diff options
| author | beck <> | 2018-11-11 02:22:34 +0000 |
|---|---|---|
| committer | beck <> | 2018-11-11 02:22:34 +0000 |
| commit | e9d8287ddb7095901012153bc704c8aac2466589 (patch) | |
| tree | fde33b908edc0dacbec20d6c534eece87fd60bc4 /src/lib/libssl/ssl_srvr.c | |
| parent | 54f742a337d02740020696e56783ec7595e582d5 (diff) | |
| download | openbsd-e9d8287ddb7095901012153bc704c8aac2466589.tar.gz openbsd-e9d8287ddb7095901012153bc704c8aac2466589.tar.bz2 openbsd-e9d8287ddb7095901012153bc704c8aac2466589.zip | |
Add support for RSA PSS algorithims being used in sigalgs.
lightly tested, but will need sanity checks and regress test changes
before being added to any sigalgs list for real
ok jsing@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index f1b8a49468..03ae29a278 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.56 2018/11/11 02:03:23 beck Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.57 2018/11/11 02:22:34 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1549,6 +1549,13 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1549 | SSLerror(s, ERR_R_EVP_LIB); | 1549 | SSLerror(s, ERR_R_EVP_LIB); |
| 1550 | goto err; | 1550 | goto err; |
| 1551 | } | 1551 | } |
| 1552 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && | ||
| 1553 | (!EVP_PKEY_CTX_set_rsa_padding(pctx, | ||
| 1554 | RSA_PKCS1_PSS_PADDING) || | ||
| 1555 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { | ||
| 1556 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1557 | goto err; | ||
| 1558 | } | ||
| 1552 | if (!EVP_DigestSignUpdate(&md_ctx, s->s3->client_random, | 1559 | if (!EVP_DigestSignUpdate(&md_ctx, s->s3->client_random, |
| 1553 | SSL3_RANDOM_SIZE)) { | 1560 | SSL3_RANDOM_SIZE)) { |
| 1554 | SSLerror(s, ERR_R_EVP_LIB); | 1561 | SSLerror(s, ERR_R_EVP_LIB); |
| @@ -2203,6 +2210,13 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2203 | al = SSL_AD_INTERNAL_ERROR; | 2210 | al = SSL_AD_INTERNAL_ERROR; |
| 2204 | goto f_err; | 2211 | goto f_err; |
| 2205 | } | 2212 | } |
| 2213 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && | ||
| 2214 | (!EVP_PKEY_CTX_set_rsa_padding | ||
| 2215 | (pctx, RSA_PKCS1_PSS_PADDING) || | ||
| 2216 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { | ||
| 2217 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2218 | goto err; | ||
| 2219 | } | ||
| 2206 | if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { | 2220 | if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { |
| 2207 | SSLerror(s, ERR_R_EVP_LIB); | 2221 | SSLerror(s, ERR_R_EVP_LIB); |
| 2208 | al = SSL_AD_INTERNAL_ERROR; | 2222 | al = SSL_AD_INTERNAL_ERROR; |