CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2025/01/17 01:50:07
Modified files:
lib/libcrypto/rsa: rsa_pmeth.c
Log message:
Fix two incorrect strtonum() conversions
The atoi() would also accept the magic negative values and old openssl
releases would expose these as arguments to -pkeyopt rsa_pss_saltlen:-1
in the openssl pkeyutl "app". While modern openssl switched to having
readable alternatives to these, the oseid component of opensc would use
the old syntax until yesterday.
Still, this is our bug and we need to keep accepting the magic values as
such, so do so. Everything below -3 will be rejected by the RSA_ctrl()
handler later.
Debugged by Doug Engert in https://github.com/OpenSC/OpenSC/issues/3317
ok jsing op
