diff options
author | Clemens Lang <cllang@redhat.com> | 2022-11-21 14:33:57 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-12-08 11:02:52 +0100 |
commit | 5a3bbe1712435d577bbc5ec046906979e8471d8b (patch) | |
tree | 0baeafcfd65f2db8dc64c27689f3b63d51421ef2 /crypto/cms | |
parent | cae72eefc3fbdd2f7a1a065f237bf3943619bca2 (diff) |
Obtain PSS salt length from provider
Rather than computing the PSS salt length again in core using
ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the
salt length, obtain it from the provider using the
OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the
interpretation of the magic constants in the provider differs from that
of OpenSSL core.
Add tests that verify that the rsa_pss_saltlen:max,
rsa_pss_saltlen:<integer> and rsa_pss_saltlen:digest options work and
put the computed digest length into the CMS_ContentInfo struct when
using CMS. Do not add a test for the salt length generated by a provider
when no specific rsa_pss_saltlen option is defined, since that number
could change between providers and provider versions, and we want to
preserve compatibility with older providers.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19724)
Diffstat (limited to 'crypto/cms')
-rw-r--r-- | crypto/cms/cms_rsa.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c index 0675369192..e997e6eec1 100644 --- a/crypto/cms/cms_rsa.c +++ b/crypto/cms/cms_rsa.c @@ -10,6 +10,7 @@ #include <assert.h> #include <openssl/cms.h> #include <openssl/err.h> +#include <openssl/core_names.h> #include "crypto/asn1.h" #include "crypto/rsa.h" #include "cms_local.h" @@ -190,7 +191,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si) int pad_mode = RSA_PKCS1_PADDING; X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); - ASN1_STRING *os = NULL; + unsigned char aid[128]; + const unsigned char *pp = aid; + size_t aid_len = 0; + OSSL_PARAM params[2]; CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); if (pkctx != NULL) { @@ -204,14 +208,18 @@ static int rsa_cms_sign(CMS_SignerInfo *si) /* We don't support it */ if (pad_mode != RSA_PKCS1_PSS_PADDING) return 0; - os = ossl_rsa_ctx_to_pss_string(pkctx); - if (os == NULL) + + params[0] = OSSL_PARAM_construct_octet_string( + OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid)); + params[1] = OSSL_PARAM_construct_end(); + + if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0) return 0; - if (X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os)) - return 1; - ASN1_STRING_free(os); - return 0; + if ((aid_len = params[0].return_size) == 0) + return 0; + if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL) + return 0; + return 1; } static int rsa_cms_verify(CMS_SignerInfo *si) |