Add EVP_PKEY_RSA_PSS decode support. #140
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Define RSA_PSS_SALTLEN_DIGEST macro. * Replace '-1' with RSA_PSS_SALTLEN_DIGEST.
* Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode.
* Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Update crypto/fipsmodule/rsa/rsa.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Define new error code -- RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Move RSA ctrl func from rsa.h to evp/internal.h * Remove RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Add '||' * Remove imports. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com>
* Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Correct error prefix. * Remove unused import. * Improve comment. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com>
* Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Check PSS parameters restrictions. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Move rsassapss conversion to rsassa_pss_asn1.c. * Correct error prefix. * Remove unused import. * Modify comment. * Improve comment. * Rename some functions. * Add more tests. * Add more tests. * Resolve TODO: fix X509Test.TestRsaSsaPss. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Disable rsassaPss encrypt and decrypt. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. * Removed unused test data. * Modify comments. * Explicitly check NULL. * Change method comment. * Address error code comment. * Apply suggestions from code review Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com> Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Return EVP_PKEY_assign_* value. * Fix incorrect error code. * Adjust comment. * Define macro for default value of salt len and trailer field. * Fix max salt len. * Add more comments. * Check inputs are not NULL. * Remove saltlen == 0 check in pss_saltlen_create. * Add ctx->pkey NULL check in pkey_pss_init. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com>
dkostic
previously approved these changes
Apr 29, 2021
dkostic
approved these changes
May 4, 2021
samuel40791765
pushed a commit
that referenced
this pull request
May 6, 2021
* Define RSA_PSS_SALTLEN_DIGEST macro. (#85) * Define RSA_PSS_SALTLEN_DIGEST macro. * Replace '-1' with RSA_PSS_SALTLEN_DIGEST. * Add EVP_PKEY_RSA_PSS ameth. (#86) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. (#87) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Update crypto/fipsmodule/rsa/rsa.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Define new error code -- RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Move RSA ctrl func from rsa.h to evp/internal.h * Remove RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Add '||' * Remove imports. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Add RSASSA-PSS-params decode. (#89) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Correct error prefix. * Remove unused import. * Improve comment. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Validate pss params. (#90) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Check PSS parameters restrictions. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Move rsassapss conversion to rsassa_pss_asn1.c. * Correct error prefix. * Remove unused import. * Modify comment. * Improve comment. * Rename some functions. * Add more tests. * Add more tests. * Resolve TODO: fix X509Test.TestRsaSsaPss. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Disable rsassaPss encrypt and decrypt. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. * Removed unused test data. * Modify comments. * Explicitly check NULL. * Change method comment. * Address error code comment. * Apply suggestions from code review Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com> Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Return EVP_PKEY_assign_* value. * Fix incorrect error code. * Adjust comment. * Define macro for default value of salt len and trailer field. * Fix max salt len. * Add more comments. * Check inputs are not NULL. * Remove saltlen == 0 check in pss_saltlen_create. * Add ctx->pkey NULL check in pkey_pss_init. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com> * Avoid double free. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com>
samuel40791765
pushed a commit
to samuel40791765/aws-lc
that referenced
this pull request
May 6, 2021
