Dear all, when you use e.g. the sample X.509 certs from my website
http://www.kaiser.cx/downloads/x509PssEmptyParams.zip and run openssl x509 -in pssRootCert.pem -noout -text the salt len has a duplicate 0x. Signature Algorithm: rsassaPss ... Salt Length: 0x0x14 (default) Trailer Field: 0xBC (default) The attached trivial patch fixes this. Best regards, Martin
>From e5dc15b9751bf561f6aebd371c31f6da3c345cda Mon Sep 17 00:00:00 2001 From: Martin Kaiser <[email protected]> Date: Wed, 28 May 2014 11:16:06 +0200 Subject: [PATCH] remove duplicate 0x for default RSASSA-PSS salt len --- crypto/rsa/rsa_ameth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 04d9f62..c6e083f 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -375,7 +375,7 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) goto err; } - else if (BIO_puts(bp, "0x14 (default)") <= 0) + else if (BIO_puts(bp, "14 (default)") <= 0) goto err; BIO_puts(bp, "\n"); -- 1.7.10.4
