summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/ssl_clnt.c15
-rw-r--r--src/lib/libssl/ssl_srvr.c16
2 files changed, 29 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 298e4b7ff8..9f8d999ff1 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.42 2018/11/11 02:03:23 beck Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.43 2018/11/11 02:22:34 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1556,6 +1556,11 @@ ssl3_get_server_key_exchange(SSL *s)
1556 if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random, 1556 if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random,
1557 SSL3_RANDOM_SIZE)) 1557 SSL3_RANDOM_SIZE))
1558 goto err; 1558 goto err;
1559 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
1560 (!EVP_PKEY_CTX_set_rsa_padding(pctx,
1561 RSA_PKCS1_PSS_PADDING) ||
1562 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)))
1563 goto err;
1559 if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->server_random, 1564 if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->server_random,
1560 SSL3_RANDOM_SIZE)) 1565 SSL3_RANDOM_SIZE))
1561 goto err; 1566 goto err;
@@ -2427,6 +2432,14 @@ ssl3_send_client_verify(SSL *s)
2427 SSLerror(s, ERR_R_EVP_LIB); 2432 SSLerror(s, ERR_R_EVP_LIB);
2428 goto err; 2433 goto err;
2429 } 2434 }
2435 if ((s->cert->key->sigalg->flags &
2436 SIGALG_FLAG_RSA_PSS) &&
2437 (!EVP_PKEY_CTX_set_rsa_padding(pctx,
2438 RSA_PKCS1_PSS_PADDING) ||
2439 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
2440 SSLerror(s, ERR_R_EVP_LIB);
2441 goto err;
2442 }
2430 if (!EVP_DigestSignUpdate(&mctx, hdata, hdatalen)) { 2443 if (!EVP_DigestSignUpdate(&mctx, hdata, hdatalen)) {
2431 SSLerror(s, ERR_R_EVP_LIB); 2444 SSLerror(s, ERR_R_EVP_LIB);
2432 goto err; 2445 goto err;
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index f1b8a49468..03ae29a278 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.56 2018/11/11 02:03:23 beck Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.57 2018/11/11 02:22:34 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1549,6 +1549,13 @@ ssl3_send_server_key_exchange(SSL *s)
1549 SSLerror(s, ERR_R_EVP_LIB); 1549 SSLerror(s, ERR_R_EVP_LIB);
1550 goto err; 1550 goto err;
1551 } 1551 }
1552 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
1553 (!EVP_PKEY_CTX_set_rsa_padding(pctx,
1554 RSA_PKCS1_PSS_PADDING) ||
1555 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
1556 SSLerror(s, ERR_R_EVP_LIB);
1557 goto err;
1558 }
1552 if (!EVP_DigestSignUpdate(&md_ctx, s->s3->client_random, 1559 if (!EVP_DigestSignUpdate(&md_ctx, s->s3->client_random,
1553 SSL3_RANDOM_SIZE)) { 1560 SSL3_RANDOM_SIZE)) {
1554 SSLerror(s, ERR_R_EVP_LIB); 1561 SSLerror(s, ERR_R_EVP_LIB);
@@ -2203,6 +2210,13 @@ ssl3_get_cert_verify(SSL *s)
2203 al = SSL_AD_INTERNAL_ERROR; 2210 al = SSL_AD_INTERNAL_ERROR;
2204 goto f_err; 2211 goto f_err;
2205 } 2212 }
2213 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
2214 (!EVP_PKEY_CTX_set_rsa_padding
2215 (pctx, RSA_PKCS1_PSS_PADDING) ||
2216 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
2217 al = SSL_AD_INTERNAL_ERROR;
2218 goto err;
2219 }
2206 if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { 2220 if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) {
2207 SSLerror(s, ERR_R_EVP_LIB); 2221 SSLerror(s, ERR_R_EVP_LIB);
2208 al = SSL_AD_INTERNAL_ERROR; 2222 al = SSL_AD_INTERNAL_ERROR;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 07:09:39 +0000