Mailing List Archive

From:: Rafael Sadowski <rafael@sizeofvoid.org>
Subject:: relayd: RSA key support only
To:: tech@openbsd.org
Date:: Thu, 5 Mar 2026 08:32:22 +0100

Download raw body.

Thread

2026-03-05 07:32 Rafael Sadowski:
relayd: RSA key support only
- 2026-03-05 07:51 Theo Buehler:
  relayd: RSA key support only

This prints an appropriate error message if someone does not use an RSA
keys.

OK?

Index: ca.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/ca.c,v
diff -u -p -r1.50 ca.c
--- ca.c	5 Mar 2026 07:27:01 -0000	1.50
+++ ca.c	5 Mar 2026 07:29:19 -0000
@@ -250,6 +250,9 @@ ca_dispatch_relay(int fd, struct privsep
 			break;
 		}
 
+		if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
+			fatalx("%s: key is not a RSA key", __func__);
+
 		if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
 			fatalx("%s: invalid relay key", __func__);

2026-03-05 07:32 Rafael Sadowski:
relayd: RSA key support only
- 2026-03-05 07:51 Theo Buehler:
  relayd: RSA key support only