The branch master has been updated via 137096a7ead3738a0035b9e760b7c3f74b7555a3 (commit) via 3c441c2eb7688837ca2884f2be0c0abd1095abb5 (commit) via 79ebfc46817bc5da1082bcdc5bd50905c83fa712 (commit) from 31a51151fc163a7f5f4d07dff9478be50e4b5707 (commit)
- Log ----------------------------------------------------------------- commit 137096a7ead3738a0035b9e760b7c3f74b7555a3 Author: Dr. Stephen Henson <st...@openssl.org> Date: Tue Jan 17 17:51:24 2017 +0000 Defines and strings for special salt length values, add tests Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2236) commit 3c441c2eb7688837ca2884f2be0c0abd1095abb5 Author: Dr. Stephen Henson <st...@openssl.org> Date: Mon Jan 16 18:07:54 2017 +0000 additional PSS tests for -1 and invalid salt length Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2236) commit 79ebfc46817bc5da1082bcdc5bd50905c83fa712 Author: Dr. Stephen Henson <st...@openssl.org> Date: Mon Jan 16 16:52:52 2017 +0000 Add support for -1, -2 salt lengths for PSS only keys. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2236) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_ameth.c | 2 +- crypto/rsa/rsa_err.c | 1 + crypto/rsa/rsa_pmeth.c | 40 ++++++++++++++++++++----- crypto/rsa/rsa_pss.c | 23 +++++++------- doc/man1/pkeyutl.pod | 10 +++---- doc/man3/EVP_PKEY_CTX_ctrl.pod | 13 ++++---- doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod | 6 ++-- include/openssl/rsa.h | 9 ++++++ test/evptests.txt | 39 ++++++++++++++++++++++++ 9 files changed, 110 insertions(+), 33 deletions(-) diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index ae844ea..20a27be 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -540,7 +540,7 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) saltlen = EVP_MD_size(sigmd); else if (saltlen == -2) { saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; - if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) + if ((EVP_PKEY_bits(pk) & 0x7) == 1) saltlen--; } diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 45fd4ca..112e5a4 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -23,6 +23,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"}, {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"}, {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"}, + {ERR_FUNC(RSA_F_PKEY_PSS_INIT), "pkey_pss_init"}, {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"}, {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"}, {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"}, diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index d55fb21..d4b278b 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -58,7 +58,8 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx) rctx->pad_mode = RSA_PKCS1_PSS_PADDING; else rctx->pad_mode = RSA_PKCS1_PADDING; - rctx->saltlen = -2; + /* Maximum for sign, auto for verify */ + rctx->saltlen = RSA_PSS_SALTLEN_AUTO; rctx->min_saltlen = -1; ctx->data = rctx; ctx->keygen_info = rctx->gentmp; @@ -430,11 +431,20 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) { *(int *)p2 = rctx->saltlen; } else { - if (p1 < -2) + if (p1 < RSA_PSS_SALTLEN_MAX) return -2; - if (rsa_pss_restricted(rctx) && p1 < rctx->min_saltlen) { - RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_PSS_SALTLEN_TOO_SMALL); - return 0; + if (rsa_pss_restricted(rctx)) { + if (p1 == RSA_PSS_SALTLEN_AUTO + && ctx->operation == EVP_PKEY_OP_VERIFY) { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); + return -2; + } + if ((p1 == RSA_PSS_SALTLEN_DIGEST + && rctx->min_saltlen > EVP_MD_size(rctx->md)) + || (p1 >= 0 && p1 < rctx->min_saltlen)) { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_PSS_SALTLEN_TOO_SMALL); + return 0; + } } rctx->saltlen = p1; } @@ -589,7 +599,14 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, if (strcmp(type, "rsa_pss_saltlen") == 0) { int saltlen; - saltlen = atoi(value); + if (!strcmp(value, "digest")) + saltlen = RSA_PSS_SALTLEN_DIGEST; + else if (!strcmp(value, "max")) + saltlen = RSA_PSS_SALTLEN_MAX; + else if (!strcmp(value, "auto")) + saltlen = RSA_PSS_SALTLEN_AUTO; + else + saltlen = atoi(value); return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); } @@ -752,7 +769,7 @@ static int pkey_pss_init(EVP_PKEY_CTX *ctx) RSA_PKEY_CTX *rctx = ctx->data; const EVP_MD *md; const EVP_MD *mgf1md; - int min_saltlen; + int min_saltlen, max_saltlen; /* Should never happen */ if (!pkey_ctx_is_pss(ctx)) @@ -765,6 +782,15 @@ static int pkey_pss_init(EVP_PKEY_CTX *ctx) if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen)) return 0; + /* See if minumum salt length exceeds maximum possible */ + max_saltlen = RSA_size(rsa) - EVP_MD_size(md); + if ((RSA_bits(rsa) & 