The branch master has been updated
via b69ae442a3b3e168d73c53dcd04bacf33eee8569 (commit)
via 2f7a252057a7f6ea161151583a6b4bf9d538ebae (commit)
via 451a0c3dc8bd1c2372f893e252b741937f303e21 (commit)
via 9bf45ba4ca0b98d9030bff8b1677804160d88d47 (commit)
via 629e369c5b163a6c7797d468a8d0ce0e37d43a3e (commit)
via c3c8823c879d90b93108b9e76db5ed5690724c9c (commit)
via 786dd2c22c71081492e209d93beee3ff4fe66357 (commit)
from 7531b3a6cd4b42bece94c0aab5b963fe03d1b139 (commit)
- Log -----------------------------------------------------------------
commit b69ae442a3b3e168d73c53dcd04bacf33eee8569
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Apr 25 20:16:29 2017 +0100
make update
Reviewed-by: Richard Levitte <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit 2f7a252057a7f6ea161151583a6b4bf9d538ebae
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Apr 25 17:28:08 2017 +0100
Update documentation
Reviewed-by: Richard Levitte <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit 451a0c3dc8bd1c2372f893e252b741937f303e21
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Apr 25 00:10:33 2017 +0100
Add PSS certificate signature tests
Reviewed-by: Richard Levitte <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit 9bf45ba4ca0b98d9030bff8b1677804160d88d47
Author: Dr. Stephen Henson <[email protected]>
Date: Mon Apr 24 22:17:45 2017 +0100
Add certificates with PSS signatures
Reviewed-by: Richard Levitte <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit 629e369c5b163a6c7797d468a8d0ce0e37d43a3e
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Apr 25 00:09:55 2017 +0100
Add custom sig_info setting for RSA-PSS
Reviewed-by: Richard Levitte <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit c3c8823c879d90b93108b9e76db5ed5690724c9c
Author: Dr. Stephen Henson <[email protected]>
Date: Mon Apr 24 19:16:16 2017 +0100
Use X509_get_signature_info() when checking security levels.
Make signature security level checking more flexible by using
X509_get_signaure_info(): some signature methods (e.g. PSS, ED25519)
do not indicate the signing digest (if any) in the signature OID.
Reviewed-by: Richard Levitte <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3301)
commit 786dd2c22c71081492e209d93beee3ff4fe66357
Author: Dr. Stephen Henson <[email protected]>
Date: Fri Apr 21 15:56:34 2017 +0100
Add support for custom signature parameters
Many signature types define the digest and public key type by a single OID
such as ecdsa_with_sha256.
Some types (RSA-PSS for example) use a single OID to indicate the signature
scheme and additional parameters are encoded in the AlgorithmIdentifier.
Add an X509_SIG_INFO structure to contain details about the signature type:
specifically the digest algorithm, public key algorithm, security bits and
various flags. This supports both existing algorithms and more complex
types.
Add accessors for the structure and a special case that retrieves signature
information from a certificate.
