Diffusion GnuPG ddc74f50d423

sm,dirmngr: Restrict allowed parameters used with rsaPSS.

Authored by werner on Apr 15 2020, 11:05 AM.

Description

sm,dirmngr: Restrict allowed parameters used with rsaPSS.

* sm/certcheck.c (extract_pss_params): Check the used PSS params.
* dirmngr/crlcache.c (finish_sig_check): Ditto.
* dirmngr/validate.c (check_cert_sig): Ditto.

------------------------ >8 ------------------------

See
https://www.metzdowd.com/pipermail/cryptography/2019-November/035449.html

  • GnuPG-bug-id: T4538
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Committed
wernerApr 15 2020, 3:45 PM
Parents
rG24d563749f50: sm: Support rsaPSS verification also for CMS signatures.
Branches
Unknown
Tags
Unknown
Tasks
T4538: Support PSS signed CRLs