0x7) == 1) + max_saltlen--; + if (min_saltlen > max_saltlen) { + RSAerr(RSA_F_PKEY_PSS_INIT, RSA_R_INVALID_SALT_LENGTH); + return 0; + } + rctx->min_saltlen = min_saltlen; /* diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 0ec63b2..0a6178b 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -41,7 +41,6 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, EVP_MD_CTX *ctx = EVP_MD_CTX_new(); unsigned char H_[EVP_MAX_MD_SIZE]; - if (ctx == NULL) goto err; @@ -57,11 +56,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, * -2 salt length is autorecovered from signature * -N reserved */ - if (sLen == -1) + if (sLen == RSA_PSS_SALTLEN_DIGEST) sLen = hLen; - else if (sLen == -2) - sLen = -2; - else if (sLen < -2) { + else if (sLen < RSA_PSS_SALTLEN_MAX) { RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); goto err; } @@ -76,7 +73,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, EM++; emLen--; } - if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */ + if (sLen == RSA_PSS_SALTLEN_MAX) { + sLen = emLen - hLen - 2; + } else if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); goto err; } @@ -102,7 +101,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_RECOVERY_FAILED); goto err; } - if (sLen >= 0 && (maskedDBLen - i) != sLen) { + if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) { RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); goto err; } @@ -160,11 +159,11 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, * -2 salt length is maximized * -N reserved */ - if (sLen == -1) + if (sLen == RSA_PSS_SALTLEN_DIGEST) sLen = hLen; - else if (sLen == -2) - sLen = -2; - else if (sLen < -2) { + else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) + sLen = RSA_PSS_SALTLEN_MAX; + else if (sLen < RSA_PSS_SALTLEN_MAX) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); goto err; } @@ -175,7 +174,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, *EM++ = 0; emLen--; } - if (sLen == -2) { + if (sLen == RSA_PSS_SALTLEN_MAX) { sLen = emLen - hLen - 2; } else if (emLen < (hLen + sLen + 2)) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod index 6fc0325..310c5cc 100644 --- a/doc/man1/pkeyutl.pod +++ b/doc/man1/pkeyutl.pod @@ -215,11 +215,11 @@ specified. =item B<rsa_pss_saltlen:len> -For B<pss> mode only this option specifies the salt length. Two special values -are supported: -1 sets the salt length to the digest length. When signing -2 -sets the salt length to the maximum permissible value. When verifying -2 causes -the salt length to be automatically determined based on the B<PSS> block -structure. +For B<pss> mode only this option specifies the salt length. Three special +values are supported: "digest" sets the salt length to the digest length, +"max" sets the salt length to the maximum permissible value. When verifying +"auto" causes the salt length to be automatically determined based on the +B<PSS> block structure. =item B<rsa_mgf1_md:digest> diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index a30450b..0732a05 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -82,12 +82,13 @@ if this control is called. If it is not called then the first byte of the plaint buffer is expected to be the algorithm identifier byte. The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to -B<len> as its name implies it is only supported for PSS padding. Two special -values are supported: -1 sets the salt length to the digest length. When -signing -2 sets the salt length to the maximum permissible value. When -verifying -2 causes the salt length to be automatically determined based on the -B<PSS> block structure. If this macro is not called a salt length value of -2 -is used by default. +B<len> as its name implies it is only supported for PSS padding. Three special +values are supported: RSA_PSS_SALTLEN_DIGEST sets the salt length to the +digest length, RSA_PSS_SALTLEN_MAX sets the salt length to the maximum +permissible value. When verifying RSA_PSS_SALTLEN_AUTO causes the salt length +to be automatically determined based on the B<PSS> block structure. If this +macro is not called maximum salt length is used when signing and auto detection +when verifying is used by default. The EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() macro sets the RSA key length for RSA key generation to B<bits>. If not specified 1024 bits is used. diff --git a/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod b/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod index eb7dfd8..eb96414 100644 --- a/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod +++ b/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod @@ -42,9 +42,11 @@ returned if an