ssl_sigalg_pkey_ok: allow RSASSA-PSS with pubkey OID RSASSA-PSS - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2026-03-30 06:02:21 +0000
committer	tb <>	2026-03-30 06:02:21 +0000
commit	2cce484ddc397481c8dab3c2e72dc77bbefcfddb (patch)
tree	bdeb72fa2ce3bf69a869386d33ae88cdb0da9729 /src/lib/libssl/ssl_init.c
parent	981fa719b7606cbf7df120993df445357b9b2df7 (diff)
download	openbsd-2cce484ddc397481c8dab3c2e72dc77bbefcfddb.tar.gz openbsd-2cce484ddc397481c8dab3c2e72dc77bbefcfddb.tar.bz2 openbsd-2cce484ddc397481c8dab3c2e72dc77bbefcfddb.zip

ssl_sigalg_pkey_ok: allow RSASSA-PSS with pubkey OID RSASSA-PSS

This fixes a long-standing logic error that hasn't been noticed because we never announced the rsa_pss_pss_sha{256,384,512} SignatureScheme. The EVP_PKEY_id() of a RSA-PSS pubkey is EVP_PKEY_RSA_PSS, not EVP_PKEY_RSA. Thanks to beck for helping me figure out how to fix this correctly. It drove me nuts for a very long time. Problem also noticed by Tom Lane due to some PostgreSQL regress failures. ok djm jsing kenjiro

Diffstat (limited to 'src/lib/libssl/ssl_init.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: