git.ipfire.org Git - thirdparty/openssl.git/commit

author	Stefan Berger <stefanb@linux.ibm.com>
	Tue, 14 Oct 2025 22:52:45 +0000 (17:52 -0500)
committer	Tomas Mraz <tomas@openssl.org>
	Tue, 18 Nov 2025 17:03:24 +0000 (18:03 +0100)
commit	e24de9f31736fbf60a8a2a9364f91ab0bf9f100b
tree	f47f2132009e9e3f2e0767213740441d59eadafb	tree
parent	3005b9bc8691c570f3f51c25219b7ba79a064d83	commit \| diff

cms: Get a default hash for hash-less signing schemes

Get a default hash for hash-less signing schemes such as ML-DSA, SLH-DSA,
and EdDSA in the case when signed attributes are present as well as for the
no signed attributes case. For the latter case, EdDSA is the only signing
scheme that has a required hash (sha512 for ED25519 and shake256 for
ED448), all other ones have a suggested hash. Only use the suggested hash
if the hash provided by the caller of CMS_add1_signer passed a NULL pointer
for md. Use the required hash in any case, overriding any choice of the
caller.

Fixes: #13523
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28923)

crypto/cms/cms_sd.c		diff \| blob \| blame \| history
doc/man3/CMS_add1_signer.pod		diff \| blob \| blame \| history