* Define RSA_PSS_SALTLEN_DIGEST macro. (aws#85) * Define RSA_PSS_SALTLEN_DIGEST macro. * Replace '-1' with RSA_PSS_SALTLEN_DIGEST. * Add EVP_PKEY_RSA_PSS ameth. (aws#86) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. (aws#87) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Update crypto/fipsmodule/rsa/rsa.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Define new error code -- RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Move RSA ctrl func from rsa.h to evp/internal.h * Remove RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Add '||' * Remove imports. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Add RSASSA-PSS-params decode. (aws#89) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Correct error prefix. * Remove unused import. * Improve comment. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Validate pss params. (aws#90) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Check PSS parameters restrictions. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Move rsassapss conversion to rsassa_pss_asn1.c. * Correct error prefix. * Remove unused import. * Modify comment. * Improve comment. * Rename some functions. * Add more tests. * Add more tests. * Resolve TODO: fix X509Test.TestRsaSsaPss. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Disable rsassaPss encrypt and decrypt. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. * Removed unused test data. * Modify comments. * Explicitly check NULL. * Change method comment. * Address error code comment. * Apply suggestions from code review Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com> Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Return EVP_PKEY_assign_* value. * Fix incorrect error code. * Adjust comment. * Define macro for default value of salt len and trailer field. * Fix max salt len. * Add more comments. * Check inputs are not NULL. * Remove saltlen == 0 check in pss_saltlen_create. * Add ctx->pkey NULL check in pkey_pss_init. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com> * Avoid double free. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com>
samuel40791765
added a commit
that referenced
this pull request
Sep 16, 2021
* OCSP structures and file import (#139) * adding basic ocsp files, structures, and asn1 functions * modify and strip down ocsp header file * added rudimentary OCSP structure related functions * add errordata file for ocsp * add dummy ocsp test file * modified OCSP_response_status function to align with OpenSSL's * remove unnecessary headers * remove dummy test file * Update build files in generated-src * remove auto generated files of comparison check * update copyright information * update copyright headers * updated comment styles * fixed small comments * Add EVP_PKEY_RSA_PSS decode support. (#140) * Define RSA_PSS_SALTLEN_DIGEST macro. (#85) * Define RSA_PSS_SALTLEN_DIGEST macro. * Replace '-1' with RSA_PSS_SALTLEN_DIGEST. * Add EVP_PKEY_RSA_PSS ameth. (#86) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. (#87) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Update crypto/fipsmodule/rsa/rsa.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Define new error code -- RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Move RSA ctrl func from rsa.h to evp/internal.h * Remove RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. * Add '||' * Remove imports. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Add RSASSA-PSS-params decode. (#89) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Correct error prefix. * Remove unused import. * Improve comment. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Validate pss params. (#90) * Add EVP_PKEY_RSA_PSS ameth. * Add test to verify SubjectPublicKeyInfo decode. * Add EVP_PKEY_RSA_PSS pmeth. * Import RSA_pkey_ctx_ctrl -- OpenSSL 1.1.1@e5e04ee. * Support pad mode get/set for PSS keys. OpenSSL 1.1.1@a300c72. * Fix TODO comment. * Add RSASSA-PSS-params decode. * Remove trailer field related TODO. * Fix leaked mem. * Remove unsupported sha oid. * Revert "Remove unsupported sha oid." This reverts commit be955ce. * Check PSS parameters restrictions. * Move rsassa_pss from rsa.h to rsassa_pss.h. * Fix merge conflict. * Move rsassapss conversion to rsassa_pss_asn1.c. * Correct error prefix. * Remove unused import. * Modify comment. * Improve comment. * Rename some functions. * Add more tests. * Add more tests. * Resolve TODO: fix X509Test.TestRsaSsaPss. * Use JDK11 generated DER-encoded RSASSA-PSS-params for test. * Disable rsassaPss encrypt and decrypt. * Remove unused comment. * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss.h Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Update crypto/rsa_extra/rsassa_pss_asn1.c Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Enhance code comments. * Define tag value index macros. * Condense code. * Update crypto/rsa_extra/rsassa_pss_asn1_test.cc Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Check EVP_PKEY_assign return value. * Check NID_undef value. * Correct comments. * Add more tests. * Add more tests on trailer field and salt length. * Rename rsassa_pss.h to internal.h. * Removed unused test data. * Modify comments. * Explicitly check NULL. * Change method comment. * Address error code comment. * Apply suggestions from code review Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com> Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> * Return EVP_PKEY_assign_* value. * Fix incorrect error code. * Adjust comment. * Define macro for default value of salt len and trailer field. * Fix max salt len. * Add more comments. * Check inputs are not NULL. * Remove saltlen == 0 check in pss_saltlen_create. * Add ctx->pkey NULL check in pkey_pss_init. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com> * Avoid double free. Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com> * Check pss restriction only when it's set. (#145) * Fix minimal build for ARM (#146) * No longer rename assembly files in generated-src * Updating contents of generated-src * Run minimal tests for our ARM build * Basic OCSP Testing Framework (#144) * adding basic ocsp files, structures, and asn1 functions * modify and strip down ocsp header file * added rudimentary OCSP structure related functions * add errordata file for ocsp * add dummy ocsp test file * modified OCSP_response_status function to align with OpenSSL's * remove unnecessary headers * remove dummy test file * Update build files in generated-src * remove auto generated files of comparison check * update copyright information * update copyright headers * updated comment styles * fixed small comments * added basic ocsp test framework * fix extra line in header file * add ocsp_test.cc to Cmake file * added boringssl unique pointer support for ocsp * removed accidental extra comments * added link to test file from s2n der file in comments * Add supporting functionality and tests for OCSP_resp_find_status function (#147) * adding basic ocsp files, structures, and asn1 functions * modify and strip down ocsp header file * added rudimentary OCSP structure related functions * add errordata file for ocsp * add dummy ocsp test file * modified OCSP_response_status function to align with OpenSSL's * remove unnecessary headers * remove dummy test file * Update build files in generated-src * remove auto generated files of comparison check * update copyright information * update copyright headers * updated comment styles * fixed small comments * added basic ocsp test framework * fix extra line in header file * add ocsp_test.cc to Cmake file * added boringssl unique pointer support for ocsp * removed accidental extra comments * added link to test file from s2n der file in comments * add functionality to support OCSP_resp_find_status function * add revoked and good ocsp response tests * delete extra error definitions * update error data and generated-src * adding extra NULL checks * more null checks and minor code styling fixes * brushed up and made comments clearer * fix up test file comments * rolling back pointer changes * rename ocsp internal file * addressed PR comments * transferred some external API to internal and simplified tests * update OCSP_cert_to_id fuunction description * apply PR comments * added comments and test for default hash behavior * OCSP basic verification (#166) * adding basic ocsp files, structures, and asn1 functions * modify and strip down ocsp header file * added rudimentary OCSP structure related functions * add errordata file for ocsp * add dummy ocsp test file * modified OCSP_response_status function to align with OpenSSL's * remove unnecessary headers * remove dummy test file * Update build files in generated-src * remove auto generated files of comparison check * update copyright information * update copyright headers * updated comment styles * fixed small comments * added basic ocsp test framework * fix extra line in header file * add ocsp_test.cc to Cmake file * added boringssl unique pointer support for ocsp * removed accidental extra comments * added link to test file from s2n der file in comments * add functionality to support OCSP_resp_find_status function * add revoked and good ocsp response tests * delete extra error definitions * update error data and generated-src * adding extra NULL checks * more null checks and minor code styling fixes * brushed up and made comments clearer * update error data and add ocsp_verify file * add ocsp verify function * update error data, generated src, and OCSP verify flags * supporting find signer functions for OCSP_basic_verify * supporting find signer functions for OCSP_basic_verify * error data and ocsp_check_ids function * add ocsp verify check_issuer static functions * add complete OCSP_basic_verfiy functionality * brushed up comments * update comments * fix up test file comments * rolling back pointer changes * update error data and add ocsp_verify file * add ocsp verify function * update error data, generated src, and OCSP verify flags * supporting find signer functions for OCSP_basic_verify * supporting find signer functions for OCSP_basic_verify * error data and ocsp_check_ids function * add ocsp verify check_issuer static functions * add complete OCSP_basic_verfiy functionality * brushed up comments * update comments * update verify