Instead of every padding verification implementation and every padding
encoding implementation doing the digesting, have `sign()` and
`verify()` to it themselves.
When we first implemented PKCS#1 1.5 signature verification we had not
implemented signature generation, so we implemented verification by
parsing the padding. Now that we have generation we can save some code
and arguably make verification safer. Also, this is the way RFC 3447
recommends to do it.
Oxidize/restore special-case handling for `0b100...` range bounds,
lost when OpenSSL code was oxidized, and move RSA blinding param
generation out of limb.rs and into its own module.
I agree to license my contributions to each file under the terms
given at the top of each file I changed.
[The code was reordered and slightly tweaked by me before it was
commited. - Brian]
Expose `RSAEncoding` in the public API so that users of *ring* can use
it in type signatures. Add an "RSA" prefix to the exported types, since
they will be exported from `ring::signature`. Modify RSA tests to use
only the public API so as to ensure that enough of the API is public.
Besides improving type safety generally, this fixes a bug in RSA PSS
signing where the wrong value of `mod_bits` was being passed to
`Encoding::encode()`.
- Refactor Encoding trait to be randomised.
- Add RSA-PSS signing test cases.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Output the extra leading zero byte when necessary.
Rename parameters in the `Encoding` interface to match the
specification and update the implementations to use the updated
variable names.
- Add tests for RSA-PSS verification from NIST test cases.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
At the time the code was written, I didn't know `mut self` was an
option.
With the new move semanticsfor `into_raw()`, more of the complexity of
the pointer handling can be removed as there's no potential for any
null dereference.
This lint had to be disabled due to differing views of how `unsafe` is
to be used for `extern "C"` variables between Rust 1.13 and earlier
versions. Now Rust 1.13 is the oldest supported version so all
supported versions agree.
There are no semantic changes, just minor formatting changes. The "NIST
test vectors are bad and we should feel bad"-type comments seem to apply
to all the NIST test vectors for all algorithms so it's not useful to
have that note (just) in this file.
