The branch master has been updated via 2d7bbd6c9fb6865e0df480602c3612652189e182 (commit) via 71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0 (commit) from 6c0e1e20d2756eaefe735e5edb56b83ccd9db9e6 (commit)
- Log ----------------------------------------------------------------- commit 2d7bbd6c9fb6865e0df480602c3612652189e182 Author: Dr. Stephen Henson <st...@openssl.org> Date: Wed Dec 7 23:03:47 2016 +0000 Add RSA PSS tests Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2065) commit 71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0 Author: Dr. Stephen Henson <st...@openssl.org> Date: Thu Dec 8 12:16:02 2016 +0000 Check input length to pkey_rsa_verify() Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2065) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_err.c | 1 + crypto/rsa/rsa_pmeth.c | 4 ++++ include/openssl/rsa.h | 1 + test/evptests.txt | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 61 insertions(+) diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 45e12e0..bf54095 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -26,6 +26,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"}, {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"}, {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"}, + {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "pkey_rsa_verify"}, {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"}, {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"}, {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"}, diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index e503ada..db4fb0f 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -229,6 +229,10 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); + if (tbslen != (size_t)EVP_MD_size(rctx->md)) { + RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); + return -1; + } if (rctx->pad_mode == RSA_X931_PADDING) { if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0) return 0; diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 4d6e9cc..d97d6e0 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -468,6 +468,7 @@ int ERR_load_RSA_strings(void); # define RSA_F_PKEY_RSA_CTRL 143 # define RSA_F_PKEY_RSA_CTRL_STR 144 # define RSA_F_PKEY_RSA_SIGN 142 +# define RSA_F_PKEY_RSA_VERIFY 149 # define RSA_F_PKEY_RSA_VERIFYRECOVER 141 # define RSA_F_RSA_ALGOR_TO_MD 156 # define RSA_F_RSA_BUILTIN_KEYGEN 129 diff --git a/test/evptests.txt b/test/evptests.txt index 6db6cf7..32abf7f 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -2876,6 +2876,61 @@ Input = "0123456789ABCDEF1234" Output = 3080021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d870000 Result = VERIFY_ERROR +# RSA PSS padding tests. + +# Zero salt length makes output deterministic +Sign = RSA-2048 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:0 +Ctrl = digest:sha256 +Input="0123456789ABCDEF0123456789ABCDEF" +Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A + +# Verify of above signature +Verify = RSA-2048-PUBLIC +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:0 +Ctrl = digest:sha256 +Input="0123456789ABCDEF0123456789ABCDEF" +Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A + +# Digest too short +Verify = RSA-2048-PUBLIC +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:0 +Ctrl = digest:sha256 +Input="0123456789ABCDEF0123456789ABCDE" +Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A +Result = VERIFY_ERROR + +# Digest too long +Verify = RSA-2048-PUBLIC +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:0 +Ctrl = digest:sha256 +Input="0123456789ABCDEF0123456789ABCDEF0" +Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A +Result = VERIFY_ERROR + +# Wrong salt length +Verify = RSA-2048 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:2 +Ctrl = digest:sha256 +Input="0123456789ABCDEF0123456789ABCDEF" +Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A +Result = VERIFY_ERROR + +# Wrong MGF1 digest +Verify = RSA-2048 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:0 +Ctrl = digest:sha256 +Ctrl = rsa_mgf1_md:sha1 +Input="0123456789ABCDEF0123456789ABCDEF" +Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A +Result = VERIFY_ERROR + # scrypt tests from draft-josefsson-scrypt-kdf-03 PBE = scrypt Password = "" _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits