Files
wolfssl/doc
Sameeh Jubran deb668ca4b pkcs7: add RSA-PSS support for SignedData
Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData
encoding and verification.

This change enables SignerInfo.signatureAlgorithm to use
id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1,
salt length), as required by RFC 4055 and CMS profiles.

Key changes:
- Add RSA-PSS encode and verify paths for PKCS7 SignedData
- Encode full RSASSA-PSS AlgorithmIdentifier parameters
- Decode RSA-PSS parameters from SignerInfo for verification
- Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
- Fix certificate signatureAlgorithm parameter length handling
- Add API test coverage for RSA-PSS SignedData

This resolves failures when using RSA-PSS signer certificates
(e.g. -173 invalid signature algorithm) and maintains backward
compatibility with RSA PKCS#1 v1.5 and ECDSA.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-25 11:02:47 +02:00
..
2023-07-04 07:21:27 +02:00
2022-08-08 13:24:00 +02:00
2022-01-31 15:29:25 -05:00

The wolfSSL manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-Manual.pdf

The wolfSSL API guide is available at:
https://www.wolfssl.com/doxygen/wolfssl_API.html

The wolfCrypt API guide is available at:
https://www.wolfssl.com/doxygen/wolfcrypt_API.html