CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/03/30 00:02:21
Modified files:
lib/libssl : ssl_sigalgs.c
Log message:
ssl_sigalg_pkey_ok: allow RSASSA-PSS with pubkey OID RSASSA-PSS
This fixes a long-standing logic error that hasn't been noticed because
we never announced the rsa_pss_pss_sha{256,384,512} SignatureScheme. The
EVP_PKEY_id() of a RSA-PSS pubkey is EVP_PKEY_RSA_PSS, not EVP_PKEY_RSA.
Thanks to beck for helping me figure out how to fix this correctly. It
drove me nuts for a very long time. Problem also noticed by Tom Lane
due to some PostgreSQL regress failures.
ok djm jsing kenjiro
