use RSA_PSS_SALTLEN_DIGEST constant (968ae5b3) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/statem/statem_clnt.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -2024,7 +2024,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL s, PACKET pkt)
		if (ispss) {
		if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
		/* -1 here means set saltlen to the digest len */
		\|\| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1) <= 0) {
		\|\| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
		RSA_PSS_SALTLEN_DIGEST) <= 0) {
		al = SSL_AD_INTERNAL_ERROR;
		SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
		goto err;

+4 −4

Original line number	Diff line number	Diff line
		@@ -231,8 +231,8 @@ int tls_construct_cert_verify(SSL s, WPACKET pkt)

		if (ispss) {
		if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
		/* -1 here means set saltlen to the digest len */
		\|\| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1) <= 0) {
		\|\| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
		RSA_PSS_SALTLEN_DIGEST) <= 0) {
		SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_EVP_LIB);
		goto err;
		}
		@@ -404,8 +404,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL s, PACKET pkt)

		if (ispss) {
		if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
		/* -1 here means set saltlen to the digest len */
		\|\| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1) <= 0) {
		\|\| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
		RSA_PSS_SALTLEN_DIGEST) <= 0) {
		SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
		goto f_err;
		}

+1 −2

Original line number	Diff line number	Diff line
		@@ -2274,8 +2274,7 @@ int tls_construct_server_key_exchange(SSL s, WPACKET pkt)
		if (ispss) {
		if (EVP_PKEY_CTX_set_rsa_padding(pctx,
		RSA_PKCS1_PSS_PADDING) <= 0
		/* -1 here means set saltlen to the digest len */
		\|\| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1) <= 0) {
		\|\| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, RSA_PSS_SALTLEN_DIGEST) <= 0) {
		SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
		ERR_R_EVP_LIB);
		goto f_err;