From 22f6fa080aa393c2a6455f88e99334d5b461444b Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 30 Mar 2026 06:20:08 +0000
Subject: libssl: announce support for RSASSA-PSS signature schemes

Announce the signature schemes for RSASSA-PSS with pubkey OID RSASSA-PSS
between RSASSA-PSS with pubkey OID rsaEncryption and RSASSA-PKCS1-v1_5.

This is the last step in the everlasting saga for making these signature
schemes and certificates with RSASSA-PSS OID work. Fortunately, these are
rarely used since they are extremely complex and inefficient also due to
the large size of the parameters. This addresses bug reports by Steffen
Ullrich and Tom Lane.

Tested by bluhm.

ok djm jsing kenjiro
---
 src/lib/libssl/ssl_sigalgs.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_sigalgs.c')

diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index dc68e31fa2..ee4088f6ab 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.52 2026/03/30 06:02:21 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.53 2026/03/30 06:20:08 tb Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -147,12 +147,15 @@ const struct ssl_sigalg sigalgs[] = {
 /* Sigalgs for TLSv1.3, in preference order. */
 const uint16_t tls13_sigalgs[] = {
 	SIGALG_RSA_PSS_RSAE_SHA512,
+	SIGALG_RSA_PSS_PSS_SHA512,
 	SIGALG_RSA_PKCS1_SHA512,
 	SIGALG_ECDSA_SECP521R1_SHA512,
 	SIGALG_RSA_PSS_RSAE_SHA384,
+	SIGALG_RSA_PSS_PSS_SHA384,
 	SIGALG_RSA_PKCS1_SHA384,
 	SIGALG_ECDSA_SECP384R1_SHA384,
 	SIGALG_RSA_PSS_RSAE_SHA256,
+	SIGALG_RSA_PSS_PSS_SHA256,
 	SIGALG_RSA_PKCS1_SHA256,
 	SIGALG_ECDSA_SECP256R1_SHA256,
 };
@@ -161,12 +164,15 @@ const size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0
 /* Sigalgs for TLSv1.2, in preference order. */
 const uint16_t tls12_sigalgs[] = {
 	SIGALG_RSA_PSS_RSAE_SHA512,
+	SIGALG_RSA_PSS_PSS_SHA512,
 	SIGALG_RSA_PKCS1_SHA512,
 	SIGALG_ECDSA_SECP521R1_SHA512,
 	SIGALG_RSA_PSS_RSAE_SHA384,
+	SIGALG_RSA_PSS_PSS_SHA384,
 	SIGALG_RSA_PKCS1_SHA384,
 	SIGALG_ECDSA_SECP384R1_SHA384,
 	SIGALG_RSA_PSS_RSAE_SHA256,
+	SIGALG_RSA_PSS_PSS_SHA256,
 	SIGALG_RSA_PKCS1_SHA256,
 	SIGALG_ECDSA_SECP256R1_SHA256,
 	SIGALG_RSA_PKCS1_SHA1, /* XXX */
-- 
cgit v1.2.3-55-g6feb