summaryrefslogtreecommitdiff
path: root/lib/rsa/rsa-sign.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/rsa/rsa-sign.c')
-rw-r--r--lib/rsa/rsa-sign.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 2304030e32f..fa9e143b4ca 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -428,6 +428,15 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
ret = rsa_err("Signer padding setup failed");
goto err_sign;
}
+
+ /* Per RFC 3447 (and convention) the Typical salt length is the
+ * length of the output of the digest algorithm.
+ */
+ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ckey,
+ checksum_algo->checksum_len) <= 0) {
+ ret = rsa_err("Signer salt length setup failed");
+ goto err_sign;
+ }
}
for (i = 0; i < region_count; i++) {
generated by cgit v1.2.3 (git 2.0.4) at 2025-07-25 02:12:09 +0000