[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Tue Apr 25 21:13:19 UTC 2017
The branch master has been updated
via b69ae442a3b3e168d73c53dcd04bacf33eee8569 (commit)
via 2f7a252057a7f6ea161151583a6b4bf9d538ebae (commit)
via 451a0c3dc8bd1c2372f893e252b741937f303e21 (commit)
via 9bf45ba4ca0b98d9030bff8b1677804160d88d47 (commit)
via 629e369c5b163a6c7797d468a8d0ce0e37d43a3e (commit)
via c3c8823c879d90b93108b9e76db5ed5690724c9c (commit)
via 786dd2c22c71081492e209d93beee3ff4fe66357 (commit)
from 7531b3a6cd4b42bece94c0aab5b963fe03d1b139 (commit)
- Log -----------------------------------------------------------------
commit b69ae442a3b3e168d73c53dcd04bacf33eee8569
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Apr 25 20:16:29 2017 +0100
make update
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit 2f7a252057a7f6ea161151583a6b4bf9d538ebae
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Apr 25 17:28:08 2017 +0100
Update documentation
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit 451a0c3dc8bd1c2372f893e252b741937f303e21
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Apr 25 00:10:33 2017 +0100
Add PSS certificate signature tests
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit 9bf45ba4ca0b98d9030bff8b1677804160d88d47
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Mon Apr 24 22:17:45 2017 +0100
Add certificates with PSS signatures
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit 629e369c5b163a6c7797d468a8d0ce0e37d43a3e
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Apr 25 00:09:55 2017 +0100
Add custom sig_info setting for RSA-PSS
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit c3c8823c879d90b93108b9e76db5ed5690724c9c
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Mon Apr 24 19:16:16 2017 +0100
Use X509_get_signature_info() when checking security levels.
Make signature security level checking more flexible by using
X509_get_signaure_info(): some signature methods (e.g. PSS, ED25519)
do not indicate the signing digest (if any) in the signature OID.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit 786dd2c22c71081492e209d93beee3ff4fe66357
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Apr 21 15:56:34 2017 +0100
Add support for custom signature parameters
Many signature types define the digest and public key type by a single OID
such as ecdsa_with_sha256.
Some types (RSA-PSS for example) use a single OID to indicate the signature
scheme and additional parameters are encoded in the AlgorithmIdentifier.
Add an X509_SIG_INFO structure to contain details about the signature type:
specifically the digest algorithm, public key algorithm, security bits and
various flags. This supports both existing algorithms and more complex
types.
Add accessors for the structure and a special case that retrieves signature
information from a certificate.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
-----------------------------------------------------------------------
Summary of changes:
crypto/include/internal/asn1_int.h | 2 +
crypto/include/internal/x509_int.h | 16 ++++++++
crypto/rsa/rsa_ameth.c | 39 ++++++++++++++++++-
crypto/x509/x509_lcl.h | 3 ++
crypto/x509/x509_set.c | 77 ++++++++++++++++++++++++++++++++++++++
crypto/x509/x509_vfy.c | 12 +-----
crypto/x509v3/v3_purp.c | 1 +
doc/man3/X509_get0_signature.pod | 33 +++++++++++++++-
include/openssl/ossl_typ.h | 2 +
include/openssl/x509.h | 15 ++++++++
test/certs/ee-pss-sha1-cert.pem | 19 ++++++++++
test/certs/ee-pss-sha256-cert.pem | 21 +++++++++++
test/certs/setup.sh | 8 ++++
test/recipes/25-test_verify.t | 14 ++++++-
util/libcrypto.num | 3 ++
15 files changed, 252 insertions(+), 13 deletions(-)
create mode 100644 test/certs/ee-pss-sha1-cert.pem
create mode 100644 test/certs/ee-pss-sha256-cert.pem
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
index f78ced6..6e6e028 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -52,6 +52,8 @@ struct evp_pkey_asn1_method_st {
int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig);
+ int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+ const ASN1_STRING *sig);
} /* EVP_PKEY_ASN1_METHOD */ ;
DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 10b605f..124cc53 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -37,6 +37,19 @@ struct X509_name_st {
int canon_enclen;
} /* X509_NAME */ ;
+/* Signature info structure */
+
+struct x509_sig_info_st {
+ /* NID of message digest */
+ int mdnid;
+ /* NID of public key algorithm */
+ int pknid;
+ /* Security bits */
+ int secbits;
+ /* Various flags */
+ uint32_t flags;
+};
+
/* PKCS#10 certificate request */
struct X509_req_info_st {
@@ -146,6 +159,7 @@ struct x509_st {
X509_CINF cert_info;
X509_ALGOR sig_alg;
ASN1_BIT_STRING signature;
+ X509_SIG_INFO siginf;
CRYPTO_REF_COUNT references;
CRYPTO_EX_DATA ex_data;
/* These contain copies of various extension values */
@@ -267,3 +281,5 @@ struct x509_object_st {
int a2i_ipadd(unsigned char *ipout, const char *ipasc);
int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+
+void x509_init_sig_info(X509 *x);
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 20a27be..69b45fd 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -785,6 +785,41 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
return 2;
}
+static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
+ const ASN1_STRING *sig)
+{
+ int rv = 0;
+ int mdnid, saltlen;
+ uint32_t flags;
+ const EVP_MD *mgf1md = NULL, *md = NULL;
+ RSA_PSS_PARAMS *pss;
+
+ /* Sanity check: make sure it is PSS */
+ if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS)
+ return 0;
+ /* Decode PSS parameters */
+ pss = rsa_pss_decode(sigalg);
+ if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
+ goto err;
+ mdnid = EVP_MD_type(md);
+ /*
+ * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must
+ * match and salt length must equal digest size
+ */
+ if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512)
+ && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md))
+ flags = X509_SIG_INFO_TLS;
+ else
+ flags = 0;
+ /* Note: security bits half number of digest bits */
+ X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4,
+ flags);
+ rv = 1;
+ err:
+ RSA_PSS_PARAMS_free(pss);
+ return rv;
+}
+
#ifndef OPENSSL_NO_CMS
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
{
@@ -972,7 +1007,9 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
old_rsa_priv_decode,
old_rsa_priv_encode,
rsa_item_verify,
- rsa_item_sign},
+ rsa_item_sign,
+ rsa_sig_info_set
+ },
{
EVP_PKEY_RSA2,
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
index 34e4135..401f2e9 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -142,3 +142,6 @@ DEFINE_STACK_OF(BY_DIR_HASH)
DEFINE_STACK_OF(BY_DIR_ENTRY)
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+
+void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+ const ASN1_STRING *sig);
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index e46174a..08b71ff 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -13,7 +13,10 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
#include "internal/x509_int.h"
+#include "x509_lcl.h"
int X509_set_version(X509 *x, long version)
{
@@ -157,3 +160,77 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
{
return &x->cert_info.signature;
}
+
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+ int *secbits, uint32_t *flags)
+{
+ if (mdnid != NULL)
+ *mdnid = siginf->mdnid;
+ if (pknid != NULL)
+ *pknid = siginf->pknid;
+ if (secbits != NULL)
+ *secbits = siginf->secbits;
+ if (flags != NULL)
+ *flags = siginf->flags;
+ return (siginf->flags & X509_SIG_INFO_VALID) != 0;
+}
+
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+ int secbits, uint32_t flags)
+{
+ siginf->mdnid = mdnid;
+ siginf->pknid = pknid;
+ siginf->secbits = secbits;
+ siginf->flags = flags;
+}
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+ uint32_t *flags)
+{
+ X509_check_purpose(x, -1, -1);
+ return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags);
+}
+
+static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+ const ASN1_STRING *sig)
+{
+ int pknid, mdnid;
+ const EVP_MD *md;
+
+ siginf->mdnid = NID_undef;
+ siginf->pknid = NID_undef;
+ siginf->secbits = -1;
+ siginf->flags = 0;
+ if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)
+ || pknid == NID_undef)
+ return;
+ siginf->pknid = pknid;
+ if (mdnid == NID_undef) {
+ /* If we have one, use a custom handler for this algorithm */
+ const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid);
+ if (ameth == NULL || ameth->siginf_set == NULL
+ || ameth->siginf_set(siginf, alg, sig) == 0)
+ return;
+ siginf->flags |= X509_SIG_INFO_VALID;
+ return;
+ }
+ siginf->flags |= X509_SIG_INFO_VALID;
+ siginf->mdnid = mdnid;
+ md = EVP_get_digestbynid(mdnid);
+ if (md == NULL)
+ return;
+ /* Security bits: half number of bits in digest */
+ siginf->secbits = EVP_MD_size(md) * 4;
+ switch (mdnid) {
+ case NID_sha1:
+ case NID_sha256:
+ case NID_sha384:
+ case NID_sha512:
+ siginf->flags |= X509_SIG_INFO_TLS;
+ }
+}
+
+void x509_init_sig_info(X509 *x)
+{
+ x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature);
+}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2f1cd1a..70ce606 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3201,8 +3201,6 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
*/
static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
{
- int nid = X509_get_signature_nid(cert);
- int mdnid = NID_undef;
int secbits = -1;
int level = ctx->param->auth_level;
@@ -3211,14 +3209,8 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
if (level > NUM_AUTH_LEVELS)
level = NUM_AUTH_LEVELS;
- /* Lookup signature algorithm digest */
- if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) {
- const EVP_MD *md;
-
- /* Assume 4 bits of collision resistance for each hash octet */
- if (mdnid != NID_undef && (md = EVP_get_digestbynid(mdnid)) != NULL)
- secbits = EVP_MD_size(md) * 4;
- }
+ if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+ return 0;
return secbits >= minbits_table[level - 1];
}
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index fa5c425..2ff8854 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -488,6 +488,7 @@ static void x509v3_cache_extensions(X509 *x)
break;
}
}
+ x509_init_sig_info(x);
x->ex_flags |= EXFLAG_SET;
}
diff --git a/doc/man3/X509_get0_signature.pod b/doc/man3/X509_get0_signature.pod
index 61a2dda..f63c5a5 100644
--- a/doc/man3/X509_get0_signature.pod
+++ b/doc/man3/X509_get0_signature.pod
@@ -4,7 +4,8 @@
X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
-X509_CRL_get_signature_nid - signature information
+X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
+X509_SIG_INFO_set - signature information
=head1 SYNOPSIS
@@ -26,6 +27,14 @@ X509_CRL_get_signature_nid - signature information
const X509_ALGOR **palg);
int X509_CRL_get_signature_nid(const X509_CRL *crl);
+ int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+ uint32_t *flags);
+
+ int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+ int *secbits, uint32_t *flags);
+ void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+ int secbits, uint32_t flags);
+
=head1 DESCRIPTION
X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
@@ -42,6 +51,18 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
same function for certificate requests and CRLs.
+X509_get_signature_info() retrieves information about the signature of
+certificate B<x>. The NID of the signing digest is written to B<*mdnid>,
+the public key algorithm to B<*pknid>, the effective security bits to
+B<*secbits> and flag details to B<*flags>. Any of the parameters can
+be set to B<NULL> if the information is not required.
+
+X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
+about a signature in an B<X509_SIG_INFO> structure. They are only
+used by implementations of algorithms which need to set custom
+signature information: most applications will never need to call
+them.
+
=head1 NOTES
These functions provide lower level access to signatures in certificates
@@ -49,6 +70,12 @@ where an application wishes to analyse or generate a signature in a form
where X509_sign() et al is not appropriate (for example a non standard
or unsupported format).
+The security bits returned by X509_get_signature_info() refers to information
+available from the certificate signature (such as the signing digest). In some
+cases the actual security of the signature is less because the signing
+key is less secure: for example a certificate signed using SHA-512 and a
+1024 bit RSA key.
+
=head1 RETURN VALUES
X509_get_signature_nid(), X509_REQ_get_signature_nid() and
@@ -57,6 +84,10 @@ X509_CRL_get_signature_nid() return a NID.
X509_get0_signature(), X509_REQ_get0_signature() and
X509_CRL_get0_signature() do not return values.
+X509_get_signature_info() returns 1 if the signature information
+returned is valid or 0 if the information is not available (e.g.
+unknown algorithms or malformed parameters).
+
=head1 SEE ALSO
L<d2i_X509(3)>,
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index 129a67f..deea038 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -131,6 +131,8 @@ typedef struct x509_lookup_st X509_LOOKUP;
typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
+typedef struct x509_sig_info_st X509_SIG_INFO;
+
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
typedef struct v3_ext_ctx X509V3_CTX;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index a6aabeb..0a692f8 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -39,6 +39,13 @@
extern "C" {
#endif
+
+/* Flags for X509_get_signature_info() */
+/* Signature info is valid */
+# define X509_SIG_INFO_VALID 0x1
+/* Signature is suitable for TLS use */
+# define X509_SIG_INFO_TLS 0x2
+
# define X509_FILETYPE_PEM 1
# define X509_FILETYPE_ASN1 2
# define X509_FILETYPE_DEFAULT 3
@@ -549,6 +556,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+ int *secbits, uint32_t *flags);
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+ int secbits, uint32_t flags);
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+ uint32_t *flags);
+
void X509_get0_signature(const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg, const X509 *x);
int X509_get_signature_nid(const X509 *x);
diff --git a/test/certs/ee-pss-sha1-cert.pem b/test/certs/ee-pss-sha1-cert.pem
new file mode 100644
index 0000000..b504aea
--- /dev/null
+++ b/test/certs/ee-pss-sha1-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfygAwIBAgIBAjANBgkqhkiG9w0BAQowADANMQswCQYDVQQDDAJDQTAg
+Fw0xNzA0MjQyMTE5NDlaGA8yMTE3MDQyNTIxMTk0OVowEzERMA8GA1UEAwwIUFNT
+LVNIQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lYYYWu3tss
+D9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT5Rcf/w3G
+Q/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1lDz9mjsI2
+oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1U7OWaoIb
+FYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5ep5LR2in
+Kcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tniIQPYf55
+NB9KiR+3AgMBAAGjdzB1MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gil+FzojAf
+BgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAAMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMBMGA1UdEQQMMAqCCFBTUy1TSEExMA0GCSqGSIb3DQEB
+CjAAA4IBAQCC4qIOu7FVYMvRx13IrvzviF+RFRRfAD5NZSPFw5+riLMeRlA4Pdw/
