From 337a5c045ad4b4885be0bda984c08a14792df6a9 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Mon, 30 Mar 2026 06:20:08 +0000
Subject: [PATCH] libssl: announce support for RSASSA-PSS signature schemes

Announce the signature schemes for RSASSA-PSS with pubkey OID RSASSA-PSS
between RSASSA-PSS with pubkey OID rsaEncryption and RSASSA-PKCS1-v1_5.

This is the last step in the everlasting saga for making these signature
schemes and certificates with RSASSA-PSS OID work. Fortunately, these are
rarely used since they are extremely complex and inefficient also due to
the large size of the parameters. This addresses bug reports by Steffen
Ullrich and Tom Lane.

Tested by bluhm.

ok djm jsing kenjiro
---
 lib/libssl/ssl_sigalgs.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c
index dc68e31fa22..ee4088f6ab1 100644
--- a/lib/libssl/ssl_sigalgs.c
+++ b/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.52 2026/03/30 06:02:21 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.53 2026/03/30 06:20:08 tb Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -147,12 +147,15 @@ const struct ssl_sigalg sigalgs[] = {
 /* Sigalgs for TLSv1.3, in preference order. */
 const uint16_t tls13_sigalgs[] = {
 	SIGALG_RSA_PSS_RSAE_SHA512,
+	SIGALG_RSA_PSS_PSS_SHA512,
 	SIGALG_RSA_PKCS1_SHA512,
 	SIGALG_ECDSA_SECP521R1_SHA512,
 	SIGALG_RSA_PSS_RSAE_SHA384,
+	SIGALG_RSA_PSS_PSS_SHA384,
 	SIGALG_RSA_PKCS1_SHA384,
 	SIGALG_ECDSA_SECP384R1_SHA384,
 	SIGALG_RSA_PSS_RSAE_SHA256,
+	SIGALG_RSA_PSS_PSS_SHA256,
 	SIGALG_RSA_PKCS1_SHA256,
 	SIGALG_ECDSA_SECP256R1_SHA256,
 };
@@ -161,12 +164,15 @@ const size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0
 /* Sigalgs for TLSv1.2, in preference order. */
 const uint16_t tls12_sigalgs[] = {
 	SIGALG_RSA_PSS_RSAE_SHA512,
+	SIGALG_RSA_PSS_PSS_SHA512,
 	SIGALG_RSA_PKCS1_SHA512,
 	SIGALG_ECDSA_SECP521R1_SHA512,
 	SIGALG_RSA_PSS_RSAE_SHA384,
+	SIGALG_RSA_PSS_PSS_SHA384,
 	SIGALG_RSA_PKCS1_SHA384,
 	SIGALG_ECDSA_SECP384R1_SHA384,
 	SIGALG_RSA_PSS_RSAE_SHA256,
+	SIGALG_RSA_PSS_PSS_SHA256,
 	SIGALG_RSA_PKCS1_SHA256,
 	SIGALG_ECDSA_SECP256R1_SHA256,
 	SIGALG_RSA_PKCS1_SHA1, /* XXX */