git.openssl.org Git - openssl.git/commit

author	Tomas Mraz <tomas@openssl.org>
	Fri, 29 Jan 2021 16:02:32 +0000 (17:02 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Fri, 5 Feb 2021 13:04:59 +0000 (14:04 +0100)
commit	bbde8566191e5851f4418cbb8acb0d50b16170d8
tree	0f8ff9ecdc3f3c3f57a865c8b659da89e4a14d51	tree \| snapshot
parent	26372a4d44f0b4ef5423228b8bf975a5a7c814cb	commit \| diff

RSA: properly generate algorithm identifier for RSA-PSS signatures

Fixes #13969

- properly handle the mandatory RSA-PSS key parameters
- improve parameter checking when setting the parameters
- compute the algorithm id at the time it is requested so it
  reflects the actual parameters set
- when generating keys do not override previously set parameters
  with defaults
- tests added to the test_req recipe that should cover the PSS signature
  handling

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)

crypto/rsa/rsa_ameth.c		diff \| blob \| history
crypto/rsa/rsa_backend.c		diff \| blob \| history
crypto/rsa/rsa_pss.c		diff \| blob \| history
include/crypto/rsa.h		diff \| blob \| history
providers/common/der/der_rsa.h.in		diff \| blob \| history
providers/common/der/der_rsa_key.c		diff \| blob \| history
providers/common/der/der_rsa_sig.c		diff \| blob \| history
providers/implementations/keymgmt/rsa_kmgmt.c		diff \| blob \| history
providers/implementations/signature/rsa.c		diff \| blob \| history
test/recipes/25-test_req.t		diff \| blob \| history
test/testrsapssmandatory.pem	[new file with mode: 0644]	blob