comments * fix comments * imported OCSP tests from s2n * rename ocsp internal file * addressed PR comments * transferred some external API to internal and simplified tests * update OCSP_cert_to_id fuunction description * apply previous pr comments * apply PR comments * abstract tests for basicverify * applied style changes * added time field related tests * added comments and test for default hash behavior * remove goto indent * rearranged ocsp_verify functions * changed time stamp to be within 32 bit systems * fixed unclear variables and variable declaration order * changed time stamp of valid time to later date in range * changed time stamp of valid time to later date in range * remove unneccesary OCSP flags and apply PR comments * abstracted OCSP status extraction tests * add test for ocsp response signed directly by CA * adding periods * applied verify comments * add periods * add verify macros for better clarification * SHA-256 unit tests for OCSP (#178) * added sha256 tests * add runbook and cert files used in ocsp_test.cc * changed wrong signer test comments * fix wrong fatal error definition in tests * rename folder and update readme * Importing OpenSSL OCSP tests (#181) * fix bugs in ocsp_verify ocsp tests from ossl found * added openssl tests and test files for ocsp * merged previous verify changes * apply comments * remove indent * Update build files in generated-src * fix test memory leak * add new line * apply PR comments * change ocsp untrusted stack value assign method * Update build files in generated-src * OCSP tests code refactor (#182) * optimized existing tests and added missing test files * remove hard coded tests * Update build files in generated-src * remove unnecessary gitignore directories * Update build files in generated-src * remove extra character * Fuzz tests for OCSP parser (#183) * update fuzzing runbook * add ocsp fuzzing test file * added new ocsp fuzzing corpus * add fuzzing target in cmake * readme updates * OCSP tests for specific status codes (#190) * update fuzzing runbook * add ocsp fuzzing test file * added new ocsp fuzzing corpus * add fuzzing target in cmake * add unknown cert tests and how to create * minor runbook text fixes * add response status tests * fixed up test comments * readme fix * Update build files in generated-src * improve wording in readme Co-authored-by: Bryce Shang <65570357+bryce-shang@users.noreply.github.com> Co-authored-by: torben-hansen <50673096+torben-hansen@users.noreply.github.com> Co-authored-by: dkostic <25055813+dkostic@users.noreply.github.com> Co-authored-by: Andrew Kaufman <57281817+andrew-kaufman@users.noreply.github.com>
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Mar 9, 2022
* Add property to skip bundled lib and improve docs. * Enables skipping the bundled lib by setting the system property `com.amazon.corretto.crypto.provider.useExternalLib`. (Addresses aws#140) * Documents all currently defined system properties. (Addresses aws#83) * Add coverage to more tests * Add documentation for "help" option * Reorder readme sections * Add Changelog message for externalLib
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Sep 18, 2024
Extra P-256 functions for AWS-LC integration, popcount, basic P-384 scalar mul s2n-bignum original commit: awslabs/s2n-bignum@08bf556
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Sep 18, 2024
Extra P-256 functions for AWS-LC integration, popcount, basic P-384 scalar mul s2n-bignum original commit: awslabs/s2n-bignum@08bf556 s2n-bignum original commit: awslabs/s2n-bignum@9f7b9f7
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Sep 18, 2024
Extra P-256 functions for AWS-LC integration, popcount, basic P-384 scalar mul s2n-bignum original commit: awslabs/s2n-bignum@08bf556
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Sep 19, 2024
Extra P-256 functions for AWS-LC integration, popcount, basic P-384 scalar mul s2n-bignum original commit: awslabs/s2n-bignum@08bf556
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues:
Addresses CryptoAlg-614
Description of changes:
More details of this PR are available in the merged PR. See commits.
Major changes:
This PR added RSASSA-PSS-params decode based on https://tools.ietf.org/html/rfc4055#section-3.1
It also imported and modified OpenSSL 1.1.1 -- 'Add PSS parameter restrictions' to fulfill RFC restrictions on PSS params -- e.g. all parameters in the signature structure algorithm identifier MUST match the parameters in the key structure algorithm identifier except the saltLength field.
From s2n perspective, pss params get initialized in
EVP_PKEY_sign_init, and then digest algorithm is checked against these params (if match) whenEVP_PKEY_CTX_set_signature_mdis called.Call-outs:
clang-format --style=file -i ./crypto/rsa_extra/rsassa_pss_asn1.cdoes not produce ideal style.Testing:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.