From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 31 Mar 2023 07:29:12 +0000 (+0200)
Subject: Merge branch 'pkcs7-signatures'
X-Git-Tag: 5.9.11dr2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a47adb4f02c3edf394ae2aea5c449fe20a7d11e;p=thirdparty%2Fstrongswan.git

Merge branch 'pkcs7-signatures'

Adds support for CMS-style signatures in PKCS#7 containers, which allows
verifying RSA-PSS and ECDSA signatures.

Ed25519 signatures should be supported when verifying, however, they
currently can't be created.  Ed448 signatures are currently not supported.
That's because RFC 8419 has very strict requirements in regards to the
hash algorithms used for signed attributes.  With Ed25519 only SHA-512 is
allowed (pki currently has an issue with Ed25519 in combination with
SHA-512 due to its associated HASH_IDENTITY) and with Ed448 only SHAKE256
with 512-bit output, which has to be encoded in the algorithmIdentifier
parameters (something we currently don't support at all).

Closes strongswan/strongswan#1615
---

7a47adb4f02c3edf394ae2aea5c449fe20a7d11e