Reviewed-by: Richard Levitte <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3301)
-----------------------------------------------------------------------
Summary of changes:
crypto/include/internal/asn1_int.h | 2 +
crypto/include/internal/x509_int.h | 16 ++++++++
crypto/rsa/rsa_ameth.c | 39 ++++++++++++++++++-
crypto/x509/x509_lcl.h | 3 ++
crypto/x509/x509_set.c | 77 ++++++++++++++++++++++++++++++++++++++
crypto/x509/x509_vfy.c | 12 +-----
crypto/x509v3/v3_purp.c | 1 +
doc/man3/X509_get0_signature.pod | 33 +++++++++++++++-
include/openssl/ossl_typ.h | 2 +
include/openssl/x509.h | 15 ++++++++
test/certs/ee-pss-sha1-cert.pem | 19 ++++++++++
test/certs/ee-pss-sha256-cert.pem | 21 +++++++++++
test/certs/setup.sh | 8 ++++
test/recipes/25-test_verify.t | 14 ++++++-
util/libcrypto.num | 3 ++
15 files changed, 252 insertions(+), 13 deletions(-)
create mode 100644 test/certs/ee-pss-sha1-cert.pem
create mode 100644 test/certs/ee-pss-sha256-cert.pem
diff --git a/crypto/include/internal/asn1_int.h
b/crypto/include/internal/asn1_int.h
index f78ced6..6e6e028 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -52,6 +52,8 @@ struct evp_pkey_asn1_method_st {
int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig);
+ int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+ const ASN1_STRING *sig);
} /* EVP_PKEY_ASN1_METHOD */ ;
DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
diff --git a/crypto/include/internal/x509_int.h
b/crypto/include/internal/x509_int.h
index 10b605f..124cc53 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -37,6 +37,19 @@ struct X509_name_st {
int canon_enclen;
} /* X509_NAME */ ;
+/* Signature info structure */
+
+struct x509_sig_info_st {
+ /* NID of message digest */
+ int mdnid;
+ /* NID of public key algorithm */
+ int pknid;
+ /* Security bits */
+ int secbits;
+ /* Various flags */
+ uint32_t flags;
+};
+
/* PKCS#10 certificate request */
struct X509_req_info_st {
@@ -146,6 +159,7 @@ struct x509_st {
X509_CINF cert_info;
X509_ALGOR sig_alg;
ASN1_BIT_STRING signature;
+ X509_SIG_INFO siginf;
CRYPTO_REF_COUNT references;
CRYPTO_EX_DATA ex_data;
/* These contain copies of various extension values */
@@ -267,3 +281,5 @@ struct x509_object_st {
int a2i_ipadd(unsigned char *ipout, const char *ipasc);
int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+
+void x509_init_sig_info(X509 *x);
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 20a27be..69b45fd 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -785,6 +785,41 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM
*it, void *asn,
return 2;
}
+static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
+ const ASN1_STRING *sig)
+{
+ int rv = 0;
+ int mdnid, saltlen;
+ uint32_t flags;
+ const EVP_MD *mgf1md = NULL, *md = NULL;
+ RSA_PSS_PARAMS *pss;
+
+ /* Sanity check: make sure it is PSS */
+ if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS)
+ return 0;
+ /* Decode PSS parameters */
+ pss = rsa_pss_decode(sigalg);
+ if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
+ goto err;
+ mdnid = EVP_MD_type(md);
+ /*
+ * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must
+ * match and salt length must equal digest size
+ */
+ if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512)
+ && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md))
+ flags = X509_SIG_INFO_TLS;
+ else
+ flags = 0;
+ /* Note: security bits half number of digest bits */
+ X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4,
+ flags);
+ rv = 1;
+ err:
+ RSA_PSS_PARAMS_free(pss);
+ return rv;
+}
+
#ifndef OPENSSL_NO_CMS
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
{
@@ -972,7 +1007,9 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
old_rsa_priv_decode,
old_rsa_priv_encode,
rsa_item_verify,
- rsa_item_sign},
+ rsa_item_sign,
+ rsa_sig_info_set
+ },
{
EVP_PKEY_RSA2,
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
index 34e4135..401f2e9 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -142,3 +142,6 @@ DEFINE_STACK_OF(BY_DIR_HASH)
DEFINE_STACK_OF(BY_DIR_ENTRY)
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+
+void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+ const ASN1_STRING *sig);
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index e46174a..08b71ff 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -13,7 +13,10 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
#include "internal/x509_int.h"
+#include "x509_lcl.h"
int X509_set_version(X509 *x, long version)
{
@@ -157,3 +160,77 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
{
return &x->cert_info.signature;
}
+
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+ int *secbits, uint32_t *flags)
