(v7.x backport) crypto: add sign/verify support for RSASSA-PSS

[tniessen]

Original commit message:

Adds support for the PSS padding scheme. Until now, the sign/verify
functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it
impossible to change the padding scheme. Fixed by first computing the
message digest and then signing/verifying with a custom EVP_PKEY_CTX,
allowing us to specify options such as the padding scheme and the PSS
salt length.

Fixes: #1127
PR-URL: #11705
Reviewed-By: Shigeki Ohtsu [email protected]
Reviewed-By: Sam Roberts [email protected]
Reviewed-By: Ben Noordhuis [email protected]
Reviewed-By: Anna Henningsen [email protected]

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• documentation is changed or added
• commit message follows commit guidelines

Affected core subsystem(s)

crypto

[tniessen]

CI: https://ci.nodejs.org/job/node-test-pull-request/8461/

[addaleax]

Thanks for the work but I am not actually sure this is going to happen, due to a) nodejs/Release#220 and b) the fact that if we do another 7.x release, it’s going to be a maintenance one, so it won’t contain semver-minors.

/cc @nodejs/release

[tniessen]

@addaleax Mhh okay, that's up to you I guess. Just did it because #11705 is still labeled as "backport-requested-7.x".

[sam-github]

That's confusing, sorry about that. I'll try to clean up the backport-requested-7.x labels Monday. The PRs labelled like that either need backporting to 8.x now, or more likely, already landed on 8.x.

/cc @nodejs/lts

[tniessen]

#11705 already landed on v8.0.0, so I will close this assuming no backport to v7.x was intended.