minor fixes

sameehj · sameehj · commit ac16e6f00137 · 2026-02-10T06:20:17.000+02:00
Signed-off-by: Sameeh Jubran &lt;sameeh@wolfssl.com&gt;
diff --git a/tests/api/test_pkcs7.c b/tests/api/test_pkcs7.c
@@ -1014,6 +1014,14 @@ int test_wc_PKCS7_EncodeSignedData_RSA_PSS(void)
         if (outLen > 0) {
             int verifyRet = wc_PKCS7_VerifySignedData(pkcs7, output, (word32)outLen);
             ExpectIntEQ(verifyRet, 0);
+
+            /* Verify decoded RSASSA-PSS parameters match what we encoded:
+             *   hashAlgorithm  = SHA-256
+             *   maskGenAlgorithm = MGF1-SHA-256
+             *   saltLength     = 32 (== SHA-256 digest length) */
+            ExpectIntEQ(pkcs7->pssHashType, (int)WC_HASH_TYPE_SHA256);
+            ExpectIntEQ(pkcs7->pssMgf, WC_MGF1SHA256);
+            ExpectIntEQ(pkcs7->pssSaltLen, 32);
         }
     }
 
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
@@ -2105,7 +2105,11 @@ static int wc_PKCS7_RsaPssSign(wc_PKCS7* pkcs7, byte* digest, word32 digestSz,
             if (ret >= 0)
 #endif
             {
-                /* Use same saltLen as encoded in SignerInfo.signatureAlgorithm */
+                /* Salt length policy: use hash digest length (RFC 4055 typical).
+                 * RFC 3447 allows arbitrary salt lengths, but hash-length is the
+                 * most interoperable choice and matches OpenSSL's default.
+                 * Must agree with the saltLen encoded in
+                 * SignerInfo.signatureAlgorithm params above. */
                 int saltLen = wc_HashGetDigestSize(wc_OidGetHash(pkcs7->hashOID));
                 if (saltLen < 0) {
                     ret = saltLen;
@@ -3183,6 +3187,11 @@ static int PKCS7_EncodeSigned(wc_PKCS7* pkcs7,
         }
 #if defined(WC_RSA_PSS)
         if (digEncAlgoId == CTC_RSASSAPSS) {
+            /* Salt length policy: always encode as hash digest length.
+             * This is the common CMS/RFC 4055 profile and matches OpenSSL
+             * defaults.  The decoder (pssSaltLen) handles arbitrary values
+             * from external blobs.  A future pkcs7->pssSaltLen override for
+             * encode could be added here if custom salt lengths are needed. */
             int saltLen = wc_HashGetDigestSize(wc_OidGetHash(pkcs7->hashOID));
             if (saltLen < 0) {
                 idx = saltLen;

Original file line number	Diff line number	Diff line change
`@@ -1014,6 +1014,14 @@ int test_wc_PKCS7_EncodeSignedData_RSA_PSS(void)`
`1014`	`1014`	`if (outLen > 0) {`
`1015`	`1015`	`int verifyRet = wc_PKCS7_VerifySignedData(pkcs7, output, (word32)outLen);`
`1016`	`1016`	`ExpectIntEQ(verifyRet, 0);`
	`1017`	`+`
	`1018`	`+ /* Verify decoded RSASSA-PSS parameters match what we encoded:`
	`1019`	`+ * hashAlgorithm = SHA-256`
	`1020`	`+ * maskGenAlgorithm = MGF1-SHA-256`
	`1021`	`+ * saltLength = 32 (== SHA-256 digest length) */`
	`1022`	`+ ExpectIntEQ(pkcs7->pssHashType, (int)WC_HASH_TYPE_SHA256);`
	`1023`	`+ ExpectIntEQ(pkcs7->pssMgf, WC_MGF1SHA256);`
	`1024`	`+ ExpectIntEQ(pkcs7->pssSaltLen, 32);`
`1017`	`1025`	`}`
`1018`	`1026`	`}`
`1019`	`1027`