You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
List of problems to solve while refactoring the interface for signature verification
RSAPublicKey and RSAKeyPair both defineverify(signature_args..., md_type, salt_length), is it even legit?..
RSAKeyPair_OpenSSLimplementsverify(signature_args..., md_type, salt_length), BUT PublicKey_OpenSSLimplementsverify(signature_args..., md_type, hash_bytes&). Here's why JWT authentication uses the wrong verification impl (check comment).
salt_length is size_t, therefore it's not possible to pass options like RSA_PSS_SALTLEN_AUTO == -2 or other predefined constants. Not sure what's the best way to do it in the interface, it's TBD how different paddings and salt work as per documentation first, but this has to be fixed.
I'm confused about a real purpose of having verifying methods in (RSA)KeyPair interface, while we could have KeyPair as a child of PublicKey, so we won't copy verification interface, as well as public_key_der(), public_key_pem, etc.
Suspected #6405 to hide the verify(args..., md) overloads by adding salt_size, but ruled that out, because it turns out the PublicKey::verify(args, md)is not virtual (!).
Instead, it has an implementation, which computes a hash of the contents and them calls virtualverify(args, md, hash_out)
However, salt_size shall also be removed, as it doesn't fit the common interface. I'm thinking of some sort of separate params struct/variant to pass depending on the underlying key type, and leave signature and contents as the only interface.
List of problems to solve while refactoring the interface for signature verification
RSAPublicKey
andRSAKeyPair
both defineverify(signature_args..., md_type, salt_length)
, is it even legit?..RSAKeyPair_OpenSSL
implementsverify(signature_args..., md_type, salt_length)
, BUTPublicKey_OpenSSL
implementsverify(signature_args..., md_type, hash_bytes&)
. Here's why JWT authentication uses the wrong verification impl (check comment).salt_length
issize_t
, therefore it's not possible to pass options likeRSA_PSS_SALTLEN_AUTO == -2
or other predefined constants. Not sure what's the best way to do it in the interface, it's TBD how different paddings and salt work as per documentation first, but this has to be fixed.The text was updated successfully, but these errors were encountered: