diff options
| author | tb <> | 2022-06-29 07:54:54 +0000 |
|---|---|---|
| committer | tb <> | 2022-06-29 07:54:54 +0000 |
| commit | f0d9f479cf05d5da8447d4b12da004d34d2ee9ce (patch) | |
| tree | 451633de94a7ad3d79f72e7da6fb1d5ef3225e4e | |
| parent | 4971137ca5f4d3de0801bec3fdc944bc625b0211 (diff) | |
| download | openbsd-f0d9f479cf05d5da8447d4b12da004d34d2ee9ce.tar.gz openbsd-f0d9f479cf05d5da8447d4b12da004d34d2ee9ce.tar.bz2 openbsd-f0d9f479cf05d5da8447d4b12da004d34d2ee9ce.zip | |
Check the security bits of the sigalgs' pkey
ok beck jsing
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 8a1b5f5198..f969e4f551 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.43 2022/06/29 07:53:58 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.44 2022/06/29 07:54:54 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> |
| @@ -304,6 +304,12 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | |||
| 304 | return 0; | 304 | return 0; |
| 305 | } | 305 | } |
| 306 | 306 | ||
| 307 | #if defined(LIBRESSL_HAS_SECURITY_LEVEL) | ||
| 308 | if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK, | ||
| 309 | EVP_PKEY_security_bits(pkey), 0, NULL)) | ||
| 310 | return 0; | ||
| 311 | #endif | ||
| 312 | |||
| 307 | if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) | 313 | if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) |
| 308 | return 1; | 314 | return 1; |
| 309 | 315 | ||