[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Sat Dec 10 02:29:57 UTC 2016


The branch master has been updated
       via  2d7bbd6c9fb6865e0df480602c3612652189e182 (commit)
       via  71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0 (commit)
      from  6c0e1e20d2756eaefe735e5edb56b83ccd9db9e6 (commit)


- Log -----------------------------------------------------------------
commit 2d7bbd6c9fb6865e0df480602c3612652189e182
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Dec 7 23:03:47 2016 +0000

    Add RSA PSS tests
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2065)

commit 71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Dec 8 12:16:02 2016 +0000

    Check input length to pkey_rsa_verify()
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2065)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_err.c   |  1 +
 crypto/rsa/rsa_pmeth.c |  4 ++++
 include/openssl/rsa.h  |  1 +
 test/evptests.txt      | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 61 insertions(+)

diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 45e12e0..bf54095 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -26,6 +26,7 @@ static ERR_STRING_DATA RSA_str_functs[] = {
     {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"},
     {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"},
     {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"},
+    {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "pkey_rsa_verify"},
     {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"},
     {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"},
     {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"},
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index e503ada..db4fb0f 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -229,6 +229,10 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
         if (rctx->pad_mode == RSA_PKCS1_PADDING)
             return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                               sig, siglen, rsa);
+        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+            RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+            return -1;
+        }
         if (rctx->pad_mode == RSA_X931_PADDING) {
             if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0)
                 return 0;
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 4d6e9cc..d97d6e0 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -468,6 +468,7 @@ int ERR_load_RSA_strings(void);
 # define RSA_F_PKEY_RSA_CTRL                              143
 # define RSA_F_PKEY_RSA_CTRL_STR                          144
 # define RSA_F_PKEY_RSA_SIGN                              142
+# define RSA_F_PKEY_RSA_VERIFY                            149
 # define RSA_F_PKEY_RSA_VERIFYRECOVER                     141
 # define RSA_F_RSA_ALGOR_TO_MD                            156
 # define RSA_F_RSA_BUILTIN_KEYGEN                         129
diff --git a/test/evptests.txt b/test/evptests.txt
index 6db6cf7..32abf7f 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -2876,6 +2876,61 @@ Input = "0123456789ABCDEF1234"
 Output = 3080021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d870000
 Result = VERIFY_ERROR
 
+# RSA PSS padding tests.
+
+# Zero salt length makes output deterministic
+Sign = RSA-2048
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+
+# Verify of above signature
+Verify = RSA-2048-PUBLIC
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+
+# Digest too short
+Verify = RSA-2048-PUBLIC
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDE"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
+# Digest too long
+Verify = RSA-2048-PUBLIC
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF0"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
+# Wrong salt length
+Verify = RSA-2048
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:2
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
+# Wrong MGF1 digest
+Verify = RSA-2048
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Ctrl = rsa_mgf1_md:sha1
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
 # scrypt tests from draft-josefsson-scrypt-kdf-03
 PBE = scrypt
 Password = ""


More information about the openssl-commits mailing list