)]}' { "commit": "be4e218c9e4686b7fac2ea31eedc5c283dceb559", "tree": "0cc8c557521c7ee539b02704d7459aafbf689db1", "parents": [ "caf92ce446d392e15ee2c8ee671e2284b2aeaa84" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Jun 16 16:10:39 2025 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Aug 28 12:02:37 2025 -0700" }, "message": "Add SHA-256-only support for EVP_PKEY_RSA_PSS\n\nWhile, in principle, PSS is better than PKCS#1 v1.5, and\nalgorithm-specific keys are better than mixing them up, RSASSA-PSS was\nso badly mis-standardized in RFC 3447 and RFC 4055 that this is not\nworth it. Any marginal benefits one might get from PSS is completely\novershadowed by the mountain of unforced errors those two RFCs made.\nApplications are better off just using ECDSA.\n\nNonetheless, it is a thing we are now supporting. Add off-by-default\nsupport for EVP_PKEY_RSA_PSS, only using the SHA-256 parameter set. In\nOpenSSL\u0027s implementation, the underlying RSA object stores an\nRSA_PSS_PARAMS, though the RSA-level APIs don\u0027t enforce the parameters,\nonly the EVP-level APIs do. For now, since the SHA-256 parameters are\nthe only ones we support, I have not bothered adding extra state to the\nRSA object. If we need to add more parameters, we can store the\nrsa_pss_params_t enum on the RSA object. (Preferably after we\u0027ve split\nthe BCM and non-BCM halves of the RSA object.)\n\nThis support is off by default and must remain so. We have a bit of a\nmess API-wise: OpenSSL made EVP_PKEY_get0_RSA work with\nEVP_PKEY_RSA_PSS. This is plausible in that applications may want to\ninspect RSA components and that is, for now, the API to do so. However,\nexisting callers generally assume a non-NULL EVP_PKEY_get0_RSA return\nimplies EVP_PKEY_RSA. Changing this will break those callers.\n\nThus the opt-in not only limits a badly-designed key type, but also\nprevents existing callers from being exposed to this unexpected state.\n\nThese keys are not wired up to libssl and we have no plans to do so.\n\nBug: 384818542\nChange-Id: I4d99be86ce1d891a2e50335ef097913707ede55a\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/81656\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "31d0ca9b928b8391d3740f8a20e4b62161016e80", "old_mode": 33188, "old_path": "crypto/evp/evp_ctx.cc", "new_id": "53c8b8d18d7e9ba35fbe5af0a95219602ef86554", "new_mode": 33188, "new_path": "crypto/evp/evp_ctx.cc" }, { "type": "modify", "old_id": "25af7edb10f19c64badaf508cc2c18cc6c2cd5c5", "old_mode": 33188, "old_path": "crypto/evp/evp_test.cc", "new_id": "25beb0c0d7be1c467a55291e64326cb2a01808c7", "new_mode": 33188, "new_path": "crypto/evp/evp_test.cc" }, { "type": "modify", "old_id": "9ceb6f70562b18a1ccaee5f73192f3dfdf3105f4", "old_mode": 33188, "old_path": "crypto/evp/internal.h", "new_id": "847d08373287f3af3619f93228ff8c6d2962840a", "new_mode": 33188, "new_path": "crypto/evp/internal.h" }, { "type": "modify", "old_id": "36e057fa39860598050a6aed08fa0d260c11698d", "old_mode": 33188, "old_path": "crypto/evp/p_rsa.cc", "new_id": "9692307d15012da889cb4817c6aef9f2ac4945ce", "new_mode": 33188, "new_path": "crypto/evp/p_rsa.cc" }, { "type": "modify", "old_id": "6a64d399b34d05206d566ae943c07bcac628772a", "old_mode": 33188, "old_path": "crypto/evp/p_rsa_asn1.cc", "new_id": "531ea87b0e86240fa01717a0ea67f7a5ab5036bc", "new_mode": 33188, "new_path": "crypto/evp/p_rsa_asn1.cc" }, { "type": "modify", "old_id": "902db0fe3ca8abd9309126dcc121510a9e430d74", "old_mode": 33188, "old_path": "crypto/evp/test/rsa_tests.txt", "new_id": "451a69df36da8f3b52b5b49fa259fa2daf537f1c", "new_mode": 33188, "new_path": "crypto/evp/test/rsa_tests.txt" }, { "type": "modify", "old_id": "f1ba37b3a620e668e1f26e33927beee216671371", "old_mode": 33188, "old_path": "crypto/fipsmodule/rsa/rsa.cc.inc", "new_id": "4c7c6eeb432df8629d99096b63150e948cb07c14", "new_mode": 33188, "new_path": "crypto/fipsmodule/rsa/rsa.cc.inc" }, { "type": "modify", "old_id": "acd3b25bc74868d8f4266372185667623921acdd", "old_mode": 33188, "old_path": "crypto/pem/pem_all.cc", "new_id": "278f70343e795d42a5b7defa4a268183d62034b0", "new_mode": 33188, "new_path": "crypto/pem/pem_all.cc" }, { "type": "modify", "old_id": "1563720b252b5862699c38b93e90e12ae7854773", "old_mode": 33188, "old_path": "crypto/rsa/rsa_extra.cc", "new_id": "58015bd4b70b49e2cd85eb1b304aac77556e2f60", "new_mode": 33188, "new_path": "crypto/rsa/rsa_extra.cc" }, { "type": "modify", "old_id": "73ca73f5e698c620d67b51af4d887a0a655db1fc", "old_mode": 33188, "old_path": "include/openssl/evp.h", "new_id": "afc67e869fd03fcf83ecf2234252e9ee7273836d", "new_mode": 33188, "new_path": "include/openssl/evp.h" }, { "type": "modify", "old_id": "d948b193eb379688d82779d7517330fde351142f", "old_mode": 33188, "old_path": "include/openssl/rsa.h", "new_id": "71ce444246f27b5ece67456ca7bde88e9efdeaef", "new_mode": 33188, "new_path": "include/openssl/rsa.h" } ] }