summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_sigalgs.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_sigalgs.c')
-rw-r--r--src/lib/libssl/ssl_sigalgs.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 37fdcfa73f..374ba3cef2 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sigalgs.c,v 1.20 2019/04/01 02:09:21 beck Exp $ */ 1/* $OpenBSD: ssl_sigalgs.c,v 1.20.8.1 2020/08/10 18:59:47 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -322,6 +322,12 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
322 tls_sigalgs_len)) == NULL) 322 tls_sigalgs_len)) == NULL)
323 continue; 323 continue;
324 324
325 /* RSA cannot be used without PSS in TLSv1.3. */
326 if (TLS1_get_version(s) >= TLS1_3_VERSION &&
327 sigalg->key_type == EVP_PKEY_RSA &&
328 (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0)
329 continue;
330
325 if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve)) 331 if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve))
326 return sigalg; 332 return sigalg;
327 } 333 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 08:01:56 +0000