open-vault

Commit Graph

Author	SHA1	Message	Date
Alexander Scheel	12d875c188	Fix handling of SignatureBits for ECDSA issuers (#14943 ) When adding SignatureBits control logic, we incorrectly allowed specification of SignatureBits in the case of an ECDSA issuer. As noted in the original request, NIST and Mozilla (and others) are fairly prescriptive in the choice of signatures (matching the size of the NIST P-curve), and we shouldn't usually use a smaller (or worse, larger and truncate!) hash. Ignore the configuration of signature bits and always use autodetection for ECDSA like ed25519. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>	2022-04-07 11:52:59 -04:00

Author

SHA1

Message

Date

Alexander Scheel

12d875c188

Fix handling of SignatureBits for ECDSA issuers (#14943 )

When adding SignatureBits control logic, we incorrectly allowed
specification of SignatureBits in the case of an ECDSA issuer. As noted
in the original request, NIST and Mozilla (and others) are fairly
prescriptive in the choice of signatures (matching the size of the
NIST P-curve), and we shouldn't usually use a smaller (or worse, larger
and truncate!) hash.

Ignore the configuration of signature bits and always use autodetection
for ECDSA like ed25519.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

2022-04-07 11:52:59 -04:00

1 Commits