diff options
| author | Tobias Nießen <tniessen@tnie.de> | 2017-03-06 00:41:26 +0100 |
|---|---|---|
| committer | Anna Henningsen <anna@addaleax.net> | 2017-04-01 13:27:52 +0200 |
| commit | 0e710aada401b1cf89b284d8469d112ddf277fe0 (patch) | |
| tree | 446fc73f722084de1ea667273f5a2c1d8612be1f /src/node_constants.h | |
| parent | c68da89694b1ff4682131ed6b825e596188cc4ed (diff) | |
| download | node-new-0e710aada401b1cf89b284d8469d112ddf277fe0.tar.gz | |
crypto: add sign/verify support for RSASSA-PSS
Adds support for the PSS padding scheme. Until now, the sign/verify
functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it
impossible to change the padding scheme. Fixed by first computing the
message digest and then signing/verifying with a custom EVP_PKEY_CTX,
allowing us to specify options such as the padding scheme and the PSS
salt length.
Fixes: https://github.com/nodejs/node/issues/1127
PR-URL: https://github.com/nodejs/node/pull/11705
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'src/node_constants.h')
| -rw-r--r-- | src/node_constants.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/node_constants.h b/src/node_constants.h index 047d8fc5e7..1de420e2de 100644 --- a/src/node_constants.h +++ b/src/node_constants.h @@ -28,6 +28,19 @@ #include "v8.h" #if HAVE_OPENSSL + +#ifndef RSA_PSS_SALTLEN_DIGEST +#define RSA_PSS_SALTLEN_DIGEST -1 +#endif + +#ifndef RSA_PSS_SALTLEN_MAX_SIGN +#define RSA_PSS_SALTLEN_MAX_SIGN -2 +#endif + +#ifndef RSA_PSS_SALTLEN_AUTO +#define RSA_PSS_SALTLEN_AUTO -2 +#endif + #define DEFAULT_CIPHER_LIST_CORE "ECDHE-RSA-AES128-GCM-SHA256:" \ "ECDHE-ECDSA-AES128-GCM-SHA256:" \ "ECDHE-RSA-AES256-GCM-SHA384:" \ |