[openssl] OpenSSL_1_1_1-stable update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Wed Apr 10 18:25:07 UTC 2019 

The branch OpenSSL_1_1_1-stable has been updated
       via  d8ceb246079a929461c0193255c8309348a0614c (commit)
      from  24686b26548608d43e2816a65ee977b1e8c763b2 (commit)


- Log -----------------------------------------------------------------
commit d8ceb246079a929461c0193255c8309348a0614c
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Sun Mar 31 13:56:23 2019 +0200

    Avoid creating invalid rsa pss params
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/8621)
    
    (cherry picked from commit 491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_ameth.c     | 4 +++-
 test/recipes/80-test_cms.t | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 75debb3..637b02c 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -583,10 +583,12 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
         return NULL;
     if (saltlen == -1) {
         saltlen = EVP_MD_size(sigmd);
-    } else if (saltlen == -2) {
+    } else if (saltlen == -2 || saltlen == -3) {
         saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
         if ((EVP_PKEY_bits(pk) & 0x7) == 1)
             saltlen--;
+        if (saltlen < 0)
+            return NULL;
     }
 
     return rsa_pss_params_create(sigmd, mgf1md, saltlen);
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index f038bea..52b822e 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -308,6 +308,14 @@ my @smime_cms_param_tests = (
 	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
     ],
 
+    [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=-3",
+      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
+	"-keyopt", "rsa_pss_saltlen:-3", "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "PEM",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
     [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
 	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",

More information about the openssl-commits mailing list