[openssl] openssl-3.0 update

Tue Nov 23 14:28:56 UTC 2021

The branch openssl-3.0 has been updated
       via  776822e8ff6ef52d5638a99e6dbd9820c8228aba (commit)
       via  b029591606a36e825a8a7c71a5163f9ade4f7c43 (commit)
      from  8100a59fed1c985a3307c97af12cc8794bd93069 (commit)


- Log -----------------------------------------------------------------
commit 776822e8ff6ef52d5638a99e6dbd9820c8228aba
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Nov 19 16:54:39 2021 +0100

    Add test for EVP_PKEY_sign_init_ex with RSA PSS padding
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17080)
    
    (cherry picked from commit 5321333520b95a4f355916923af6c24dd10ed5dc)

commit b029591606a36e825a8a7c71a5163f9ade4f7c43
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Nov 19 15:16:53 2021 +0100

    rsa_signverify_init: Set the PARAMS after key is set
    
    Also, default to unrestricted pss parameters until the key is set.
    
    Fixes #17075
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17080)
    
    (cherry picked from commit eaae5d69eb5a8cd9c054b23cc388397cbb4ffb98)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/signature/rsa_sig.c | 16 ++++++----
 test/evp_extra_test2.c                        | 42 +++++++++++++++++++++++++--
 2 files changed, 49 insertions(+), 9 deletions(-)

diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index 7dcdf952a3..325e855333 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -190,6 +190,9 @@ static void *rsa_newctx(void *provctx, const char *propq)
     prsactx->libctx = PROV_LIBCTX_OF(provctx);
     prsactx->flag_allow_md = 1;
     prsactx->propq = propq_copy;
+    /* Maximum for sign, auto for verify */
+    prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
+    prsactx->min_saltlen = -1;
     return prsactx;
 }
 
@@ -406,9 +409,6 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
 
     prsactx->operation = operation;
 
-    if (!rsa_set_ctx_params(prsactx, params))
-        return 0;
-
     /* Maximum for sign, auto for verify */
     prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
     prsactx->min_saltlen = -1;
@@ -462,9 +462,10 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
                 prsactx->saltlen = min_saltlen;
 
                 /* call rsa_setup_mgf1_md before rsa_setup_md to avoid duplication */
-                return rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq)
-                    && rsa_setup_md(prsactx, mdname, prsactx->propq)
-                    && rsa_check_parameters(prsactx, min_saltlen);
+                if (!rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq)
+                    || !rsa_setup_md(prsactx, mdname, prsactx->propq)
+                    || !rsa_check_parameters(prsactx, min_saltlen))
+                    return 0;
             }
         }
 
@@ -474,6 +475,9 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
         return 0;
     }
 
+    if (!rsa_set_ctx_params(prsactx, params))
+        return 0;
+
     return 1;
 }
 
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index d932b73dd7..5be8bb5a40 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -20,9 +20,7 @@
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/provider.h>
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-# include <openssl/rsa.h>
-#endif
+#include <openssl/rsa.h>
 #include <openssl/core_names.h>
 #include "testutil.h"
 #include "internal/nelem.h"
@@ -818,6 +816,43 @@ static int test_pkey_export(void)
     return ret;
 }
 
+static int test_rsa_pss_sign(void)
+{
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    int ret = 0;
+    const unsigned char *pdata = keydata[0].kder;
+    const char *mdname = "SHA2-256";
+    OSSL_PARAM sig_params[3];
+    unsigned char mdbuf[256 / 8] = { 0 };
+    int padding = RSA_PKCS1_PSS_PADDING;
+    unsigned char *sig = NULL;
+    size_t sig_len = 0;
+
+    sig_params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_PAD_MODE,
+                                             &padding);
+    sig_params[1] = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
+                                                     (char *)mdname, 0);
+    sig_params[2] = OSSL_PARAM_construct_end();
+
+    ret = TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &pdata, keydata[0].size,
+                                                mainctx, NULL))
+          && TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(mainctx, pkey, NULL))
+          && TEST_int_gt(EVP_PKEY_sign_init_ex(pctx, sig_params), 0)
+          && TEST_int_gt(EVP_PKEY_sign(pctx, NULL, &sig_len, mdbuf,
+                                       sizeof(mdbuf)), 0)
+          && TEST_int_gt(sig_len, 0)
+          && TEST_ptr(sig = OPENSSL_malloc(sig_len))
+          && TEST_int_gt(EVP_PKEY_sign(pctx, sig, &sig_len, mdbuf,
+                                       sizeof(mdbuf)), 0);
+
+    EVP_PKEY_CTX_free(pctx);
+    OPENSSL_free(sig);
+    EVP_PKEY_free(pkey);
+
+    return ret;
+}
+
 int setup_tests(void)
 {
     if (!test_get_libctx(&mainctx, &nullprov, NULL, NULL, NULL)) {
@@ -843,6 +878,7 @@ int setup_tests(void)
     ADD_TEST(test_pkcs8key_nid_bio);
 #endif
     ADD_ALL_TESTS(test_PEM_read_bio_negative, OSSL_NELEM(keydata));
+    ADD_TEST(test_rsa_pss_sign);
     return 1;
 }
 
