Mimi, On Tue, May 28, 2019 at 02:57:13PM -0400, Mimi Zohar wrote: > On Sat, 2019-03-23 at 05:56 +0300, Vitaly Chikunov wrote: > > Convert sign_v2 and related to using EVP_PKEY API instead of RSA API. > > This enables more signatures to work out of the box. > > > > Remove RSA_ASN1_templates[] as it does not needed anymore. OpenSSL sign > > is doing proper PKCS1 padding automatically (tested to be compatible > > with previous version, except for MD4). This also fixes bug with MD4 > > which produced wrong signature because of absence of the appropriate > > RSA_ASN1_template. > > Is there any way of breaking this patch up to simplify review? Hm. The main change is to replace key type from RSA with more abstract EVP_PKEY. All other changes are a consequence of it. And because keys are now EVP_PKEY the templates are removed too, now that we are not dealing with keys on the too low level anymore. I already tried to leave RSA handling as is for v1 signatures, because they are RSA specific anyway. Also, I tried to leave most (external) API the same, except calc_keyid_v2 which now gets EVP_PKEY instead of RSA. Internally, find_keyid now returns EVP_PKEY too. read_pub_key now extracts RSA from EVP_PKEY from read_pub_pkey. And calc_keyid_v2 now works internally slightly differently (and generally) to handle all possible key types. Also, I run some tests with ASan. Thanks, > > Mimi
