[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Mon Jan 8 17:01:45 UTC 2018
The branch master has been updated
via bcec0b9488d3b0a91289998e7e73f1d91156c6fb (commit)
via 0fe3db251a49b11cafdc3e4a25fdac947f3bdf3b (commit)
from 40cea0a45780bf5b02010b6c7aab1d390bf8dd85 (commit)
- Log -----------------------------------------------------------------
commit bcec0b9488d3b0a91289998e7e73f1d91156c6fb
Author: Noah Robbin <noah_robbin at symantec.com>
Date: Wed Nov 29 16:58:25 2017 -0500
Use the index that matches the key type (either SSL_PKEY_RSA_PSS_SIGN or SSL_PKEY_RSA).
Extract the RSA key using EVP_PKEY_get0. Type is checked externally to be either EVP_PKEY_RSA_PSS or EVP_PKEY_RSA.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4389)
commit 0fe3db251a49b11cafdc3e4a25fdac947f3bdf3b
Author: Noah Robbin <noah_robbin at symantec.com>
Date: Tue Sep 19 12:15:42 2017 -0400
Use size of server key when selecting signature algorithm.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4389)
-----------------------------------------------------------------------
Summary of changes:
ssl/t1_lib.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 9dfbb8e..f0f3b19 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -788,6 +788,27 @@ int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
}
/*
+ * Check if key is large enough to generate RSA-PSS signature.
+ *
+ * The key must greater than or equal to 2 * hash length + 2.
+ * SHA512 has a hash length of 64 bytes, which is incompatible
+ * with a 128 byte (1024 bit) key.
+ */
+#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2)
+static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu)
+{
+ const EVP_MD *md;
+
+ if (rsa == NULL)
+ return 0;
+ if (!tls1_lookup_md(lu, &md) || md == NULL)
+ return 0;
+ if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md))
+ return 0;
+ return 1;
+}
+
+/*
* Return a signature algorithm for TLS < 1.2 where the signature type
* is fixed by the certificate type.
*/
@@ -2273,6 +2294,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
/* Look for a certificate matching shared sigalgs */
for (i = 0; i < s->cert->shared_sigalgslen; i++) {
lu = s->cert->shared_sigalgs[i];
+ sig_idx = -1;
/* Skip SHA1, SHA224, DSA and RSA if not PSS */
if (lu->hash == NID_sha1
@@ -2303,6 +2325,26 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
#else
continue;
#endif
+ } else if (lu->sig == EVP_PKEY_RSA_PSS) {
+ /* validate that key is large enough for the signature algorithm */
+ EVP_PKEY *pkey;
+ int pkey_id;
+
+ if (sig_idx == -1)
+ pkey = s->cert->pkeys[lu->sig_idx].privatekey;
+ else
+ pkey = s->cert->pkeys[sig_idx].privatekey;
+ pkey_id = EVP_PKEY_id(pkey);
+ if (pkey_id != EVP_PKEY_RSA_PSS
+ && pkey_id != EVP_PKEY_RSA)
+ continue;
+ /*
+ * The pkey type is EVP_PKEY_RSA_PSS or EVP_PKEY_RSA
+ * EVP_PKEY_get0_RSA returns NULL if the type is not EVP_PKEY_RSA
+ * so use EVP_PKEY_get0 instead
+ */
+ if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
+ continue;
}
break;
}
@@ -2356,6 +2398,17 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
sig_idx = SSL_PKEY_RSA;
}
}
+ if (lu->sig == EVP_PKEY_RSA_PSS) {
+ /* validate that key is large enough for the signature algorithm */
+ EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey;
+ int pkey_id = EVP_PKEY_id(pkey);
+
+ if (pkey_id != EVP_PKEY_RSA_PSS
+ && pkey_id != EVP_PKEY_RSA)
+ continue;
+ if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
+ continue;
+ }
#ifndef OPENSSL_NO_EC
if (curve == -1 || lu->curve == curve)
#endif
More information about the openssl-commits
mailing list