'Re: [openssl.org #1951] [patch] verification of X.509 certificates that contain an RSASSA-PSS signat'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-dev
Subject:    Re: [openssl.org #1951] [patch] verification of X.509 certificates that contain an RSASSA-PSS signat
From:       "Martin Kaiser via RT" <rt () openssl ! org>
Date:       2009-08-25 20:57:36
Message-ID: rt-3.4.5-91703-1251233855-1304.1951-6-0 () openssl ! org
[Download RAW message or body]

Steve, all,

I recently found some more time to look into this. In order to make sure
that the next attempt is in line with the rest of the code, I need some
more discussion.

> > The decision table in obj_xref.txt seems to be the problem. This
> > doesn't work for PSS, you can't determine the digest without parsing
> > the PSS parameters.

> Yes, probably will need a special value for the digest type NID_undef
> for example which means "the public key algorithm method will work out
> the digest type".

> > We'll need a way to set these parameters in the EVP_PKEY_CTX or
> > RSA_PKEY_CTX respectively. I've (ab)used the md_ctrl function for this.
> > Could we just add a similar function pointer directly to the
> > EVP_PKEY_CTX structure?


> That's what I'm considering. We pass (say) a NULL for the digest type in
> EVP_DigestVerifyInit() and call a ctrl in the associated public key
> method to let it decide which digest and parameters to use. The
> functionality isn't in EVP_DigestVerifyInit() yet it just uses a
> "default" digest if NULL is passed in.

The ctrl would require a  X509_ALGOR * an input so that all PSS
parameters can be determined. This struct is available only in
ASN1_item_verify(). The ctrl however could be part of EVP_PKEY_METHOD
and will be called from EVP_DigestVerifyInit(). Any idea how to pass on
the struct? 

Alternatively, I thought of adding the "work out the paramters" function
to EVP_PKEY_ASN1_METHOD's ctrl. It fits there as it involves some ASN1
parsing. But the resulting PSS parameters have to be stored in
RSA_PKEY_CTX. According to your last mails, this is the best place to
put the params. But it's not accessible from EVP_PKEY_ASN1_METHOD.

A third approach would be to run EVP_DigestVerifyInit() with a NULL
EVP_MD parameter (just modify it to not use a default md). When the
functions returns, we use the resulting EVP_PKEY_CTX in ASN1_item_verify
and call its pctx->pmeth->ctrl directly from ASN1_item_verify(),
supplying the X509_ALGOR * parameter.

Any thoughts what would be the best appoach?

Best regards,

   Martin


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic