On Wed, 2019-05-29 at 01:46 +0300, Vitaly Chikunov wrote: > Mimi, > > On Tue, May 28, 2019 at 02:57:13PM -0400, Mimi Zohar wrote: > > On Sat, 2019-03-23 at 05:56 +0300, Vitaly Chikunov wrote: > > > Convert sign_v2 and related to using EVP_PKEY API instead of RSA API. > > > This enables more signatures to work out of the box. > > > > > > Remove RSA_ASN1_templates[] as it does not needed anymore. OpenSSL sign > > > is doing proper PKCS1 padding automatically (tested to be compatible > > > with previous version, except for MD4). This also fixes bug with MD4 > > > which produced wrong signature because of absence of the appropriate > > > RSA_ASN1_template. > > > > Is there any way of breaking this patch up to simplify review? > > Hm. The main change is to replace key type from RSA with more abstract > EVP_PKEY. All other changes are a consequence of it. Yes, I understand. > > And because keys are now EVP_PKEY the templates are removed too, now > that we are not dealing with keys on the too low level anymore. There's no reason that removing RSA_ASN1_templates[] needs to be in the same patch as the pkey change, nor does the MAX_SIGNATURE_SIZE changes in sign_evm(). > > I already tried to leave RSA handling as is for v1 signatures, because > they are RSA specific anyway. > > Also, I tried to leave most (external) API the same, except > calc_keyid_v2 which now gets EVP_PKEY instead of RSA. Internally, > find_keyid now returns EVP_PKEY too. > > read_pub_key now extracts RSA from EVP_PKEY from read_pub_pkey. Right. So why couldn't the first patch define read_pub_pkey(), but only call it from read_pub_key(). Then subsequent patches could call read_pub_pkey() directly. Mimi > > And calc_keyid_v2 now works internally slightly differently (and > generally) to handle all possible key types. > > Also, I run some tests with ASan. > Thanks,
