Steve, all, > The new pkey API was designed to avoid tieing digests to signature > algorithms (e.g. sha1 can now be used to handle RSA and DSA signatures).
i.e. you're going to remove the pkey_type field in the EVP_MD structure? > Having looked through the API and standards it seems this can't be > avoided without some extensions to the EVP_PKEY API. Some unsorted thoughts: RSA_PKEY_CTX already contains the required fields to store some of the PSS parameters. The mask generation function and its parameters are missing. The low-level routines have MGF1 hard-coded, the digest for MGF1 must be the same as for the entire PSS. This is not a big limitation. An RSA key in an X.509 certificate looks exactly the same, no matter if the signature is PKCSv1.5 or PSS. The decision table in obj_xref.txt seems to be the problem. This doesn't work for PSS, you can't determine the digest without parsing the PSS parameters. We'll need a way to set these parameters in the EVP_PKEY_CTX or RSA_PKEY_CTX respectively. I've (ab)used the md_ctrl function for this. Could we just add a similar function pointer directly to the EVP_PKEY_CTX structure? > Do you have some examples of certificates signed with PSS? They would be > useful for testing purposes. I've uploaded sample certificates to http://www.kaiser.cx/x509Pss.html Best regards, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