+{
+ if (mdnid != NULL)
+ *mdnid = siginf->mdnid;
+ if (pknid != NULL)
+ *pknid = siginf->pknid;
+ if (secbits != NULL)
+ *secbits = siginf->secbits;
+ if (flags != NULL)
+ *flags = siginf->flags;
+ return (siginf->flags & X509_SIG_INFO_VALID) != 0;
+}
+
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+ int secbits, uint32_t flags)
+{
+ siginf->mdnid = mdnid;
+ siginf->pknid = pknid;
+ siginf->secbits = secbits;
+ siginf->flags = flags;
+}
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+ uint32_t *flags)
+{
+ X509_check_purpose(x, -1, -1);
+ return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags);
+}
+
+static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+ const ASN1_STRING *sig)
+{
+ int pknid, mdnid;
+ const EVP_MD *md;
+
+ siginf->mdnid = NID_undef;
+ siginf->pknid = NID_undef;
+ siginf->secbits = -1;
+ siginf->flags = 0;
+ if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)
+ || pknid == NID_undef)
+ return;
+ siginf->pknid = pknid;
+ if (mdnid == NID_undef) {
+ /* If we have one, use a custom handler for this algorithm */
+ const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid);
+ if (ameth == NULL || ameth->siginf_set == NULL
+ || ameth->siginf_set(siginf, alg, sig) == 0)
+ return;
+ siginf->flags |= X509_SIG_INFO_VALID;
+ return;
+ }
+ siginf->flags |= X509_SIG_INFO_VALID;
+ siginf->mdnid = mdnid;
+ md = EVP_get_digestbynid(mdnid);
+ if (md == NULL)
+ return;
+ /* Security bits: half number of bits in digest */
+ siginf->secbits = EVP_MD_size(md) * 4;
+ switch (mdnid) {
+ case NID_sha1:
+ case NID_sha256:
+ case NID_sha384:
+ case NID_sha512:
+ siginf->flags |= X509_SIG_INFO_TLS;
+ }
+}
+
+void x509_init_sig_info(X509 *x)
+{
+ x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature);
+}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2f1cd1a..70ce606 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3201,8 +3201,6 @@ static int check_key_level(X509_STORE_CTX *ctx, X509
*cert)
*/
static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
{
- int nid = X509_get_signature_nid(cert);
- int mdnid = NID_undef;
int secbits = -1;
int level = ctx->param->auth_level;
@@ -3211,14 +3209,8 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509
*cert)
if (level > NUM_AUTH_LEVELS)
level = NUM_AUTH_LEVELS;
- /* Lookup signature algorithm digest */
- if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) {
- const EVP_MD *md;
-
- /* Assume 4 bits of collision resistance for each hash octet */
- if (mdnid != NID_undef && (md = EVP_get_digestbynid(mdnid)) != NULL)
- secbits = EVP_MD_size(md) * 4;
- }
+ if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+ return 0;
return secbits >= minbits_table[level - 1];
}
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index fa5c425..2ff8854 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -488,6 +488,7 @@ static void x509v3_cache_extensions(X509 *x)
break;
}
}
+ x509_init_sig_info(x);
x->ex_flags |= EXFLAG_SET;
}
diff --git a/doc/man3/X509_get0_signature.pod b/doc/man3/X509_get0_signature.pod
index 61a2dda..f63c5a5 100644
--- a/doc/man3/X509_get0_signature.pod
+++ b/doc/man3/X509_get0_signature.pod
@@ -4,7 +4,8 @@
X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
-X509_CRL_get_signature_nid - signature information
+X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
+X509_SIG_INFO_set - signature information
=head1 SYNOPSIS
@@ -26,6 +27,14 @@ X509_CRL_get_signature_nid - signature information
const X509_ALGOR **palg);
int X509_CRL_get_signature_nid(const X509_CRL *crl);
+ int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+ uint32_t *flags);
+
+ int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+ int *secbits, uint32_t *flags);
+ void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+ int secbits, uint32_t flags);
+
=head1 DESCRIPTION
X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
@@ -42,6 +51,18 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
same function for certificate requests and CRLs.
+X509_get_signature_info() retrieves information about the signature of
+certificate B<x>. The NID of the signing digest is written to B<*mdnid>,
+the public key algorithm to B<*pknid>, the effective security bits to
+B<*secbits> and flag details to B<*flags>. Any of the parameters can
+be set to B<NULL> if the information is not required.
+
+X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
+about a signature in an B<X509_SIG_INFO> structure. They are only
+used by implementations of algorithms which need to set custom
+signature information: most applications will never need to call
+them.
