[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Tue Apr 24 08:22:24 UTC 2018

The branch OpenSSL_1_1_0-stable has been updated
       via  5791a917ca0b6273c48fb43a442fd156604065de (commit)
      from  c5ed6c553a2efe7abf84ceed5fe38769621a3807 (commit)

- Log -----------------------------------------------------------------
commit 5791a917ca0b6273c48fb43a442fd156604065de
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Apr 23 09:27:23 2018 +0100

    Allow intermediate CAs to use RSA PSS in 1.1.0
    In 1.1.0 and above we check the digest algorithm used to create signatures
    in intermediate CA certs. If it is not sufficiently strong then we reject
    the cert. To work out what digest was used we look at the OID for the
    signature. This works for most signatures, but not for RSA PSS where the
    digest is stored as parameter of the SignatureAlgorithmIdentifier. This
    results in the digest look up routines failing and the cert being rejected.
    PR #3301 added support for doing this properly in master. So in that
    branch this all works as expected. It also works properly in 1.0.2 where we
    don't have the digest checks at all. So the only branch where this fails is
    PR #3301 seems too significant to backport to 1.1.0. Instead we simply skip
    the signature digest algorithm strength checks if we detect RSA PSS.
    Fixes #3558.
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/6052)


Summary of changes:
 crypto/x509/x509_vfy.c | 4 ++++
 ssl/t1_lib.c           | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index b9b36c4..a48d231 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3265,6 +3265,10 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
     if (level > NUM_AUTH_LEVELS)
         level = NUM_AUTH_LEVELS;
+    /* We are not able to look up the CA MD for RSA PSS in this version */
+    if (nid == NID_rsassaPss)
+        return 1;
     /* Lookup signature algorithm digest */
     if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) {
         const EVP_MD *md;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 6f4078e..cd0cba0 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4188,6 +4188,9 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
     if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
         return 1;
     sig_nid = X509_get_signature_nid(x);
+    /* We are not able to look up the CA MD for RSA PSS in this version */
+    if (sig_nid == NID_rsassaPss)
+        return 1;
     if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) {
         const EVP_MD *md;
         if (md_nid && (md = EVP_get_digestbynid(md_nid)))

More information about the openssl-commits mailing list