PROV: add RSA signature implementation#10557
Conversation
levitte
added
branch: master
|
I get large numbers of test failures when I try this locally. Still investigating, however I'm surprised not to see any handling of |
|
...in fact no handling of pss at all AFAICT? |
|
Yup, PSS support remains to be done on the provider side. But I'm surprised that actually fails, because that should go to the legacy routines, since RSASSA-PSS is supposedly treated as a separate algorithm! |
|
There seems to be more going on. I recognise the 'test_req` failures from my keygen work (I've a local fix there, and wonder if the same applies here) |
... 'xcept no, that's not at all true. |
levitte
changed the title
|
I put this in WIP, it needs further work |
Can you pass the extra parameter to the DSA functions and have them ignore it? Or is there current API's that get in the way of doing that? (I'm hoping that the PARAM layer can just ignore things, e.g.) |
|
It wasn't as easy as I thought |
|
Almost there. As usual, the CMS test is the last stumbling block... |
|
Now, even CMS passes through on my machine. It turned out that I had forgotten to take care of PSS_SALTLEN params |
|
Is this out of WIP now? |
levitte
changed the title
Yes |
|
I think I've addressed all reviewing comments so far. |
|
Anything else? The CIs seem happy |
|
... or not. Damn github delayed update... |
|
There was a missing check. Travis will hopefully be happier now. |
|
All CIs are happy |
|
@t8m, does your approval still stand? Things have happened since, so perhaps a re-approval would be safer? |
levitte
added
the
approval: done
|
And there is merge conflict now. |
Damnit! |
levitte
force-pushed
the
add-rsa-signature
branch
from
7f6e2b5 to
26ae800
Compare
|
At least, it wasn't a conflict I had caused myself 😉 |
|
Now there is a travis failure and there seem to be some deprecated declarations warnings as well in the build logs. |
|
Ah, right! Totally forgot that part |
|
Travis failure is just the usual timeout... |
|
I'll merge later tonight, or tomorrow morning |
This includes legacy PSS controls to params conversion, and an attempt to generalise the parameter names when they are suitable for more than one operation. Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers for known RSA+hash function combinations. Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#10557)
Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#10557)
Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#10557)
Tests that go through provider cannot recognise PKEY_CTRL_INVALID from PKEY_CTRL_ERROR any more, because provided implementations' param setting functions return 0 or 1. Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#10557)
Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#10557)
Clean up a manual we've touched, according to conventions found in Linux' man-pages(7); function arguments in descriptions should be in italics, and types, macros and similar should be in bold, with the exception for NULL. Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#10557)
Made macro names that refer to a known base OID, an commented accordingly. Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#10557)
levitte
force-pushed
the
add-rsa-signature
branch
from
c8bad47 to
8e90e3d
Compare
|
Done |
|
This regressed MD5-SHA1 signatures. |
7 participants
This is almost an exact copy of the DSA implementation, except we need
to pass the MD type to RSA_sign() and RSA_verify() (the corresponding
DSA functions don't care).