+
=head1 NOTES
These functions provide lower level access to signatures in certificates
@@ -49,6 +70,12 @@ where an application wishes to analyse or generate a
signature in a form
where X509_sign() et al is not appropriate (for example a non standard
or unsupported format).
+The security bits returned by X509_get_signature_info() refers to information
+available from the certificate signature (such as the signing digest). In some
+cases the actual security of the signature is less because the signing
+key is less secure: for example a certificate signed using SHA-512 and a
+1024 bit RSA key.
+
=head1 RETURN VALUES
X509_get_signature_nid(), X509_REQ_get_signature_nid() and
@@ -57,6 +84,10 @@ X509_CRL_get_signature_nid() return a NID.
X509_get0_signature(), X509_REQ_get0_signature() and
X509_CRL_get0_signature() do not return values.
+X509_get_signature_info() returns 1 if the signature information
+returned is valid or 0 if the information is not available (e.g.
+unknown algorithms or malformed parameters).
+
=head1 SEE ALSO
L<d2i_X509(3)>,
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index 129a67f..deea038 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -131,6 +131,8 @@ typedef struct x509_lookup_st X509_LOOKUP;
typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
+typedef struct x509_sig_info_st X509_SIG_INFO;
+
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
typedef struct v3_ext_ctx X509V3_CTX;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index a6aabeb..0a692f8 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -39,6 +39,13 @@
extern "C" {
#endif
+
+/* Flags for X509_get_signature_info() */
+/* Signature info is valid */
+# define X509_SIG_INFO_VALID 0x1
+/* Signature is suitable for TLS use */
+# define X509_SIG_INFO_TLS 0x2
+
# define X509_FILETYPE_PEM 1
# define X509_FILETYPE_ASN1 2
# define X509_FILETYPE_DEFAULT 3
@@ -549,6 +556,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp,
long length);
int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+ int *secbits, uint32_t *flags);
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+ int secbits, uint32_t flags);
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+ uint32_t *flags);
+
void X509_get0_signature(const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg, const X509 *x);
int X509_get_signature_nid(const X509 *x);
diff --git a/test/certs/ee-pss-sha1-cert.pem b/test/certs/ee-pss-sha1-cert.pem
new file mode 100644
index 0000000..b504aea
--- /dev/null
+++ b/test/certs/ee-pss-sha1-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfygAwIBAgIBAjANBgkqhkiG9w0BAQowADANMQswCQYDVQQDDAJDQTAg
+Fw0xNzA0MjQyMTE5NDlaGA8yMTE3MDQyNTIxMTk0OVowEzERMA8GA1UEAwwIUFNT
+LVNIQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lYYYWu3tss
+D9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT5Rcf/w3G
+Q/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1lDz9mjsI2
+oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1U7OWaoIb
+FYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5ep5LR2in
+Kcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tniIQPYf55
+NB9KiR+3AgMBAAGjdzB1MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gil+FzojAf
+BgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAAMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMBMGA1UdEQQMMAqCCFBTUy1TSEExMA0GCSqGSIb3DQEB
+CjAAA4IBAQCC4qIOu7FVYMvRx13IrvzviF+RFRRfAD5NZSPFw5+riLMeRlA4Pdw/
+vCctNIpqjDaSFu8BRTUuyHPXSIvPo0Rl64TsfQNHP1Ut1/8XCecYCEBx/ROJHbM5
+YjoHMCAy+mR3f4BK1827Mp5U/wRJ6ljvE5EbALQ06ZEuIO6zqEAO6AROUCjWSyFd
+z9fkEHS0XmploIywH4QXR7X+ueWOE3n76x+vziM4qoGsYxy0sxePfTWM1DscT1Kt
+l5skZdZEKo6J8m8ImxfmtLutky2/tw5cdeWbovX3xfipabjPqpzO9Tf9aa4iblJa
+AEQwRss+D6ixFO1rNKs1fjFva7A+9lrO
