The branch master has been updated via bcec0b9488d3b0a91289998e7e73f1d91156c6fb (commit) via 0fe3db251a49b11cafdc3e4a25fdac947f3bdf3b (commit) from 40cea0a45780bf5b02010b6c7aab1d390bf8dd85 (commit)
- Log ----------------------------------------------------------------- commit bcec0b9488d3b0a91289998e7e73f1d91156c6fb Author: Noah Robbin <noah_rob...@symantec.com> Date: Wed Nov 29 16:58:25 2017 -0500 Use the index that matches the key type (either SSL_PKEY_RSA_PSS_SIGN or SSL_PKEY_RSA). Extract the RSA key using EVP_PKEY_get0. Type is checked externally to be either EVP_PKEY_RSA_PSS or EVP_PKEY_RSA. Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4389) commit 0fe3db251a49b11cafdc3e4a25fdac947f3bdf3b Author: Noah Robbin <noah_rob...@symantec.com> Date: Tue Sep 19 12:15:42 2017 -0400 Use size of server key when selecting signature algorithm. Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4389) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9dfbb8e..f0f3b19 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -788,6 +788,27 @@ int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd) } /* + * Check if key is large enough to generate RSA-PSS signature. + * + * The key must greater than or equal to 2 * hash length + 2. + * SHA512 has a hash length of 64 bytes, which is incompatible + * with a 128 byte (1024 bit) key. + */ +#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2) +static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu) +{ + const EVP_MD *md; + + if (rsa == NULL) + return 0; + if (!tls1_lookup_md(lu, &md) || md == NULL) + return 0; + if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md)) + return 0; + return 1; +} + +/* * Return a signature algorithm for TLS < 1.2 where the signature type * is fixed by the certificate type. */ @@ -2273,6 +2294,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) /* Look for a certificate matching shared sigalgs */ for (i = 0; i < s->cert->shared_sigalgslen; i++) { lu = s->cert->shared_sigalgs[i]; + sig_idx = -1; /* Skip SHA1, SHA224, DSA and RSA if not PSS */ if (lu->hash == NID_sha1 @@ -2303,6 +2325,26 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) #else continue; #endif + } else if (lu->sig == EVP_PKEY_RSA_PSS) { + /* validate that key is large enough for the signature algorithm */ + EVP_PKEY *pkey; + int pkey_id; + + if (sig_idx == -1) + pkey = s->cert->pkeys[lu->sig_idx].privatekey; + else + pkey = s->cert->pkeys[sig_idx].privatekey; + pkey_id = EVP_PKEY_id(pkey); + if (pkey_id != EVP_PKEY_RSA_PSS + && pkey_id != EVP_PKEY_RSA) + continue; + /* + * The pkey type is EVP_PKEY_RSA_PSS or EVP_PKEY_RSA + * EVP_PKEY_get0_RSA returns NULL if the type is not EVP_PKEY_RSA + * so use EVP_PKEY_get0 instead + */ + if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu)) + continue; } break; } @@ -2356,6 +2398,17 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) sig_idx = SSL_PKEY_RSA; } } + if (lu->sig == EVP_PKEY_RSA_PSS) { + /* validate that key is large enough for the signature algorithm */ + EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey; + int pkey_id = EVP_PKEY_id(pkey); + + if (pkey_id != EVP_PKEY_RSA_PSS + && pkey_id != EVP_PKEY_RSA) + continue; + if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu)) + continue; + } #ifndef OPENSSL_NO_EC if (curve == -1 || lu->curve == curve) #endif _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits