Add EVP_PKEY_RSA_PSS pmeth. #87
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bryce-shang
requested review from
andrewhop,
torben-hansen and
andrew-kaufman
|
This PR contains some fo the same changes as #86 |
Call out section has mentioned |
Sure, but that doesn't mean "wait with your review until the other PR is done and I have rebased" :) |
Co-authored-by: torben-hansen <[email protected]>
andrew-kaufman
approved these changes
Feb 13, 2021
bryce-shang
added a commit
that referenced
this pull request
May 4, 2021
* Define RSA_PSS_SALTLEN_DIGEST macro. (#85) * Define RSA_PSS_SALTLEN_DIGEST macro. * Replace '-1' with RSA_PSS_SALTLEN_DIGEST. * Add EVP_PKEY_RSA_PSS ameth. (#86) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. (#87) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Update crypto/fipsmodule/rsa/rsa.c Co-authored-by: torben-hansen <[email protected]> * Define new error code -- RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Move RSA ctrl func from rsa.h to evp/internal.h * Remove RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Add '||' * Remove imports. Co-authored-by: torben-hansen <[email protected]> * Add RSASSA-PSS-params decode. (#89) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Correct error prefix. * Remove unused import. * Improve comment. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Apply suggestions from code review Co-authored-by: torben-hansen <[email protected]> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <[email protected]> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. Co-authored-by: torben-hansen <[email protected]> * Validate pss params. (#90) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Check PSS parameters restrictions. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Move rsassapss conversion to rsassa_pss_asn1.c. * Correct error prefix. * Remove unused import. * Modify comment. * Improve comment. * Rename some functions. * Add more tests. * Add more tests. * Resolve TODO: fix X509Test.TestRsaSsaPss. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Disable rsassaPss encrypt and decrypt. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Apply suggestions from code review Co-authored-by: torben-hansen <[email protected]> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <[email protected]> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. * Removed unused test data. * Modify comments. * Explicitly check NULL. * Change method comment. * Address error code comment. * Apply suggestions from code review Co-authored-by: dkostic <[email protected]> Co-authored-by: torben-hansen <[email protected]> * Return EVP_PKEY_assign_* value. * Fix incorrect error code. * Adjust comment. * Define macro for default value of salt len and trailer field. * Fix max salt len. * Add more comments. * Check inputs are not NULL. * Remove saltlen == 0 check in pss_saltlen_create. * Add ctx->pkey NULL check in pkey_pss_init. Co-authored-by: torben-hansen <[email protected]> Co-authored-by: dkostic <[email protected]> * Avoid double free. Co-authored-by: torben-hansen <[email protected]> Co-authored-by: dkostic <[email protected]>
samuel40791765
pushed a commit
that referenced
this pull request
May 6, 2021
* Define RSA_PSS_SALTLEN_DIGEST macro. (#85) * Define RSA_PSS_SALTLEN_DIGEST macro. * Replace '-1' with RSA_PSS_SALTLEN_DIGEST. * Add EVP_PKEY_RSA_PSS ameth. (#86) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. (#87) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Update crypto/fipsmodule/rsa/rsa.c Co-authored-by: torben-hansen <[email protected]> * Define new error code -- RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Move RSA ctrl func from rsa.h to evp/internal.h * Remove RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Add '||' * Remove imports. Co-authored-by: torben-hansen <[email protected]> * Add RSASSA-PSS-params decode. (#89) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Correct error prefix. * Remove unused import. * Improve comment. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Apply suggestions from code review Co-authored-by: torben-hansen <[email protected]> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <[email protected]> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. Co-authored-by: torben-hansen <[email protected]> * Validate pss params. (#90) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Check PSS parameters restrictions. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Move rsassapss conversion to rsassa_pss_asn1.c. * Correct error prefix. * Remove unused import. * Modify comment. * Improve comment. * Rename some functions. * Add more tests. * Add more tests. * Resolve TODO: fix X509Test.TestRsaSsaPss. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Disable rsassaPss encrypt and decrypt. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Apply suggestions from code review Co-authored-by: torben-hansen <[email protected]> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <[email protected]> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. * Removed unused test data. * Modify comments. * Explicitly check NULL. * Change method comment. * Address error code comment. * Apply suggestions from code review Co-authored-by: dkostic <[email protected]> Co-authored-by: torben-hansen <[email protected]> * Return EVP_PKEY_assign_* value. * Fix incorrect error code. * Adjust comment. * Define macro for default value of salt len and trailer field. * Fix max salt len. * Add more comments. * Check inputs are not NULL. * Remove saltlen == 0 check in pss_saltlen_create. * Add ctx->pkey NULL check in pkey_pss_init. Co-authored-by: torben-hansen <[email protected]> Co-authored-by: dkostic <[email protected]> * Avoid double free. Co-authored-by: torben-hansen <[email protected]> Co-authored-by: dkostic <[email protected]>
samuel40791765
pushed a commit
to samuel40791765/aws-lc
that referenced
this pull request
May 6, 2021
* Define RSA_PSS_SALTLEN_DIGEST macro. (aws#85) * Define RSA_PSS_SALTLEN_DIGEST macro. * Replace '-1' with RSA_PSS_SALTLEN_DIGEST. * Add EVP_PKEY_RSA_PSS ameth. (aws#86) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. (aws#87) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Update crypto/fipsmodule/rsa/rsa.c Co-authored-by: torben-hansen <[email protected]> * Define new error code -- RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Move RSA ctrl func from rsa.h to evp/internal.h * Remove RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Add '||' * Remove imports. Co-authored-by: torben-hansen <[email protected]> * Add RSASSA-PSS-params decode. (aws#89) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Correct error prefix. * Remove unused import. * Improve comment. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Apply suggestions from code review Co-authored-by: torben-hansen <[email protected]> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <[email protected]> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. Co-authored-by: torben-hansen <[email protected]> * Validate pss params. (aws#90) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Check PSS parameters restrictions. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Move rsassapss conversion to rsassa_pss_asn1.c. * Correct error prefix. * Remove unused import. * Modify comment. * Improve comment. * Rename some functions. * Add more tests. * Add more tests. * Resolve TODO: fix X509Test.TestRsaSsaPss. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Disable rsassaPss encrypt and decrypt. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Apply suggestions from code review Co-authored-by: torben-hansen <[email protected]> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <[email protected]> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. * Removed unused test data. * Modify comments. * Explicitly check NULL. * Change method comment. * Address error code comment. * Apply suggestions from code review Co-authored-by: dkostic <[email protected]> Co-authored-by: torben-hansen <[email protected]> * Return EVP_PKEY_assign_* value. * Fix incorrect error code. * Adjust comment. * Define macro for default value of salt len and trailer field. * Fix max salt len. * Add more comments. * Check inputs are not NULL. * Remove saltlen == 0 check in pss_saltlen_create. * Add ctx->pkey NULL check in pkey_pss_init. Co-authored-by: torben-hansen <[email protected]> Co-authored-by: dkostic <[email protected]> * Avoid double free. Co-authored-by: torben-hansen <[email protected]> Co-authored-by: dkostic <[email protected]>
samuel40791765
added a commit
that referenced
this pull request
Sep 16, 2021
* OCSP structures and file import (#139) * adding basic ocsp files, structures, and asn1 functions * modify and strip down ocsp header file * added rudimentary OCSP structure related functions * add errordata file for ocsp * add dummy ocsp test file * modified OCSP_response_status function to align with OpenSSL's * remove unnecessary headers * remove dummy test file * Update build files in generated-src * remove auto generated files of comparison check * update copyright information * update copyright headers * updated comment styles * fixed small comments * Add EVP_PKEY_RSA_PSS decode support. (#140) * Define RSA_PSS_SALTLEN_DIGEST macro. (#85) * Define RSA_PSS_SALTLEN_DIGEST macro. * Replace '-1' with RSA_PSS_SALTLEN_DIGEST. * Add EVP_PKEY_RSA_PSS ameth. (#86) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. (#87) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Update crypto/fipsmodule/rsa/rsa.c Co-authored-by: torben-hansen <[email protected]> * Define new error code -- RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Move RSA ctrl func from rsa.h to evp/internal.h * Remove RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Add '||' * Remove imports. Co-authored-by: torben-hansen <[email protected]> * Add RSASSA-PSS-params decode. (#89) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Correct error prefix. * Remove unused import. * Improve comment. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Apply suggestions from code review Co-authored-by: torben-hansen <[email protected]> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <[email protected]> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. Co-authored-by: torben-hansen <[email protected]> * Validate pss params. (#90) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Check PSS parameters restrictions. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Move rsassapss conversion to rsassa_pss_asn1.c. * Correct error prefix. * Remove unused import. * Modify comment. * Improve comment. * Rename some functions. * Add more tests. * Add more tests. * Resolve TODO: fix X509Test.TestRsaSsaPss. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Disable rsassaPss encrypt and decrypt. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <[email protected]> * Apply suggestions from code review Co-authored-by: torben-hansen <[email protected]> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <[email protected]> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. * Removed unused test data. * Modify comments. * Explicitly check NULL. * Change method comment. * Address error code comment. * Apply suggestions from code review Co-authored-by: dkostic <[email protected]> Co-authored-by: torben-hansen <[email protected]> * Return EVP_PKEY_assign_* value. * Fix incorrect error code. * Adjust comment. * Define macro for default value of salt len and trailer field. * Fix max salt len. * Add more comments. * Check inputs are not NULL. * Remove saltlen == 0 check in pss_saltlen_create. * Add ctx->pkey NULL check in pkey_pss_init. Co-authored-by: torben-hansen <[email protected]> Co-authored-by: dkostic <[email protected]> * Avoid double free. Co-authored-by: torben-hansen <[email protected]> Co-authored-by: dkostic <[email protected]> * Check pss restriction only when it's set. (#145) * Fix minimal build for ARM (#146) * No longer rename assembly files in generated-src * Updating contents of generated-src * Run minimal tests for our ARM build * Basic OCSP Testing Framework (#144) * adding basic ocsp files, structures, and asn1 functions * modify and strip down ocsp header file * added rudimentary OCSP structure related functions * add errordata file for ocsp * add dummy ocsp test file * modified OCSP_response_status function to align with OpenSSL's * remove unnecessary headers * remove dummy test file * Update build files in generated-src * remove auto generated files of comparison check * update copyright information * update copyright headers * updated comment styles * fixed small comments * added basic ocsp test framework * fix extra line in header file * add ocsp_test.cc to Cmake file * added boringssl unique pointer support for ocsp * removed accidental extra comments * added link to test file from s2n der file in comments * Add supporting functionality and tests for OCSP_resp_find_status function (#147) * adding basic ocsp files, structures, and asn1 functions * modify and strip down ocsp header file * added rudimentary OCSP structure related functions * add errordata file for ocsp * add dummy ocsp test file * modified OCSP_response_status function to align with OpenSSL's * remove unnecessary headers * remove dummy test file * Update build files in generated-src * remove auto generated files of comparison check * update copyright information * update copyright headers * updated comment styles * fixed small comments * added basic ocsp test framework * fix extra line in header file * add ocsp_test.cc to Cmake file * added boringssl unique pointer support for ocsp * removed accidental extra comments * added link to test file from s2n der file in comments * add functionality to support OCSP_resp_find_status function * add revoked and good ocsp response tests * delete extra error definitions * update error data and generated-src * adding extra NULL checks * more null checks and minor code styling fixes * brushed up and made comments clearer * fix up test file comments * rolling back pointer changes * rename ocsp internal file * addressed PR comments * transferred some external API to internal and simplified tests * update OCSP_cert_to_id fuunction description * apply PR comments * added comments and test for default hash behavior * OCSP basic verification (#166) * adding basic ocsp files, structures, and asn1 functions * modify and strip down ocsp header file * added rudimentary OCSP structure related functions * add errordata file for ocsp * add dummy ocsp test file * modified OCSP_response_status function to align with OpenSSL's * remove unnecessary headers * remove dummy test file * Update build files in generated-src * remove auto generated files of comparison check * update copyright information * update copyright headers * updated comment styles * fixed small comments * added basic ocsp test framework * fix extra line in header file * add ocsp_test.cc to Cmake file * added boringssl unique pointer support for ocsp * removed accidental extra comments * added link to test file from s2n der file in comments * add functionality to support OCSP_resp_find_status function * add revoked and good ocsp response tests * delete extra error definitions * update error data and generated-src * adding extra NULL checks * more null checks and minor code styling fixes * brushed up and made comments clearer * update error data and add ocsp_verify file * add ocsp verify function * update error data, generated src, and OCSP verify flags * supporting find signer functions for OCSP_basic_verify * supporting find signer functions for OCSP_basic_verify * error data and ocsp_check_ids function * add ocsp verify check_issuer static functions * add