diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-01-29 17:02:32 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-02-05 14:04:59 +0100 |
commit | bbde8566191e5851f4418cbb8acb0d50b16170d8 (patch) | |
tree | 0f8ff9ecdc3f3c3f57a865c8b659da89e4a14d51 /crypto/rsa | |
parent | 26372a4d44f0b4ef5423228b8bf975a5a7c814cb (diff) |
RSA: properly generate algorithm identifier for RSA-PSS signatures
Fixes #13969
- properly handle the mandatory RSA-PSS key parameters
- improve parameter checking when setting the parameters
- compute the algorithm id at the time it is requested so it
reflects the actual parameters set
- when generating keys do not override previously set parameters
with defaults
- tests added to the test_req recipe that should cover the PSS signature
handling
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)
Diffstat (limited to 'crypto/rsa')
-rw-r--r-- | crypto/rsa/rsa_ameth.c | 4 | ||||
-rw-r--r-- | crypto/rsa/rsa_backend.c | 8 | ||||
-rw-r--r-- | crypto/rsa/rsa_pss.c | 4 |
3 files changed, 12 insertions, 4 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 852facf577..e2dec1c98d 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -943,6 +943,7 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx, EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); RSA *rsa = ossl_rsa_new_with_ctx(pctx->libctx); RSA_PSS_PARAMS_30 rsa_pss_params = { 0, }; + int pss_defaults_set = 0; int ok = 0; if (rsa == NULL) { @@ -953,7 +954,8 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx, RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); RSA_set_flags(rsa, rsa_type); - if (!ossl_rsa_pss_params_30_fromdata(&rsa_pss_params, params, pctx->libctx)) + if (!ossl_rsa_pss_params_30_fromdata(&rsa_pss_params, &pss_defaults_set, + params, pctx->libctx)) goto err; switch (rsa_type) { diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 2f430b34d4..84f070a7ce 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -217,6 +217,7 @@ int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, } int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, + int *defaults_set, const OSSL_PARAM params[], OSSL_LIB_CTX *libctx) { @@ -249,10 +250,13 @@ int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, * restrictions, so we start by setting default values, and let each * parameter override their specific restriction data. */ - if (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL - || param_saltlen != NULL) + if (!*defaults_set + && (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL + || param_saltlen != NULL)) { if (!ossl_rsa_pss_params_30_set_defaults(pss_params)) return 0; + *defaults_set = 1; + } if (param_mgf != NULL) { int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL); diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 1b73cbb0f6..3a92ed04dd 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -113,7 +113,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, goto err; } if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) { - ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED); + ERR_raise_data(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED, + "expected: %d retrieved: %d", sLen, + maskedDBLen - i); goto err; } if (!EVP_DigestInit_ex(ctx, Hash, NULL) |