diff options
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index b503503105..619ba57f0d 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.35 2021/06/29 19:29:16 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.36 2021/06/29 19:33:46 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> |
| @@ -270,10 +270,7 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | |||
| 270 | if (sigalg->key_type != pkey->type) | 270 | if (sigalg->key_type != pkey->type) |
| 271 | return 0; | 271 | return 0; |
| 272 | 272 | ||
| 273 | /* | 273 | /* RSA PSS must have a sufficiently large RSA key. */ |
| 274 | * RSA PSS must have an RSA key that needs to be at | ||
| 275 | * least as big as twice the size of the hash + 2 | ||
| 276 | */ | ||
| 277 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { | 274 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { |
| 278 | if (pkey->type != EVP_PKEY_RSA || | 275 | if (pkey->type != EVP_PKEY_RSA || |
| 279 | EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) | 276 | EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) |