Add check function to verify that pkey is usable with a sigalg.

Include check for appropriate RSA key size when used with PSS. ok tb@
author: beck <beck@openbsd.org> 2018-11-11 21:54:47 +0000
committer: beck <beck@openbsd.org> 2018-11-11 21:54:47 +0000
commit: 81230f721ab6c626288d9f5ef9a23a9fc28ed114 (patch)
tree: b4ac4a1672fb053f8ef00322c703bd316560a3df /lib/libssl/ssl_clnt.c
parent: Add END() macro to set symbol size like every other arch (diff)
download: wireguard-openbsd-81230f721ab6c626288d9f5ef9a23a9fc28ed114.tar.xz
wireguard-openbsd-81230f721ab6c626288d9f5ef9a23a9fc28ed114.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 9f8d999ff19..20944179947 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.43 2018/11/11 02:22:34 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.44 2018/11/11 21:54:47 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1527,7 +1527,7 @@ ssl3_get_server_key_exchange(SSL *s)
 				al = SSL_AD_DECODE_ERROR;
 				goto f_err;
 			}
-			if (sigalg->key_type != pkey->type) {
+			if (!ssl_sigalg_pkey_ok(sigalg, pkey)) {
 				SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
 				al = SSL_AD_DECODE_ERROR;
 				goto f_err;
author	beck <beck@openbsd.org>	2018-11-11 21:54:47 +0000
committer	beck <beck@openbsd.org>	2018-11-11 21:54:47 +0000
commit	81230f721ab6c626288d9f5ef9a23a9fc28ed114 (patch)
tree	b4ac4a1672fb053f8ef00322c703bd316560a3df /lib/libssl/ssl_clnt.c
parent	Add END() macro to set symbol size like every other arch (diff)
download	wireguard-openbsd-81230f721ab6c626288d9f5ef9a23a9fc28ed114.tar.xz wireguard-openbsd-81230f721ab6c626288d9f5ef9a23a9fc28ed114.zip