Make use of X509_get_signature_info() in check_sig_level() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2024-08-28 07:37:50 +0000
committer	tb <>	2024-08-28 07:37:50 +0000
commit	934e71019ec6b78fb762d809561ebb10c9b1a0b9 (patch)
tree	0a43a4be1239e3ca56a11424cf01010dbc5fd304 /src/lib/libc/stdlib/atof.c
parent	b8678313afab1451bf32d55327a8daa6695a06af (diff)
download	openbsd-934e71019ec6b78fb762d809561ebb10c9b1a0b9.tar.gz openbsd-934e71019ec6b78fb762d809561ebb10c9b1a0b9.tar.bz2 openbsd-934e71019ec6b78fb762d809561ebb10c9b1a0b9.zip

Make use of X509_get_signature_info() in check_sig_level()

If an auth_level (i.e., security_level, but not quite, because Viktor) was set on the X509_VERIFY_PARAM in the X509_STORE_CTX, the verifier would reject RSA-PSS or EdDSA certificates for insufficient security bits due to incorrect use of OBJ_find_sigid_algs() (this was also a bug in the initial security level implementation in OpenSSL 1.1). Using X509_get_signature_info() fixes this while preserving behavior for all other algorithms. Reported by Steffen Ullrich as one of multiple issues with RSA-PSS. ok jsing

Diffstat (limited to 'src/lib/libc/stdlib/atof.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: