[+antoine] Hanno Böck <ha...@hboeck.de> wrote: > Unfortunately the code never got fully merged. Right now the state is > that code for the basic functions exists in freebl, but all upper layer > code is not merged.
There are multiple "upper layers" and, depending on your goals, some should be prioritized higher than others. > I think if I remember correctly the code currently > in freebl will also not work in some corner cases (keys mod 8 != 0). IIUC, this is not urgent to support and may not be worth supporting at all. IIRC, there are lots of places in NSS and mozilla::pkix that explicitly reject keys and signatures that are not multiples of 8 bits. > The bugtracker entry is here: > https://bugzilla.mozilla.org/show_bug.cgi?id=158750 That bug is too big and messy to make sense of at this point. Also, some of the patches that haven't been checked in yet should be split up. I suggest that you proceed as follows: 1. Split 000a-pss-verification-v15.diff into two patches: One part that adds the pk11wrap functionality, and a separate part that adds the cryptohi functionality. Put each new patch in its own new NSS bug. 2. Move 0009-add-pk11-mgfmap-v3.diff, 000b-pss-sign-v15.diff, and 000c-tests-v2.diff to a new bug. 3. Move 0012-fix-pss-verification-for-uncommon-keysizes-v5.diff to a new bug, which will have low priority. 4. Close the existing bug as RESOLVED FIXED. Even with all the above patches landed, Firefox and other Gecko-based applications will not accept PSS signatures for certificates. Of the above patches, only the patch to add PK11_VerifyWithSigAlg is relevant to Gecko. New patches for mozilla::pkix and for its test suite, which basically duplicate all the work in the rest of the patches mentioned above, would be needed. But... > I want to make a proposal to get PSS support into TLS > 1.3 and it would certainly help if I could say that all major TLS > libraries support it already. First somebody needs to create a reasonable specification detailing exactly which subset of the PSS specification should be supported for TLS. The current PSS specification allows *way* too much flexibility and also has terrible defaults. I believe Antoine and his team have a good idea of what a reasonable subset of PSS would look like. I recommend working with him to develop such a spec. Without such a spec, I wouldn't support adding PSS support to mozilla::pkix. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
