> [li...@kaiser.cx - Sun Feb 07 20:31:00 2010]: > > > Dear OpenSSL team and all, > > finally, here's my patch (against today's 1.1 snapshot) for verification > of X.509 certificates using an RSASSA-PSS signature. I believe it is > fairly complete in terms of checking parameters. > > The patch follows the idea that I outlined in previous posts > > - two new ASN.1 objects for pss, mgf1 > - in obj_xref.txt, pss uses digest undef > -> verify routine has to determine the digest by itself > - ASN1_item_verify() uses EVP_DigestVerify... API > - rsa_st gets two new elements > - param_decode method for rsa parses rsa key's parameters in the > certificate > - at verification time, pss parameters are copied into EVP_PKEY_CTX > > This time, I really do hope to get some feedback. Reviewing this won't > be wasted time, I'm happy to improve the code until it is ready for > merging. > > As such pss certificates are now being deployed by the millions for > digital pay-tv in Europe (www.ci-plus.com), I feel that OpenSSL should > support them. >
As has been indicated the PSS ASN1 module is incorrect. Does that actually verify PSS signatures correctly with non-default algorithms? I'd expect ASN1 parsing errors. A quick look through (I'm not short of things to do at the moment alas...) suggests ctrl return codes aren't checked properly in a number of places. I also find the lack of any use of the PSS OID as rather strange. The specifications I've seen should require it is at least checked. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