+vCctNIpqjDaSFu8BRTUuyHPXSIvPo0Rl64TsfQNHP1Ut1/8XCecYCEBx/ROJHbM5
+YjoHMCAy+mR3f4BK1827Mp5U/wRJ6ljvE5EbALQ06ZEuIO6zqEAO6AROUCjWSyFd
+z9fkEHS0XmploIywH4QXR7X+ueWOE3n76x+vziM4qoGsYxy0sxePfTWM1DscT1Kt
+l5skZdZEKo6J8m8ImxfmtLutky2/tw5cdeWbovX3xfipabjPqpzO9Tf9aa4iblJa
+AEQwRss+D6ixFO1rNKs1fjFva7A+9lrO
+-----END CERTIFICATE-----
diff --git a/test/certs/ee-pss-sha256-cert.pem b/test/certs/ee-pss-sha256-cert.pem
new file mode 100644
index 0000000..cde5089
--- /dev/null
+++ b/test/certs/ee-pss-sha256-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAjCgAwIBAgIBAjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDANMQswCQYDVQQDDAJDQTAg
+Fw0xNzA0MjQyMTE5NDlaGA8yMTE3MDQyNTIxMTk0OVowFTETMBEGA1UEAwwKUFNT
+LVNIQTI1NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e
+2ywP1XP74reoG3p1YCvUfTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//
+DcZD/jE0+CjYdemju4iC76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aO
+wjagEf/AWTX9SRzdHEIzBniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5Zq
+ghsVi9GZq+Seb5Sq0pblV/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktH
+aKcpxz9K4iIntO+QY9fv0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h
+/nk0H0qJH7cCAwEAAaN5MHcwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4HmCKX4XOi
+MB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQCMAAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwFQYDVR0RBA4wDIIKUFNTLVNIQTI1NjA9BgkqhkiG
+9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQME
+AgGiAwIBIAOCAQEAfKQyXj7HSdUQJA599+SBjalw3dsaxYg6wgLH1IW3GHXPR+c0
+4cugrsPFNRTZL2u/xwHfdxcR3N2vzsdqa+Ep3iyC6egiwxmhIkw0OI+uk/WO9P8Z
+42bznkeDjOQ3Y04IIt7a5VbMY7AuWdQfnuVRFiJFAZi7s4+b6QL7+iwydZESVNRL
+K+Y6rjMEOrGK7codcRKxrwIt7kxkcT7MI/O7Jt5aa1XDvdSzrieo/CpNVCLCm/zq
+Hn1MZ7SAxjTlvwZIj1FhDrFJJppPc5fS7rQDcEaEV6qkBMowtccQR61Iim4834gV
+ZTesKQBRtAgW/h4OD5Za98hSEesP6YNhE3GK7A==
+-----END CERTIFICATE-----
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index 7e1086a..98bac02 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -344,3 +344,11 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
"DNS.1 = www.ok.good.com" "DNS.2 = bad.ok.good.com" \
"email.1 = good at good.org" "email.2 = any at good.com" \
"IP = 127.0.0.1" "IP = 192.168.0.1"
+
+# RSA-PSS signatures
+# SHA1
+./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \
+ -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
+# SHA256
+./mkcert.sh genee PSS-SHA256 ee-key ee-pss-sha256-cert ca-key ca-cert \
+ -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 23f8f32..9c425c0 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -26,7 +26,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 121;
+plan tests => 125;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -328,3 +328,15 @@ ok(!verify("badalt9-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cer
ok(!verify("badalt10-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
"Name constaints nested DNS name excluded");
+
+ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
+ "Certificate PSS signature using SHA1");
+
+ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
+ "CA with PSS signature using SHA256");
+
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+ "Reject PSS signature using SHA1 and auth level 2");
+
+ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+ "PSS signature using SHA256 and auth level 2");
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 9540d6f..b136a73 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4273,3 +4273,6 @@ ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION
CRYPTO_mem_leaks_cb 4216 1_1_1 EXIST::FUNCTION:CRYPTO_MDEBUG
BIO_lookup_ex 4217 1_1_1 EXIST::FUNCTION:SOCK
X509_CRL_print_ex 4218 1_1_1 EXIST::FUNCTION:
+X509_SIG_INFO_get 4219 1_1_1 EXIST::FUNCTION:
+X509_get_signature_info 4220 1_1_1 EXIST::FUNCTION:
+X509_SIG_INFO_set 4221 1_1_1 EXIST::FUNCTION:
More information about the openssl-commits
mailing list