projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1a50eed) | patch
Check that the public key OID matches the sig alg
authorMatt Caswell <matt@openssl.org>
Tue, 17 Jul 2018 15:31:07 +0000 (16:31 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 18 Jul 2018 08:58:56 +0000 (09:58 +0100)
commit11d2641f96ead76deb5b8fac638a3ad36a971a66
tree7268fce6dcd0dd6f6993d746cc46045323a301e3tree | snapshot
parent1a50eedf2a1fbb1e0e009ad616d8be678e4c6340commit | diff
Check that the public key OID matches the sig alg

Using the rsa_pss_rsae_sha256 sig alg should imply that the key OID is
rsaEncryption. Similarly rsa_pss_pss_sha256 implies the key OID is
rsassaPss. However we did not check this and incorrectly tolerated a key
OID that did not match the sig alg sent by the peer.

Fixes #6611

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6732)
ssl/ssl_cert.c diff | blob | history
ssl/ssl_locl.h diff | blob | history
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.