diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-12-06 14:17:21 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-01-08 01:42:49 +0000 |
| commit | 08be0331c3632910b937a11e7152207b015265de (patch) | |
| tree | 3fc0873ced4d451a741ee33e4f8ea3dd0414c78d /crypto/rsa | |
| parent | b35b8d116b545656abe14f0dff19aededd7df986 (diff) | |
Only allow PSS padding for PSS keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Diffstat (limited to 'crypto/rsa')
| -rw-r--r-- | crypto/rsa/rsa_ameth.c | 9 | ||||
| -rw-r--r-- | crypto/rsa/rsa_err.c | 1 |
2 files changed, 8 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 74ff65fcb6..37daed167b 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -673,10 +673,15 @@ static int rsa_cms_verify(CMS_SignerInfo *si) EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); nid = OBJ_obj2nid(alg->algorithm); - if (nid == NID_rsaEncryption) - return 1; if (nid == EVP_PKEY_RSA_PSS) return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); + /* Only PSS allowed for PSS keys */ + if (pkey_ctx_is_pss(pkctx)) { + RSAerr(RSA_F_RSA_CMS_VERIFY, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); + return 0; + } + if (nid == NID_rsaEncryption) + return 1; /* Workaround for some implementation that use a signature OID */ if (OBJ_find_sigid_algs(nid, NULL, &nid2)) { if (nid2 == NID_rsaEncryption) diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 749cc6fb1d..0298904b1e 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -33,6 +33,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"}, {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"}, + {ERR_FUNC(RSA_F_RSA_CMS_VERIFY), "rsa_cms_verify"}, {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"}, {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"}, {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"}, |