PSS pack: Add provider support for PSS parameters #11710
Conversation
|
This is currently incomplete, the EVP_SIGNATURE implementation still needs to be reworked, and serialization doesn't quite kick in as I expected. In spite of that, early comments welcome! |
|
The serializer issue was a non-issue, apart from a missing dependency... |
crypto/rsa/rsa_ameth.c
Outdated
Show resolved
Hide resolved
crypto/rsa/rsa_backend.c
Outdated
Show resolved
Hide resolved
crypto/rsa/rsa_lib.c
Outdated
Show resolved
Hide resolved
crypto/rsa/rsa_lib.c
Outdated
Show resolved
Hide resolved
crypto/rsa/rsa_local.h
Outdated
Show resolved
Hide resolved
|
@slontis, I'm confused, I seem to have imagined that RSASSA-PSS shouldn't be part of the fips module. Thanks for pointing it out. |
crypto/rsa/rsa_backend.c
Outdated
Show resolved
Hide resolved
crypto/rsa/rsa_pss.c
Outdated
Show resolved
Hide resolved
| return NID_undef; | ||
| } | ||
|
|
||
| static const char *nid2name(int meth, const OSSL_ITEM *items, size_t items_n) |
slontis
May 5, 2020
Contributor
meth is probably not the best name here..
meth is probably not the best name here..
slontis
May 13, 2020
Contributor
?
?
providers/implementations/signature/rsa.c
Outdated
Show resolved
Hide resolved
providers/implementations/serializers/serializer_rsa.c
Outdated
Show resolved
Hide resolved
providers/implementations/keymgmt/rsa_kmgmt.c
Outdated
Show resolved
Hide resolved
crypto/rsa/rsa_ameth.c
Outdated
Show resolved
Hide resolved
|
Note that this depends on #11750. With that merged in, all tests succeed in my setup, except test_ssl_new... |
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11710)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11710)
…meters Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11710)
To make it easier to check the generated key manually, display it before comparing diverse other serializations. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11710)
There were a few RSA-PSS related tests that were disabled for non-default library contexts. We now re-enable them. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11710)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11710)
There are a few things in the OpenSSL code that are known to give warnings that we know are harmless. We test our builds accordingly. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11710)
The problem encountered is that some arrays were deemed unnecessary by
clang, for example:
providers/common/der/der_rsa.c:424:28: error: variable 'der_aid_sha224Identifier' is not needed and will not be emitted [-Werror,-Wunneeded-internal-declaration]
static const unsigned char der_aid_sha224Identifier[] = {
^
However, these arrays are used in sizeof() expressions in other parts
of the code that's actually used, making that warning-turned-error a
practical problem. We solve this by making the array non-static,
which guarantees that the arrays will be emitted, even though
unnecessarily. Fortunately, they are very small.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #11710)
|
Merged 484d1a7 RSA: Add RSA key types |
PSS parameter support is sorely lacking in our providers. This PR seeks to remedy that.
Please read the separate commits for better understanding.