[openssl] openssl-3.0 update
tomas at openssl.org
tomas at openssl.org
Tue Nov 23 14:28:56 UTC 2021
The branch openssl-3.0 has been updated
via 776822e8ff6ef52d5638a99e6dbd9820c8228aba (commit)
via b029591606a36e825a8a7c71a5163f9ade4f7c43 (commit)
from 8100a59fed1c985a3307c97af12cc8794bd93069 (commit)
- Log -----------------------------------------------------------------
commit 776822e8ff6ef52d5638a99e6dbd9820c8228aba
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Nov 19 16:54:39 2021 +0100
Add test for EVP_PKEY_sign_init_ex with RSA PSS padding
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17080)
(cherry picked from commit 5321333520b95a4f355916923af6c24dd10ed5dc)
commit b029591606a36e825a8a7c71a5163f9ade4f7c43
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Nov 19 15:16:53 2021 +0100
rsa_signverify_init: Set the PARAMS after key is set
Also, default to unrestricted pss parameters until the key is set.
Fixes #17075
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17080)
(cherry picked from commit eaae5d69eb5a8cd9c054b23cc388397cbb4ffb98)
-----------------------------------------------------------------------
Summary of changes:
providers/implementations/signature/rsa_sig.c | 16 ++++++----
test/evp_extra_test2.c | 42 +++++++++++++++++++++++++--
2 files changed, 49 insertions(+), 9 deletions(-)
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index 7dcdf952a3..325e855333 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -190,6 +190,9 @@ static void *rsa_newctx(void *provctx, const char *propq)
prsactx->libctx = PROV_LIBCTX_OF(provctx);
prsactx->flag_allow_md = 1;
prsactx->propq = propq_copy;
+ /* Maximum for sign, auto for verify */
+ prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
+ prsactx->min_saltlen = -1;
return prsactx;
}
@@ -406,9 +409,6 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
prsactx->operation = operation;
- if (!rsa_set_ctx_params(prsactx, params))
- return 0;
-
/* Maximum for sign, auto for verify */
prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
prsactx->min_saltlen = -1;
@@ -462,9 +462,10 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
prsactx->saltlen = min_saltlen;
/* call rsa_setup_mgf1_md before rsa_setup_md to avoid duplication */
- return rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq)
- && rsa_setup_md(prsactx, mdname, prsactx->propq)
- && rsa_check_parameters(prsactx, min_saltlen);
+ if (!rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq)
+ || !rsa_setup_md(prsactx, mdname, prsactx->propq)
+ || !rsa_check_parameters(prsactx, min_saltlen))
+ return 0;
}
}
@@ -474,6 +475,9 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
return 0;
}
+ if (!rsa_set_ctx_params(prsactx, params))
+ return 0;
+
return 1;
}
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index d932b73dd7..5be8bb5a40 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -20,9 +20,7 @@
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/provider.h>
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-# include <openssl/rsa.h>
-#endif
+#include <openssl/rsa.h>
#include <openssl/core_names.h>
#include "testutil.h"
#include "internal/nelem.h"
@@ -818,6 +816,43 @@ static int test_pkey_export(void)
return ret;
}
+static int test_rsa_pss_sign(void)
+{
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pctx = NULL;
+ int ret = 0;
+ const unsigned char *pdata = keydata[0].kder;
+ const char *mdname = "SHA2-256";
+ OSSL_PARAM sig_params[3];
+ unsigned char mdbuf[256 / 8] = { 0 };
+ int padding = RSA_PKCS1_PSS_PADDING;
+ unsigned char *sig = NULL;
+ size_t sig_len = 0;
+
+ sig_params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_PAD_MODE,
+ &padding);
+ sig_params[1] = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
+ (char *)mdname, 0);
+ sig_params[2] = OSSL_PARAM_construct_end();
+
+ ret = TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &pdata, keydata[0].size,
+ mainctx, NULL))
+ && TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(mainctx, pkey, NULL))
+ && TEST_int_gt(EVP_PKEY_sign_init_ex(pctx, sig_params), 0)
+ && TEST_int_gt(EVP_PKEY_sign(pctx, NULL, &sig_len, mdbuf,
+ sizeof(mdbuf)), 0)
+ && TEST_int_gt(sig_len, 0)
+ && TEST_ptr(sig = OPENSSL_malloc(sig_len))
+ && TEST_int_gt(EVP_PKEY_sign(pctx, sig, &sig_len, mdbuf,
+ sizeof(mdbuf)), 0);
+
+ EVP_PKEY_CTX_free(pctx);
+ OPENSSL_free(sig);
+ EVP_PKEY_free(pkey);
+
+ return ret;
+}
+
int setup_tests(void)
{
if (!test_get_libctx(&mainctx, &nullprov, NULL, NULL, NULL)) {
@@ -843,6 +878,7 @@ int setup_tests(void)
ADD_TEST(test_pkcs8key_nid_bio);
#endif
ADD_ALL_TESTS(test_PEM_read_bio_negative, OSSL_NELEM(keydata));
+ ADD_TEST(test_rsa_pss_sign);
return 1;
}
More information about the openssl-commits
mailing list