Add RSA-PSS key certificate type. Recognise RSA-PSS certificate algorithm and add a new certificate type. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)

commit: 045d078aefdf8d5b077485630bfd21b09980d2ec [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Wed Sep 13 13:53:03 2017 +0100
committer: Dr. Stephen Henson <steve@openssl.org> Wed Sep 20 12:50:23 2017 +0100
tree: a2627b9f4fdad74a66de91708c2d555514f4357e
parent: 6b1c8204b33aaedb7df7a009c241412839aaf950 [diff] [blame]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 48c33de..ec5b358 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -799,6 +799,7 @@
  */
 static const uint16_t tls_default_sigalg[] = {
     TLSEXT_SIGALG_rsa_pkcs1_sha1, /* SSL_PKEY_RSA */
+    0, /* SSL_PKEY_RSA_PSS_SIGN */
     TLSEXT_SIGALG_dsa_sha1, /* SSL_PKEY_DSA_SIGN */
     TLSEXT_SIGALG_ecdsa_sha1, /* SSL_PKEY_ECC */
     TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */
@@ -2126,6 +2127,7 @@
 void tls1_set_cert_validity(SSL *s)
 {
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_PSS_SIGN);
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01);
commit	045d078aefdf8d5b077485630bfd21b09980d2ec	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Wed Sep 13 13:53:03 2017 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	Wed Sep 20 12:50:23 2017 +0100
tree	a2627b9f4fdad74a66de91708c2d555514f4357e
parent	6b1c8204b33aaedb7df7a009c241412839aaf950 [diff] [blame]