summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_clnt.c
diff options
context:
space:
mode:
authorbeck <>2018-11-11 02:22:34 +0000
committerbeck <>2018-11-11 02:22:34 +0000
commite9d8287ddb7095901012153bc704c8aac2466589 (patch)
treefde33b908edc0dacbec20d6c534eece87fd60bc4 /src/lib/libssl/ssl_clnt.c
parent54f742a337d02740020696e56783ec7595e582d5 (diff)
downloadopenbsd-e9d8287ddb7095901012153bc704c8aac2466589.tar.gz
openbsd-e9d8287ddb7095901012153bc704c8aac2466589.tar.bz2
openbsd-e9d8287ddb7095901012153bc704c8aac2466589.zip
Add support for RSA PSS algorithims being used in sigalgs.
lightly tested, but will need sanity checks and regress test changes before being added to any sigalgs list for real ok jsing@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
-rw-r--r--src/lib/libssl/ssl_clnt.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 298e4b7ff8..9f8d999ff1 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.42 2018/11/11 02:03:23 beck Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.43 2018/11/11 02:22:34 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1556,6 +1556,11 @@ ssl3_get_server_key_exchange(SSL *s)
1556 if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random, 1556 if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random,
1557 SSL3_RANDOM_SIZE)) 1557 SSL3_RANDOM_SIZE))
1558 goto err; 1558 goto err;
1559 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
1560 (!EVP_PKEY_CTX_set_rsa_padding(pctx,
1561 RSA_PKCS1_PSS_PADDING) ||
1562 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)))
1563 goto err;
1559 if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->server_random, 1564 if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->server_random,
1560 SSL3_RANDOM_SIZE)) 1565 SSL3_RANDOM_SIZE))
1561 goto err; 1566 goto err;
@@ -2427,6 +2432,14 @@ ssl3_send_client_verify(SSL *s)
2427 SSLerror(s, ERR_R_EVP_LIB); 2432 SSLerror(s, ERR_R_EVP_LIB);
2428 goto err; 2433 goto err;
2429 } 2434 }
2435 if ((s->cert->key->sigalg->flags &
2436 SIGALG_FLAG_RSA_PSS) &&
2437 (!EVP_PKEY_CTX_set_rsa_padding(pctx,
2438 RSA_PKCS1_PSS_PADDING) ||
2439 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
2440 SSLerror(s, ERR_R_EVP_LIB);
2441 goto err;
2442 }
2430 if (!EVP_DigestSignUpdate(&mctx, hdata, hdatalen)) { 2443 if (!EVP_DigestSignUpdate(&mctx, hdata, hdatalen)) {
2431 SSLerror(s, ERR_R_EVP_LIB); 2444 SSLerror(s, ERR_R_EVP_LIB);
2432 goto err; 2445 goto err;