attempt is made to set the padding mode to anything other than B<PSS>. It is otherwise similar to the B<RSA> version. The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length. -If the key has usage restrictionsthen an error is returned if an attempt is +If the key has usage restrictions then an error is returned if an attempt is made to set the salt length below the minimum value. It is otherwise similar -to the B<RSA> operation except special negative values are not supported. +to the B<RSA> operation except detection of the salt length (using +RSA_PSS_SALTLEN_AUTO is not supported for verification if the key has +usage restrictions. The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros are used to set the digest and MGF1 algorithms respectively. If the key has diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 95639cb..8ad4cda 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -94,6 +94,14 @@ extern "C" { # define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) +/* Salt length matches digest */ +# define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +# define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +# define RSA_PSS_SALTLEN_MAX -3 +/* Old compatible max salt length for sign only */ +# define RSA_PSS_SALTLEN_MAX_SIGN -2 # define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ @@ -476,6 +484,7 @@ int ERR_load_RSA_strings(void); # define RSA_F_ENCODE_PKCS1 146 # define RSA_F_INT_RSA_VERIFY 145 # define RSA_F_OLD_RSA_PRIV_DECODE 147 +# define RSA_F_PKEY_PSS_INIT 165 # define RSA_F_PKEY_RSA_CTRL 143 # define RSA_F_PKEY_RSA_CTRL_STR 144 # define RSA_F_PKEY_RSA_SIGN 142 diff --git a/test/evptests.txt b/test/evptests.txt index 095aced..91830bc 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -2931,6 +2931,13 @@ Ctrl = digest:sha256 Input="0123456789ABCDEF0123456789ABCDEF" Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A +# Verify using salt length auto detect +Verify = RSA-2048-PUBLIC +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:auto +Input="0123456789ABCDEF0123" +Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B + # Digest too short Verify = RSA-2048-PUBLIC Ctrl = rsa_padding_mode:pss @@ -3024,6 +3031,18 @@ yrPkBkm5hXeGnaDqcYNT8HInVIhpE2SHYNEivmduD8SD3SD/wxvalqMZZsmqLnWt A95H4cRPAgMBAAE= -----END PUBLIC KEY----- +# Key with minimum salt length exceeding maximum permitted value +PublicKey = RSA-PSS-BAD2 +-----BEGIN PUBLIC KEY----- +MIIBKDATBgkqhkiG9w0BAQowBqIEAgIBAAOCAQ8AMIIBCgKCAQEAzQCB6nsq4eoG +1Z98c9n/uUoJYVwuS6fGNs7wjdNTPsMYVSWwFcdpuZp31nJb+cNTKptuX2Yn1fuF +Fgdo092py9NZdFEXF9w9MJ0vxH7kH5fjKtt/ndhkocR2emZuzXG8Gqz151F/SzhZ +T+qbBeQtWtqZEgCAE+RTFqTZu47QhriNKHWLrK+SLUaoaLSF0jnJuusOK2RZJxD0 +Ky0eoKS0gCwL7Ksyj4posAc721Rv7qmAnShJkSs5DBUyvH4px2WPgXX65G80My/4 +e8qz5AZJuYV3hp2g6nGDU/ByJ1SIaRNkh2DRIr5nbg/Eg90g/8Mb2pajGWbJqi51 +rQPeR+HETwIDAQAB +-----END PUBLIC KEY----- + # Verify using default parameters Verify = RSA-PSS-DEFAULT Input="0123456789ABCDEF0123" @@ -3037,12 +3056,26 @@ Ctrl = digest:sha1 Input="0123456789ABCDEF0123" Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF +# Verify explicitly setting parameters "digest" salt length +Verify = RSA-PSS-DEFAULT +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:digest +Ctrl = digest:sha1 +Input="0123456789ABCDEF0123" +Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF + # Verify using salt length larger than minimum Verify = RSA-PSS-DEFAULT Ctrl = rsa_pss_saltlen:30 Input="0123456789ABCDEF0123" Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B +# Verify using maximum salt length +Verify = RSA-PSS-DEFAULT +Ctrl = rsa_pss_saltlen:max +Input="0123456789ABCDEF0123" +Output = 4470DCFE812DEE2E58E4301D4ED274AB348FE040B724B2CD1D8CD0914BFF375F0B86FCB32BFA8AEA9BD22BD7C4F1ADD4F3D215A5CFCC99055BAFECFC23800E9BECE19A08C66BEBC5802122D13A732E5958FC228DCC0B49B5B4B1154F032D8FA2F3564AA949C1310CC9266B0C47F86D449AC9D2E7678347E7266E2D7C888CCE1ADF44A109A293F8516AE2BD94CE220F26E137DB8E7A66BB9FCE052CDC1D0BE24D8CEBB20D10125F26B069F117044B9E1D16FDDAABCA5340AE1702F37D0E1C08A2E93801C0A41035C6C73DA02A0E32227EAFB0B85E79107B59650D0EE7DC32A6772CCCE90F06369B2880FE87ED76997BA61F5EA818091EE88F8B0D6F24D02A3FC6 + # Attempt to change salt length below minimum Verify = RSA-PSS-DEFAULT Ctrl = rsa_pss_saltlen:0 @@ -3070,6 +3103,12 @@ Result = KEYOP_INIT_ERROR Function = rsa_pss_get_param Reason = invalid salt length +# Invalid key: rejected when we try to init +Verify = RSA-PSS-BAD2 +Result = KEYOP_INIT_ERROR +Function = pkey_pss_init +Reason = invalid salt length + # scrypt tests from draft-josefsson-scrypt-kdf-03 PBE = scrypt Password = "" _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits