From 045d078aefdf8d5b077485630bfd21b09980d2ec Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 13 Sep 2017 13:53:03 +0100
Subject: Add RSA-PSS key certificate type.

Recognise RSA-PSS certificate algorithm and add a new certificate
type.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4368)
---
 ssl/t1_lib.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ssl/t1_lib.c')

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 48c33de64b..ec5b358e28 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -799,6 +799,7 @@ static const SIGALG_LOOKUP legacy_rsa_sigalg = {
  */
 static const uint16_t tls_default_sigalg[] = {
     TLSEXT_SIGALG_rsa_pkcs1_sha1, /* SSL_PKEY_RSA */
+    0, /* SSL_PKEY_RSA_PSS_SIGN */
     TLSEXT_SIGALG_dsa_sha1, /* SSL_PKEY_DSA_SIGN */
     TLSEXT_SIGALG_ecdsa_sha1, /* SSL_PKEY_ECC */
     TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */
@@ -2126,6 +2127,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
 void tls1_set_cert_validity(SSL *s)
 {
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_PSS_SIGN);
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01);
-- 
cgit v1.2.3