Steve, all, I recently found some more time to look into this. In order to make sure that the next attempt is in line with the rest of the code, I need some more discussion.
> > The decision table in obj_xref.txt seems to be the problem. This > > doesn't work for PSS, you can't determine the digest without parsing > > the PSS parameters. > Yes, probably will need a special value for the digest type NID_undef > for example which means "the public key algorithm method will work out > the digest type". > > We'll need a way to set these parameters in the EVP_PKEY_CTX or > > RSA_PKEY_CTX respectively. I've (ab)used the md_ctrl function for this. > > Could we just add a similar function pointer directly to the > > EVP_PKEY_CTX structure? > That's what I'm considering. We pass (say) a NULL for the digest type in > EVP_DigestVerifyInit() and call a ctrl in the associated public key > method to let it decide which digest and parameters to use. The > functionality isn't in EVP_DigestVerifyInit() yet it just uses a > "default" digest if NULL is passed in. The ctrl would require a X509_ALGOR * an input so that all PSS parameters can be determined. This struct is available only in ASN1_item_verify(). The ctrl however could be part of EVP_PKEY_METHOD and will be called from EVP_DigestVerifyInit(). Any idea how to pass on the struct? Alternatively, I thought of adding the "work out the paramters" function to EVP_PKEY_ASN1_METHOD's ctrl. It fits there as it involves some ASN1 parsing. But the resulting PSS parameters have to be stored in RSA_PKEY_CTX. According to your last mails, this is the best place to put the params. But it's not accessible from EVP_PKEY_ASN1_METHOD. A third approach would be to run EVP_DigestVerifyInit() with a NULL EVP_MD parameter (just modify it to not use a default md). When the functions returns, we use the resulting EVP_PKEY_CTX in ASN1_item_verify and call its pctx->pmeth->ctrl directly from ASN1_item_verify(), supplying the X509_ALGOR * parameter. Any thoughts what would be the best appoach? Best regards, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
