[openssl-commits] [openssl] master update
Andy Polyakov
appro at openssl.org
Mon Mar 13 21:02:08 UTC 2017
The branch master has been updated
via 5e047ebf6d36cffee1022e31bbf1ce0bfa63233a (commit)
via 108909d30e8ea5ff39439b17b266039be1ec5e84 (commit)
from 41bee3e8fb749504f21f78dbf3eca85e5b84820b (commit)
- Log -----------------------------------------------------------------
commit 5e047ebf6d36cffee1022e31bbf1ce0bfa63233a
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Thu Mar 2 13:15:22 2017 +0100
Added a test case for RSA_padding_add_PKCS1_PSS_mgf1.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Andy Polyakov <appro at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2801)
commit 108909d30e8ea5ff39439b17b266039be1ec5e84
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Mon Feb 27 12:40:35 2017 +0100
Fix a crash or unbounded allocation in RSA_padding_add_PKCS1_PSS_mgf1
and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Andy Polyakov <appro at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2801)
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_pss.c | 15 +++++++++++--
test/recipes/15-test_rsapss.t | 49 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 62 insertions(+), 2 deletions(-)
create mode 100644 test/recipes/15-test_rsapss.t
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index 0a6178b..ab9b8e8 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -54,6 +54,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
* Negative sLen has special meanings:
* -1 sLen == hLen
* -2 salt length is autorecovered from signature
+ * -3 salt length is maximized
* -N reserved
*/
if (sLen == RSA_PSS_SALTLEN_DIGEST)
@@ -73,9 +74,13 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
EM++;
emLen--;
}
+ if (emLen < hLen + 2) {
+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+ goto err;
+ }
if (sLen == RSA_PSS_SALTLEN_MAX) {
sLen = emLen - hLen - 2;
- } else if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */
+ } else if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
goto err;
}
@@ -157,6 +162,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
* Negative sLen has special meanings:
* -1 sLen == hLen
* -2 salt length is maximized
+ * -3 same as above (on signing)
* -N reserved
*/
if (sLen == RSA_PSS_SALTLEN_DIGEST)
@@ -174,9 +180,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
*EM++ = 0;
emLen--;
}
+ if (emLen < hLen + 2) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ goto err;
+ }
if (sLen == RSA_PSS_SALTLEN_MAX) {
sLen = emLen - hLen - 2;
- } else if (emLen < (hLen + sLen + 2)) {
+ } else if (sLen > emLen - hLen - 2) {
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
goto err;
diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t
new file mode 100644
index 0000000..5ab308e
--- /dev/null
+++ b/test/recipes/15-test_rsapss.t
@@ -0,0 +1,49 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT with srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_rsapss");
+
+plan tests => 5;
+
+#using test/testrsa.pem which happens to be a 512 bit RSA
+ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
+ '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-3',
+ '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')],
+ stdout => 'testrsapss.sig')),
+ "openssl dgst -sign");
+
+with({ exit_checker => sub { return shift == 1; } },
+ sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
+ '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-3',
+ '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])),
+ "openssl dgst -sign, expect to fail gracefully");
+ ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
+ '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647',
+ '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])),
+ "openssl dgst -sign, expect to fail gracefully");
+ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512',
+ '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-3',
+ '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
+ srctop_file('test', 'testrsa.pem')])),
+ "openssl dgst -prverify, expect to fail gracefully");
+ });
+
+ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1',
+ '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-3',
+ '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
+ srctop_file('test', 'testrsa.pem')])),
+ "openssl dgst -prverify");
+unlink 'testrsapss.sig';
More information about the openssl-commits
mailing list