[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Andy Polyakov appro at openssl.org
Mon Mar 13 21:11:07 UTC 2017 

The branch OpenSSL_1_1_0-stable has been updated
       via  14cc893ca224cc89261b6e15eee3caaacb45e5e9 (commit)
       via  e653b6cd74f70c04b0b96b07df00680b427603af (commit)
      from  641de7f7874439eb423eb7ace8fec58160cd6e37 (commit)


- Log -----------------------------------------------------------------
commit 14cc893ca224cc89261b6e15eee3caaacb45e5e9
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Wed Mar 8 19:09:42 2017 +0100

    Added a test case for RSA_padding_add_PKCS1_PSS_mgf1.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2881)

commit e653b6cd74f70c04b0b96b07df00680b427603af
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Wed Mar 8 18:53:36 2017 +0100

    Fix a crash or unbounded allocation in RSA_padding_add_PKCS1_PSS_mgf1
    and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2881)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_pss.c          | 13 ++++++++++--
 test/recipes/15-test_rsapss.t | 49 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 test/recipes/15-test_rsapss.t

diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index 0ec63b2..2aebbe9 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -76,7 +76,11 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         EM++;
         emLen--;
     }
-    if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */
+    if (emLen < hLen + 2) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+        goto err;
+    }
+    if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
         goto err;
     }
@@ -175,9 +179,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
         *EM++ = 0;
         emLen--;
     }
+    if (emLen < hLen + 2) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        goto err;
+    }
     if (sLen == -2) {
         sLen = emLen - hLen - 2;
-    } else if (emLen < (hLen + sLen + 2)) {
+    } else if (sLen > emLen - hLen - 2) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
         goto err;
diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t
new file mode 100644
index 0000000..8d20333
--- /dev/null
+++ b/test/recipes/15-test_rsapss.t
@@ -0,0 +1,49 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT with srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_rsapss");
+
+plan tests => 5;
+
+#using test/testrsa.pem which happens to be a 512 bit RSA
+ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
+            '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2',
+            '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')],
+           stdout => 'testrsapss.sig')),
+   "openssl dgst -sign");
+
+with({ exit_checker => sub { return shift == 1; } },
+     sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
+                       '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2',
+                       '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])),
+              "openssl dgst -sign, expect to fail gracefully");
+           ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
+                       '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647',
+                       '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])),
+              "openssl dgst -sign, expect to fail gracefully");
+           ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512',
+                       '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2',
+                       '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
+                       srctop_file('test', 'testrsa.pem')])),
+              "openssl dgst -prverify, expect to fail gracefully");
+         });
+
+ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1',
+            '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2',
+            '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
+            srctop_file('test', 'testrsa.pem')])),
+   "openssl dgst -prverify");
+unlink 'testrsapss.sig';

More information about the openssl-commits mailing list