Files
wolfssl/.github/workflows
Sameeh Jubran deb668ca4b pkcs7: add RSA-PSS support for SignedData
Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData
encoding and verification.

This change enables SignerInfo.signatureAlgorithm to use
id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1,
salt length), as required by RFC 4055 and CMS profiles.

Key changes:
- Add RSA-PSS encode and verify paths for PKCS7 SignedData
- Encode full RSASSA-PSS AlgorithmIdentifier parameters
- Decode RSA-PSS parameters from SignerInfo for verification
- Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
- Fix certificate signatureAlgorithm parameter length handling
- Add API test coverage for RSA-PSS SignedData

This resolves failures when using RSA-PSS signer certificates
(e.g. -173 invalid signature algorithm) and maintains backward
compatibility with RSA PKCS#1 v1.5 and ECDSA.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-25 11:02:47 +02:00
..
2024-05-08 10:35:42 +02:00
2026-02-09 13:44:35 +01:00
2026-02-02 10:26:58 +01:00
2025-01-31 18:28:31 +01:00
2024-12-09 13:38:07 +01:00
2024-12-09 12:42:32 +01:00
2026-02-20 19:06:55 +01:00
2026-02-19 19:18:34 +01:00
2026-01-23 09:27:16 +01:00
2026-02-20 16:11:11 +01:00
2025-12-17 11:01:11 -06:00
2026-02-18 18:01:33 +00:00
2025-12-09 07:00:50 -07:00