libssl: announce support for RSASSA-PSS signature schemes

Announce the signature schemes for RSASSA-PSS with pubkey OID RSASSA-PSS between RSASSA-PSS with pubkey OID rsaEncryption and RSASSA-PKCS1-v1_5. This is the last step in the everlasting saga for making these signature schemes and certificates with RSASSA-PSS OID work. Fortunately, these are rarely used since they are extremely complex and inefficient also due to the large size of the parameters. This addresses bug reports by Steffen Ullrich and Tom Lane. Tested by bluhm. ok djm jsing kenjiro
author: tb <> 2026-03-30 06:20:08 +0000
committer: tb <> 2026-03-30 06:20:08 +0000
commit: 22f6fa080aa393c2a6455f88e99334d5b461444b (patch)
tree: 6bcbe6f66dafbf6a0cf98ff33f827e17a4a676a1 /src
parent: 2cce484ddc397481c8dab3c2e72dc77bbefcfddb (diff)
download: openbsd-22f6fa080aa393c2a6455f88e99334d5b461444b.tar.gz
openbsd-22f6fa080aa393c2a6455f88e99334d5b461444b.tar.bz2
openbsd-22f6fa080aa393c2a6455f88e99334d5b461444b.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index dc68e31fa2..ee4088f6ab 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.52 2026/03/30 06:02:21 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.53 2026/03/30 06:20:08 tb Exp $ */
 /*
 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -147,12 +147,15 @@ const struct ssl_sigalg sigalgs[] = {
 /* Sigalgs for TLSv1.3, in preference order. */
 const uint16_t tls13_sigalgs[] = {
        SIGALG_RSA_PSS_RSAE_SHA512,
+        SIGALG_RSA_PSS_PSS_SHA512,
        SIGALG_RSA_PKCS1_SHA512,
        SIGALG_ECDSA_SECP521R1_SHA512,
        SIGALG_RSA_PSS_RSAE_SHA384,
+        SIGALG_RSA_PSS_PSS_SHA384,
        SIGALG_RSA_PKCS1_SHA384,
        SIGALG_ECDSA_SECP384R1_SHA384,
        SIGALG_RSA_PSS_RSAE_SHA256,
+        SIGALG_RSA_PSS_PSS_SHA256,
        SIGALG_RSA_PKCS1_SHA256,
        SIGALG_ECDSA_SECP256R1_SHA256,
 };
@@ -161,12 +164,15 @@ const size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0
 /* Sigalgs for TLSv1.2, in preference order. */
 const uint16_t tls12_sigalgs[] = {
        SIGALG_RSA_PSS_RSAE_SHA512,
+        SIGALG_RSA_PSS_PSS_SHA512,
        SIGALG_RSA_PKCS1_SHA512,
        SIGALG_ECDSA_SECP521R1_SHA512,
        SIGALG_RSA_PSS_RSAE_SHA384,
+        SIGALG_RSA_PSS_PSS_SHA384,
        SIGALG_RSA_PKCS1_SHA384,
        SIGALG_ECDSA_SECP384R1_SHA384,
        SIGALG_RSA_PSS_RSAE_SHA256,
+        SIGALG_RSA_PSS_PSS_SHA256,
        SIGALG_RSA_PKCS1_SHA256,
        SIGALG_ECDSA_SECP256R1_SHA256,
        SIGALG_RSA_PKCS1_SHA1, /* XXX */
author	tb <>	2026-03-30 06:20:08 +0000
committer	tb <>	2026-03-30 06:20:08 +0000
commit	22f6fa080aa393c2a6455f88e99334d5b461444b (patch)
tree	6bcbe6f66dafbf6a0cf98ff33f827e17a4a676a1 /src
parent	2cce484ddc397481c8dab3c2e72dc77bbefcfddb (diff)
download	openbsd-22f6fa080aa393c2a6455f88e99334d5b461444b.tar.gz openbsd-22f6fa080aa393c2a6455f88e99334d5b461444b.tar.bz2 openbsd-22f6fa080aa393c2a6455f88e99334d5b461444b.zip