complete OCSP_basic_verfiy functionality * brushed up comments * update comments * fix up test file comments * rolling back pointer changes * update error data and add ocsp_verify file * add ocsp verify function * update error data, generated src, and OCSP verify flags * supporting find signer functions for OCSP_basic_verify * supporting find signer functions for OCSP_basic_verify * error data and ocsp_check_ids function * add ocsp verify check_issuer static functions * add complete OCSP_basic_verfiy functionality * brushed up comments * update comments * update verify comments * fix comments * imported OCSP tests from s2n * rename ocsp internal file * addressed PR comments * transferred some external API to internal and simplified tests * update OCSP_cert_to_id fuunction description * apply previous pr comments * apply PR comments * abstract tests for basicverify * applied style changes * added time field related tests * added comments and test for default hash behavior * remove goto indent * rearranged ocsp_verify functions * changed time stamp to be within 32 bit systems * fixed unclear variables and variable declaration order * changed time stamp of valid time to later date in range * changed time stamp of valid time to later date in range * remove unneccesary OCSP flags and apply PR comments * abstracted OCSP status extraction tests * add test for ocsp response signed directly by CA * adding periods * applied verify comments * add periods * add verify macros for better clarification * SHA-256 unit tests for OCSP (#178) * added sha256 tests * add runbook and cert files used in ocsp_test.cc * changed wrong signer test comments * fix wrong fatal error definition in tests * rename folder and update readme * Importing OpenSSL OCSP tests (#181) * fix bugs in ocsp_verify ocsp tests from ossl found * added openssl tests and test files for ocsp * merged previous verify changes * apply comments * remove indent * Update build files in generated-src * fix test memory leak * add new line * apply PR comments * change ocsp untrusted stack value assign method * Update build files in generated-src * OCSP tests code refactor (#182) * optimized existing tests and added missing test files * remove hard coded tests * Update build files in generated-src * remove unnecessary gitignore directories * Update build files in generated-src * remove extra character * Fuzz tests for OCSP parser (#183) * update fuzzing runbook * add ocsp fuzzing test file * added new ocsp fuzzing corpus * add fuzzing target in cmake * readme updates * OCSP tests for specific status codes (#190) * update fuzzing runbook * add ocsp fuzzing test file * added new ocsp fuzzing corpus * add fuzzing target in cmake * add unknown cert tests and how to create * minor runbook text fixes * add response status tests * fixed up test comments * readme fix * Update build files in generated-src * improve wording in readme Co-authored-by: Bryce Shang <[email protected]> Co-authored-by: torben-hansen <[email protected]> Co-authored-by: dkostic <[email protected]> Co-authored-by: Andrew Kaufman <[email protected]>
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Nov 15, 2023
Ed25519 support and related updates s2n-bignum original commit: awslabs/s2n-bignum@db8409d
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Nov 19, 2023
Ed25519 support and related updates s2n-bignum original commit: awslabs/s2n-bignum@db8409d
dkostic
pushed a commit
to dkostic/aws-lc
that referenced
this pull request
Jul 22, 2024
Ed25519 support and related updates s2n-bignum original commit: awslabs/s2n-bignum@db8409d
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Sep 18, 2024
Ed25519 support and related updates s2n-bignum original commit: awslabs/s2n-bignum@db8409d
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Sep 18, 2024
Ed25519 support and related updates s2n-bignum original commit: awslabs/s2n-bignum@db8409d s2n-bignum original commit: awslabs/s2n-bignum@ca6fb90
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Sep 19, 2024
Ed25519 support and related updates s2n-bignum original commit: awslabs/s2n-bignum@db8409d
dkostic
pushed a commit
to dkostic/aws-lc
that referenced
this pull request
Dec 5, 2024
Ed25519 support and related updates
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues:
Addresses CryptoAlg-614
Description of changes:
This PR adds EVP_PKEY_RSA_PSS pmeth and lets awslc support restricted(PSS only) RSA sign, verify, encrypt and decrypt by importing below two OpenSSL 1.1.1 code commits.
The existing usage of
EVP_PKEY_CTX_ctrlonly supports one pkey_idEVP_PKEY_RSA. The two commits from OpenSSL 1.1.1 are to createRSA_pkey_ctx_ctrl(a wrapper ofEVP_PKEY_CTX_ctrl) and then use it to support bothEVP_PKEY_RSAandEVP_PKEY_RSA_PSS.Call-outs:
This PR has some code commits from #86. It's better to review #86 before this one.
When #85, #86 and 87 (this one) merged, s2n using awslc can enable
RSA_PSS_SIGNING_SUPPORTED. But other PSS PRs (not published yet. like fixing TODO, adds PSS restrictions) are still needed to make awslc PSS support more comprehensive.Testing:
CI. No new tests are added because most changes are just wrappers of existing methods to support pkey_id -- EVP_PKEY_RSA_PSS.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.