW(setup_pss_sign_ctx(...)) call
  • Remove now-unused sign_pad and verify_pad local variables

Test plan

  • All 477 existing tests pass (make test)
  • sign_verify.t and pss_auto_promote.t exercise the PSS code paths through the new helper

Generated by Kōan /fix

Quality Report

Changes: 1 file changed, 38 insertions(+), 29 deletions(-)

Code scan: clean

Tests: passed (OK)

Branch hygiene: clean

Generated by Kōan post-mission quality pipeline

@Koan-Bot @claude
refactor: extract setup_pss_sign_ctx() to deduplicate sign/verify PSS…
63fca0a 
… setup

The PSS context-setup logic (padding auto-promote, signature digest,
MGF1 hash, salt length) was copy-pasted verbatim in both sign() and
verify().  Any future change — e.g. configurable salt length — had to be
applied in two places or the two operations would silently diverge.

Extract a static helper setup_pss_sign_ctx() that encapsulates the
shared logic.  Both sign() and verify() now call it via THROW(), keeping
the same error-path semantics.  Remove the now-unused sign_pad and
verify_pad local variables.

Fixes cpan-authors#154

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@timlegge timlegge marked this pull request as ready for review April 3, 2026 23:02
timlegge
timlegge approved these changes Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@timlegge timlegge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@atoomic Looks good reduces duplication - a good change

@atoomic atoomic merged commit b0c1c1f into cpan-authors:main Apr 3, 2026
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timlegge timlegge timlegge approved these changes

Assignees

@atoomic atoomic

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

duplication: PSS context setup logic copied verbatim between sign() and verify()

3 participants

@Koan-Bot @timlegge @atoomic