Add check function to verify that pkey is usable with a sigalg.

Include check for appropriate RSA key size when used with PSS. ok tb@
author: beck <> 2018-11-11 21:54:47 +0000
committer: beck <> 2018-11-11 21:54:47 +0000
commit: c211b60ba408365c17d7fbd5fe3855d2a30de266 (patch)
tree: 0cdd1c2782b8d6a68cb8c13faf997369c97af830 /src/lib/libssl/ssl_clnt.c
parent: 8a99f7096d5d13dfe9e814a08cb0a206eb8d0bbc (diff)
download: openbsd-c211b60ba408365c17d7fbd5fe3855d2a30de266.tar.gz
openbsd-c211b60ba408365c17d7fbd5fe3855d2a30de266.tar.bz2
openbsd-c211b60ba408365c17d7fbd5fe3855d2a30de266.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 9f8d999ff1..2094417994 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.43 2018/11/11 02:22:34 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.44 2018/11/11 21:54:47 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1527,7 +1527,7 @@ ssl3_get_server_key_exchange(SSL *s)
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
-                        if (sigalg->key_type != pkey->type) {
+                        if (!ssl_sigalg_pkey_ok(sigalg, pkey)) {
                                SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
author	beck <>	2018-11-11 21:54:47 +0000
committer	beck <>	2018-11-11 21:54:47 +0000
commit	c211b60ba408365c17d7fbd5fe3855d2a30de266 (patch)
tree	0cdd1c2782b8d6a68cb8c13faf997369c97af830 /src/lib/libssl/ssl_clnt.c
parent	8a99f7096d5d13dfe9e814a08cb0a206eb8d0bbc (diff)
download	openbsd-c211b60ba408365c17d7fbd5fe3855d2a30de266.tar.gz openbsd-c211b60ba408365c17d7fbd5fe3855d2a30de266.tar.bz2 openbsd-c211b60ba408365c17d7fbd5fe3855d2a30de266.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 9f8d999ff1..2094417994 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.43 2018/11/11 02:22:34 beck Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.44 2018/11/11 21:54:47 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1527,7 +1527,7 @@ ssl3_get_server_key_exchange(SSL *s)
1527	al = SSL_AD_DECODE_ERROR;	1527	al = SSL_AD_DECODE_ERROR;
1528	goto f_err;	1528	goto f_err;
1529	}	1529	}
1530	if (sigalg->key_type != pkey->type) {	1530	if (!ssl_sigalg_pkey_ok(sigalg, pkey)) {
1531	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);	1531	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
1532	al = SSL_AD_DECODE_ERROR;	1532	al = SSL_AD_DECODE_ERROR;
1533	goto f_err;	1533	goto f_err;