diff options
Diffstat (limited to 'src/lib/libssl/ssl_sigalgs.c')
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 5dc261810b..a6c5a4e9d8 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.6 2018/11/11 02:03:23 beck Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.7 2018/11/11 21:54:47 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -225,3 +225,19 @@ ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len) | |||
| 225 | } | 225 | } |
| 226 | return 1; | 226 | return 1; |
| 227 | } | 227 | } |
| 228 | |||
| 229 | int | ||
| 230 | ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | ||
| 231 | { | ||
| 232 | if (sigalg->key_type == pkey->type) { | ||
| 233 | if (!(sigalg->flags & SIGALG_FLAG_RSA_PSS)) | ||
| 234 | return 1; | ||
| 235 | /* | ||
| 236 | * RSA keys for PSS need to be at least | ||
| 237 | * as big as twice the size of the hash + 2 | ||
| 238 | */ | ||
| 239 | if (EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) | ||
| 240 | return 1; | ||
| 241 | } | ||
| 242 | return 0; | ||
| 243 | } | ||