diff options
author | Richard Levitte <levitte@openssl.org> | 2020-08-05 08:01:59 +0200 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-08-07 09:59:18 +1000 |
commit | 6ce6ad39fe85cf8b5c84ded9885329bf703ee649 (patch) | |
tree | fe380d747814a957bfe959bb28cb8ee813af4be5 /include/crypto/rsa.h | |
parent | 5f6a0b2ff055cf3ad09a1d49a4b95b13e1106b35 (diff) |
RSA: Be less strict on PSS parameters when exporting to provider
We have a key in test/recipes/30-test_evp_data/evppkey.txt with bad
PSS parameters (RSA-PSS-BAD), which is supposed to trigger signature
computation faults. However, if this key needs to be exported to the
RSA provider implementation, the result would be an earlier error,
giving the computation that's supposed to be checked n chance to even
be reached.
Either way, the legacy to provider export is no place to validate the
values of the key.
We also ensure that the provider implementation can handle and detect
signed (negative) saltlen values.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12583)
Diffstat (limited to 'include/crypto/rsa.h')
-rw-r--r-- | include/crypto/rsa.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index 9469ec9233..97cbfa1d7e 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -19,8 +19,8 @@ typedef struct rsa_pss_params_30_st { int algorithm_nid; /* Currently always NID_mgf1 */ int hash_algorithm_nid; } mask_gen; - unsigned int salt_len; - unsigned int trailer_field; + int salt_len; + int trailer_field; } RSA_PSS_PARAMS_30; RSA_PSS_PARAMS_30 *rsa_get0_pss_params_30(RSA *r); |