Work around even more Estonian ID card misissuances.
Not content with signing negative RSA moduli, still other Estonian IDs have too
many leading zeros. Work around those too.
This workaround will be removed in six months.
BUG=534766
Change-Id: Ica23b1b1499f9dbe39e94cf7b540900860e8e135
Reviewed-on: https://boringssl-review.googlesource.com/5980
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index d85ec86..8de8cc4 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -304,9 +304,8 @@
* result to |ret|. It returns one on success and zero on failure. */
OPENSSL_EXPORT int BN_cbs2unsigned(CBS *cbs, BIGNUM *ret);
-/* BN_cbs2unsigned_buggy acts like |BN_cbs2unsigned| but tolerates negative
- * INTEGERs. This is to work around buggy encoders which drop the 00 padding
- * byte. Do not use this function. */
+/* BN_cbs2unsigned_buggy acts like |BN_cbs2unsigned| but tolerates some invalid
+ * encodings. Do not use this function. */
OPENSSL_EXPORT int BN_cbs2unsigned_buggy(CBS *cbs, BIGNUM *ret);
/* BN_bn2cbb marshals |bn| as a non-negative DER INTEGER and appends the result
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 8e361da..2be50dc 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -339,7 +339,7 @@
OPENSSL_EXPORT RSA *RSA_parse_public_key(CBS *cbs);
/* RSA_parse_public_key_buggy behaves like |RSA_parse_public_key|, but it
- * tolerates negative moduli. Do not use this function. */
+ * tolerates some invalid encodings. Do not use this function. */
OPENSSL_EXPORT RSA *RSA_parse_public_key_buggy(CBS *cbs);
/* RSA_public_key_from_bytes parses |in| as a DER-encoded RSAPublicKey structure
