cms: Make sha512 the required hash for CMS with signedAttributes

RFC 8419 requires that, when using an Ed25519 key for CMS signed-data with
signed attributes, SHA512 must be used. Modify the entry in the key2data
table to reflect this giving the user not other choice for a hash.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Mar 17 16:20:24 2026
(Merged from https://github.com/openssl/openssl/pull/30312)

(cherry picked from commit 919fd9db2514e97f02b31acc910858281e830a26)

diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index afca47a703dfda44bb9c0f27311fa66d9834e55c..d95d7d7680fc0b583fc4499dc0187eabeeed1577 100644 (file)
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -372,7 +372,7 @@ static const struct {
     {
         "ED25519",
         NID_sha512,
-        0,
+        1,
         NID_sha512,
         1,
     }, /* RFC 8419 */