diff options
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 23 |
1 files changed, 3 insertions, 20 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 4f597fa313..78ec8a4e81 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.144 2024/08/04 08:15:36 tb Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.145 2024/08/28 07:37:50 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2541,28 +2541,11 @@ check_key_level(X509_STORE_CTX *ctx, X509 *cert) | |||
| 2541 | static int | 2541 | static int |
| 2542 | check_sig_level(X509_STORE_CTX *ctx, X509 *cert) | 2542 | check_sig_level(X509_STORE_CTX *ctx, X509 *cert) |
| 2543 | { | 2543 | { |
| 2544 | const EVP_MD *md; | 2544 | int bits; |
| 2545 | int bits, nid, md_nid; | ||
| 2546 | |||
| 2547 | if ((nid = X509_get_signature_nid(cert)) == NID_undef) | ||
| 2548 | return 0; | ||
| 2549 | |||
| 2550 | /* | ||
| 2551 | * Look up signature algorithm digest. | ||
| 2552 | */ | ||
| 2553 | |||
| 2554 | if (!OBJ_find_sigid_algs(nid, &md_nid, NULL)) | ||
| 2555 | return 0; | ||
| 2556 | |||
| 2557 | if (md_nid == NID_undef) | ||
| 2558 | return 0; | ||
| 2559 | 2545 | ||
| 2560 | if ((md = EVP_get_digestbynid(md_nid)) == NULL) | 2546 | if (!X509_get_signature_info(cert, NULL, NULL, &bits, NULL)) |
| 2561 | return 0; | 2547 | return 0; |
| 2562 | 2548 | ||
| 2563 | /* Assume 4 bits of collision resistance for each hash octet. */ | ||
| 2564 | bits = EVP_MD_size(md) * 4; | ||
| 2565 | |||
| 2566 | return enough_bits_for_security_level(bits, ctx->param->security_level); | 2549 | return enough_bits_for_security_level(bits, ctx->param->security_level); |
| 2567 | } | 2550 | } |
| 2568 | 2551 | ||