diff options
author | Clemens Lang <cllang@redhat.com> | 2022-11-21 14:33:57 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-12-08 11:02:52 +0100 |
commit | 5a3bbe1712435d577bbc5ec046906979e8471d8b (patch) | |
tree | 0baeafcfd65f2db8dc64c27689f3b63d51421ef2 /providers | |
parent | cae72eefc3fbdd2f7a1a065f237bf3943619bca2 (diff) | |
download | openssl-new-5a3bbe1712435d577bbc5ec046906979e8471d8b.tar.gz |
Obtain PSS salt length from provider
Rather than computing the PSS salt length again in core using
ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the
salt length, obtain it from the provider using the
OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the
interpretation of the magic constants in the provider differs from that
of OpenSSL core.
Add tests that verify that the rsa_pss_saltlen:max,
rsa_pss_saltlen:<integer> and rsa_pss_saltlen:digest options work and
put the computed digest length into the CMS_ContentInfo struct when
using CMS. Do not add a test for the salt length generated by a provider
when no specific rsa_pss_saltlen option is defined, since that number
could change between providers and provider versions, and we want to
preserve compatibility with older providers.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19724)
Diffstat (limited to 'providers')
0 files changed, 0 insertions, 0 deletions