[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Dr. Stephen Henson
steve at openssl.org
Sat Dec 10 02:49:25 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via f096bbd71984fa8311939ff7422975e1c88d8362 (commit)
via 1742e84073540a9ff89aeb2699af106fdbb0b0f4 (commit)
from 2c4ee10c0aa231a30977aad47bae1d0dbe6bbef4 (commit)
- Log -----------------------------------------------------------------
commit f096bbd71984fa8311939ff7422975e1c88d8362
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Dec 8 12:16:02 2016 +0000
Check input length to pkey_rsa_verify()
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
(cherry picked from commit 71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0)
commit 1742e84073540a9ff89aeb2699af106fdbb0b0f4
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Dec 7 23:03:47 2016 +0000
Add RSA PSS tests
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
(cherry picked from commit 2d7bbd6c9fb6865e0df480602c3612652189e182)
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_err.c | 1 +
crypto/rsa/rsa_pmeth.c | 4 ++++
include/openssl/rsa.h | 1 +
test/evptests.txt | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 61 insertions(+)
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 45e12e0..bf54095 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -26,6 +26,7 @@ static ERR_STRING_DATA RSA_str_functs[] = {
{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"},
{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"},
{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"},
+ {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "pkey_rsa_verify"},
{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"},
{ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"},
{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"},
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index e503ada..db4fb0f 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -229,6 +229,10 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
sig, siglen, rsa);
+ if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+ RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+ return -1;
+ }
if (rctx->pad_mode == RSA_X931_PADDING) {
if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0)
return 0;
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 4d6e9cc..d97d6e0 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -468,6 +468,7 @@ int ERR_load_RSA_strings(void);
# define RSA_F_PKEY_RSA_CTRL 143
# define RSA_F_PKEY_RSA_CTRL_STR 144
# define RSA_F_PKEY_RSA_SIGN 142
+# define RSA_F_PKEY_RSA_VERIFY 149
# define RSA_F_PKEY_RSA_VERIFYRECOVER 141
# define RSA_F_RSA_ALGOR_TO_MD 156
# define RSA_F_RSA_BUILTIN_KEYGEN 129
diff --git a/test/evptests.txt b/test/evptests.txt
index 36697f1..83da703 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -2876,6 +2876,61 @@ Input = "0123456789ABCDEF1234"
Output = 3080021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d870000
Result = VERIFY_ERROR
+# RSA PSS padding tests.
+
+# Zero salt length makes output deterministic
+Sign = RSA-2048
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+
+# Verify of above signature
+Verify = RSA-2048-PUBLIC
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+
+# Digest too short
+Verify = RSA-2048-PUBLIC
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDE"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
+# Digest too long
+Verify = RSA-2048-PUBLIC
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF0"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
+# Wrong salt length
+Verify = RSA-2048
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:2
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
+# Wrong MGF1 digest
+Verify = RSA-2048
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Ctrl = rsa_mgf1_md:sha1
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
# scrypt tests from draft-josefsson-scrypt-kdf-03
PBE = scrypt
Password = ""
More information about the openssl-commits
mailing list