aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2018-12-12 13:49:44 +0100
committerPéter Dimitrov <[email protected]>2019-01-11 09:59:12 +0100
commitf552b7d03cd799324ac5e44f1c70bfb954ead4b8 (patch)
treec6e70f92c12083914e2018697d68a8c9a4435825
parentd05f164c072728a3ccb68fbc0f844d65bb2996d0 (diff)
downloadotp-f552b7d03cd799324ac5e44f1c70bfb954ead4b8.tar.gz
otp-f552b7d03cd799324ac5e44f1c70bfb954ead4b8.tar.bz2
otp-f552b7d03cd799324ac5e44f1c70bfb954ead4b8.zip
ssl: Check if RSASSA-PSS is supported by crypto
Filter all rsa_pss_rsae and rsa_pss_pss signature schemes if rsa_pkcs1_pss_padding is not supported by crypto. Change-Id: Ie6d7ca3736011c71462eac925055f831777f9c9d
Diffstat
-rw-r--r--lib/ssl/src/tls_v1.erl12
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 737ecadab4..66baa47c9b 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -542,15 +542,23 @@ signature_schemes(Version, SignatureSchemes) when is_tuple(Version)
Hashes = proplists:get_value(hashs, CryptoSupports),
PubKeys = proplists:get_value(public_keys, CryptoSupports),
Curves = proplists:get_value(curves, CryptoSupports),
+ RSAPSSSupported = lists:member(rsa_pkcs1_pss_padding,
+ proplists:get_value(rsa_opts, CryptoSupports)),
Fun = fun (Scheme, Acc) when is_atom(Scheme) ->
{Hash0, Sign0, Curve} =
ssl_cipher:scheme_to_components(Scheme),
Sign = case Sign0 of
- rsa_pkcs1 -> rsa;
+ rsa_pkcs1 ->
+ rsa;
+ rsa_pss_rsae when RSAPSSSupported ->
+ rsa;
+ rsa_pss_pss when RSAPSSSupported ->
+ rsa;
S -> S
end,
Hash = case Hash0 of
- sha1 -> sha;
+ sha1 ->
+ sha;
H -> H
end,
case proplists:get_bool(Sign, PubKeys)
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-09 09:54:09 +0000