Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable() (9757a5ad) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Commit 9757a5ad authored Aug 22, 2019 by

David Woodhouse Committed by Tomas Mraz Sep 04, 2019

Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable()

In commit 6aca8d1a

 ("Honour mandatory digest on private key in
has_usable_cert()") I added two checks for the capabilities of the
EVP_PKEY being used. One of them was wrong, as it should only be
checking the signature of the X.509 cert (by its issuer) against the
sigalgs given in a TLS v1.3 signature_algorithms_cert extension.

Remove it.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9705)

parent 1bf29d49

Hide whitespace changes

Inline Side-by-side

Please register or to comment