CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2024/03/17 01:10:00
Modified files: lib/libcrypto/rsa: rsa_ameth.c Log message: Annotate RSA-PSS SHA parameter encoding as wrong A historic blunderfest in the ASN.1 module for RSA-PSS led to very confusing text in various RFCs. davidben and my current reading of this is that parameters for SHA-* should be encoded as an ASN.1 NULL rather than omitted. The use of X509_ALGOR_set_evp_md() leads to them being omitted, and is therefore counter to the specification (but allowed. We should fix this. For now, leave a reminder. See https://boringssl-review.googlesource.com/c/boringssl/+/67088 for a lot more details. ok davidben