pkcs7: add RSA-PSS support for SignedData

[sameehj]

Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData encoding and verification.

This change enables SignerInfo.signatureAlgorithm to use id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1, salt length), as required by RFC 4055 and CMS profiles.

Key changes:

• Add RSA-PSS encode and verify paths for PKCS7 SignedData
• Encode full RSASSA-PSS AlgorithmIdentifier parameters
• Decode RSA-PSS parameters from SignerInfo for verification
• Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
• Fix certificate signatureAlgorithm parameter length handling
• Add API test coverage for RSA-PSS SignedData

This resolves failures when using RSA-PSS signer certificates (e.g. -173 invalid signature algorithm) and maintains backward compatibility with RSA PKCS#1 v1.5 and ECDSA.

---

Testing

• API: New test test_wc_PKCS7_EncodeSignedData_RSA_PSS (guarded by HAVE_PKCS7, WC_RSA_PSS, RSA, filesystem, SHA-256). Uses certs/rsapss/client-rsapss.der and client-rsapss-priv.der; encodes SignedData and optionally round-trip verifies.
• CI: os-check.yml updated with build --enable-pkcs7 CPPFLAGS=-DWC_RSA_PSS.
• Manual: Encode/verify with RSA-PSS signer cert; existing RSA and ECDSA SignedData tests unchanged.

---

Checklist

• added tests
• updated/added doxygen (PKCS7_RSA_PSS page; cryptocb RSA-PSS notes; pkcs7.h EncodeSignedData \ref)
• updated appropriate READMEs (examples/configs/README.md; user_settings_pkcs7.h with WC_RSA_PSS)
• Updated manual and documentation (doxygen; main README/ChangeLog at merge time)

[sameehj]

retest this please

[sameehj]

retest this please

[sameehj]

retest this please

[Copilot]

Pull request overview

This PR adds CMS/PKCS#7 SignedData support for RSA-PSS (id-RSASSA-PSS) by encoding/decoding RSASSA-PSS-params and adding RSA-PSS sign/verify paths alongside existing RSA PKCS#1 v1.5 and ECDSA handling.

Changes:

• Add RSA-PSS signing and verification support in PKCS7 SignedData, including RSASSA-PSS parameter parsing/encoding.
• Fix/adjust ASN.1 helpers to support decoding RSA-PSS parameters in template/non-template builds and improve RSA public-key decode behavior.
• Add RSA-PSS API test coverage, documentation updates, and CI build coverage for WC_RSA_PSS.

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
wolfssl/wolfcrypt/pkcs7.h	Adds fields to store decoded RSA-PSS params for verification.
wolfssl/wolfcrypt/asn.h	Declares internal helpers to encode/decode RSASSA-PSS params.
wolfcrypt/src/pkcs7.c	Implements RSA-PSS sign/verify paths and parses/encodes RSASSA-PSS AlgorithmIdentifier parameters.
wolfcrypt/src/asn.c	Implements manual RSASSA-PSS params parsing and adds RSASSA-PSS AlgorithmIdentifier encoding helper; adjusts ASN helpers/length handling.
wolfcrypt/src/aes.c	Adds Clang diagnostic push/pop around the file.
tests/api/test_pkcs7.h	Registers the new RSA-PSS SignedData API test behind feature guards.
tests/api/test_pkcs7.c	Adds test_wc_PKCS7_EncodeSignedData_RSA_PSS with encode + round-trip verify.
examples/configs/user_settings_pkcs7.h	Enables WC_RSA_PSS in the PKCS#7 config template.
examples/configs/README.md	Documents enabling RSA-PSS SignedData via WC_RSA_PSS.
doc/dox_comments/header_files/pkcs7.h	Adds doxygen reference for RSA-PSS usage.
doc/dox_comments/header_files/doxygen_pages.h	Adds a new doxygen page PKCS7_RSA_PSS.
doc/dox_comments/header_files/cryptocb.h	Documents crypto-callback behavior for RSA-PSS operations.
.wolfssl_known_macro_extras	Minor macro list adjustment.
.github/workflows/os-check.yml	Adds CI build variant enabling PKCS7 + WC_RSA_PSS.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[dgarske]

Also needs conflict resolved with rebase. Thanks

[dgarske]

Can you use a macro or enum that already exists for the 128? Also if its really that big you should have a WOLFSSL_SMALL_STACK option. We do have some helper macros for that... see WC_ALLOC_VAR_EX

[sameehj]

Defined RSA_PSS_ALGOID_TMPBUF_SZ macro for the 128-byte buffer size. Added WOLFSSL_SMALL_STACK support using XMALLOC/XFREE for heap allocation of the temp buffer.

[dgarske]

Why -1 for the defaults on these?

[sameehj]

AI, dropped!

[dgarske]

Can't you just use DecodedCert dCert[1];?

[dgarske]

@SparkiDev please review these changes specifically. Thanks

[dgarske]

wc_PKCS7_New already calls wc_PKCS7_Init internally, so this zeroes the struct again, discarding testDevId and replacing it with INVALID_DEVID.

[sameehj]

Fixed. Removed the redundant wc_PKCS7_Init after wc_PKCS7_New; testDevId is now preserved.

[dgarske]

wc_RsaFunction is the raw RSA private key operation (no PSS padding applied). A developer reading this as example code for WC_PK_TYPE_RSA_PSS would implement a callback that performs a raw unpadded RSA operation, producing a cryptographically invalid signature. The example should use wc_RsaPSS_Sign_ex (or at minimum include a prominent comment that PSS padding must be applied before/after the raw operation).

[sameehj]

Fixed. Example now uses wc_RsaPSS_Sign_ex (with PSS padding) instead of raw wc_RsaFunction.

[SparkiDev]

Make it work then.
The code was there and it needs to be made to work.

[sameehj]

It didn't at some point, now it works

[dgarske]

@douzzer thoughts on this? I am not sure I like adding a pragma here. Since you are working in aes.c right now curious your thoughts.

[sameehj]

I tried to drop, this is usually triggered with -pedantic, let's see if the CI complains.

[dgarske]

Do we need to loose the original comments and formatting?