CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2024/03/17 01:10:00
Modified files:
lib/libcrypto/rsa: rsa_ameth.c
Log message:
Annotate RSA-PSS SHA parameter encoding as wrong
A historic blunderfest in the ASN.1 module for RSA-PSS led to very
confusing text in various RFCs. davidben and my current reading of
this is that parameters for SHA-* should be encoded as an ASN.1 NULL
rather than omitted. The use of X509_ALGOR_set_evp_md() leads to them
being omitted, and is therefore counter to the specification (but
allowed. We should fix this. For now, leave a reminder.
See https://boringssl-review.googlesource.com/c/boringssl/+/67088
for a lot more details.
ok davidben
