Re: R: [openssl.org #1951] [patch] verification of X.509 certificates that contain an RSASSA-PSS signature

Martin Kaiser Sun, 14 Feb 2010 08:37:58 -0800

Hi Francesco and all,

Thus wrote francesco.petru...@innovery.it (francesco.petru...@innovery.it):


> I have a doubt.
> Reading rfc 3447 I see this definition

> RSASSA-PSS-params ::= SEQUENCE {
>           hashAlgorithm      [0] HashAlgorithm    DEFAULT sha1,
>           maskGenAlgorithm   [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
>           saltLength         [2] INTEGER          DEFAULT 20,
>           trailerField       [3] TrailerField     DEFAULT trailerFieldBC
>       }

> And I think the params definition in the patch must be changed in

> ASN1_SEQUENCE(RSASSA_PSS_PARAMS) = {
>        ASN1_EXP_OPT(RSASSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
>        ASN1_EXP_OPT(RSASSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
>        ASN1_EXP_OPT(RSASSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
>        ASN1_EXP_OPT(RSASSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
> } ASN1_SEQUENCE_END(RSASSA_PSS_PARAMS)

> ASN1_EXP_OPT for ASN1_OPT

thanks for the correction. RFC3447 clearly says that the tags
are explicit. I'll update the patch accordingly.

Best regards,

   Martin
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Re: R: [openssl.org #1951] [patch] verification of X.509 certificates that contain an RSASSA-PSS signature

Reply via email to