+-----END CERTIFICATE-----
diff --git a/test/certs/ee-pss-sha256-cert.pem
b/test/certs/ee-pss-sha256-cert.pem
new file mode 100644
index 0000000..cde5089
--- /dev/null
+++ b/test/certs/ee-pss-sha256-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAjCgAwIBAgIBAjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDANMQswCQYDVQQDDAJDQTAg
+Fw0xNzA0MjQyMTE5NDlaGA8yMTE3MDQyNTIxMTk0OVowFTETMBEGA1UEAwwKUFNT
+LVNIQTI1NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e
+2ywP1XP74reoG3p1YCvUfTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//
+DcZD/jE0+CjYdemju4iC76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aO
+wjagEf/AWTX9SRzdHEIzBniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5Zq
+ghsVi9GZq+Seb5Sq0pblV/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktH
+aKcpxz9K4iIntO+QY9fv0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h
+/nk0H0qJH7cCAwEAAaN5MHcwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4HmCKX4XOi
+MB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQCMAAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwFQYDVR0RBA4wDIIKUFNTLVNIQTI1NjA9BgkqhkiG
+9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQME
+AgGiAwIBIAOCAQEAfKQyXj7HSdUQJA599+SBjalw3dsaxYg6wgLH1IW3GHXPR+c0
+4cugrsPFNRTZL2u/xwHfdxcR3N2vzsdqa+Ep3iyC6egiwxmhIkw0OI+uk/WO9P8Z
+42bznkeDjOQ3Y04IIt7a5VbMY7AuWdQfnuVRFiJFAZi7s4+b6QL7+iwydZESVNRL
+K+Y6rjMEOrGK7codcRKxrwIt7kxkcT7MI/O7Jt5aa1XDvdSzrieo/CpNVCLCm/zq
+Hn1MZ7SAxjTlvwZIj1FhDrFJJppPc5fS7rQDcEaEV6qkBMowtccQR61Iim4834gV
+ZTesKQBRtAgW/h4OD5Za98hSEesP6YNhE3GK7A==
+-----END CERTIFICATE-----
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index 7e1086a..98bac02 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -344,3 +344,11 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC
Test Certificate 7" \
"DNS.1 = www.ok.good.com" "DNS.2 = bad.ok.good.com" \
"email.1 = [email protected]" "email.2 = [email protected]" \
"IP = 127.0.0.1" "IP = 192.168.0.1"
+
+# RSA-PSS signatures
+# SHA1
+./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \
+ -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
+# SHA256
+./mkcert.sh genee PSS-SHA256 ee-key ee-pss-sha256-cert ca-key ca-cert \
+ -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 23f8f32..9c425c0 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -26,7 +26,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 121;
+plan tests => 125;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -328,3 +328,15 @@ ok(!verify("badalt9-cert", "sslserver", ["root-cert"],
["ncca1-cert", "ncca3-cer
ok(!verify("badalt10-cert", "sslserver", ["root-cert"], ["ncca1-cert",
"ncca3-cert"], ),
"Name constaints nested DNS name excluded");
+
+ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
+ "Certificate PSS signature using SHA1");
+
+ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
+ "CA with PSS signature using SHA256");
+
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"],
"-auth_level", "2"),
+ "Reject PSS signature using SHA1 and auth level 2");
+
+ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"],
"-auth_level", "2"),
+ "PSS signature using SHA256 and auth level 2");
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 9540d6f..b136a73 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4273,3 +4273,6 @@ ZINT64_it 4215 1_1_0f
EXIST:EXPORT_VAR_AS_FUNCTION
CRYPTO_mem_leaks_cb 4216 1_1_1
EXIST::FUNCTION:CRYPTO_MDEBUG
BIO_lookup_ex 4217 1_1_1 EXIST::FUNCTION:SOCK
X509_CRL_print_ex 4218 1_1_1 EXIST::FUNCTION:
+X509_SIG_INFO_get 4219 1_1_1 EXIST::FUNCTION:
+X509_get_signature_info 4220 1_1_1 EXIST::FUNCTION:
+X509_SIG_INFO_set 4221 1_1_1 EXIST::FUNCTION:
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
