RSA PSS OpenSSL compatibility verification: support AUTO#6938
Merged
dgarske merged 1 commit intowolfSSL:masterfrom Nov 2, 2023
Merged
RSA PSS OpenSSL compatibility verification: support AUTO#6938dgarske merged 1 commit intowolfSSL:masterfrom
dgarske merged 1 commit intowolfSSL:masterfrom
Conversation
dgarske
requested changes
Nov 1, 2023
Member
There was a problem hiding this comment.
Perhaps the #else case should return an error?
Contributor
Author
There was a problem hiding this comment.
No case now when WOLFSSL_PSS_SALT_LEN_DISCOVER not defined.
Will go to default which errors out on negative.
Member
There was a problem hiding this comment.
I'd really like a test case for this... Could we add one?
Contributor
Author
There was a problem hiding this comment.
Actually that doesn't work.
-2 is RSA_PSS_SALTLEN_MAX_SIGN for signing and using -2 should have the same semantics in verify.
Discovery will handle anything.
SparkiDev
force-pushed
the
rsa_pss_salt_len_openssl_compat_fix
branch
from
6d06322 to
e766b5b
Compare
dgarske
previously approved these changes
Nov 2, 2023
When wolfSSL_RSA_verify_PKCS1_PSS() called with RSA_PSS_SALTLEN_AUTO (RSA_PSS_SALTLEN_MAX_SIGN) it wasn't using RSA_PSS_SALT_LEN_DISCOVER when available.
SparkiDev
force-pushed
the
rsa_pss_salt_len_openssl_compat_fix
branch
from
e766b5b to
4870435
Compare
dgarske
approved these changes
Nov 2, 2023
Member
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Confirmed fix works. Required adding -DWOLFSSL_PSS_SALT_LEN_DISCOVER to wolfSSL build options.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
When wolfSSL_RSA_verify_PKCS1_PSS() called with RSA_PSS_SALTLEN_AUTO (RSA_PSS_SALTLEN_MAX_SIGN) it wasn't using RSA_PSS_SALT_LEN_DISCOVER when available. ZD 16897
Testing
PoC
Checklist