Deprecate the EVP_PKEY controls for CMS and PKCS#7

Improve the ossl_rsa_check_key() to prevent non-signature operations with PSS keys. Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore as they are not needed anymore and deprecate them. Fixes #14276 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14760)
author: Tomas Mraz <tomas@openssl.org> 2021-04-01 17:14:43 +0200
committer: Tomas Mraz <tomas@openssl.org> 2021-04-06 09:10:11 +0200
commit: 0cfbc828e03ad69c50ae51e0c88920d90906498a (patch)
tree: 1d931bc42093e7d9b119815785f7ada3330b8b6e /providers/common
parent: 5ad3e6c56eb1c295a7de92de5bb2f54614d5c277 (diff)
2 files changed, 40 insertions, 3 deletions
diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h
index c322457fc8..7d163f70fa 100644
--- a/providers/common/include/prov/securitycheck.h
+++ b/providers/common/include/prov/securitycheck.h
@@ -10,7 +10,7 @@
 #include "crypto/types.h"
 
 /* Functions that are common */
-int ossl_rsa_check_key(const RSA *rsa, int protect);
+int ossl_rsa_check_key(const RSA *rsa, int operation);
 int ossl_ec_check_key(const EC_KEY *ec, int protect);
 int ossl_dsa_check_key(const DSA *dsa, int sign);
 int ossl_dh_check_key(const DH *dh);
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index 3f8a742286..08582d6346 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -13,6 +13,7 @@
 #include <openssl/dsa.h>
 #include <openssl/dh.h>
 #include <openssl/ec.h>
+#include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/proverr.h>
 #include <openssl/core_names.h>
@@ -25,14 +26,50 @@
  * Set protect = 1 for encryption or signing operations, or 0 otherwise. See
  * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
  */
-int ossl_rsa_check_key(const RSA *rsa, int protect)
+int ossl_rsa_check_key(const RSA *rsa, int operation)
 {
+    int protect = 0;
+
+    switch (operation) {
+        case EVP_PKEY_OP_SIGN:
+            protect = 1;
+            /* fallthrough */
+        case EVP_PKEY_OP_VERIFY:
+            break;
+        case EVP_PKEY_OP_ENCAPSULATE:
+        case EVP_PKEY_OP_ENCRYPT:
+            protect = 1;
+            /* fallthrough */
+        case EVP_PKEY_OP_VERIFYRECOVER:
+        case EVP_PKEY_OP_DECAPSULATE:
+        case EVP_PKEY_OP_DECRYPT:
+            if (RSA_test_flags(rsa,
+                               RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSASSAPSS) {
+                ERR_raise_data(ERR_LIB_PROV,
+                               PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE,
+                               "operation: %d", operation);
+                return 0;
+            }
+            break;
+        default:
+            ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR,
+                           "invalid operation: %d", operation);
+            return 0;
+    }
+
 #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
     if (ossl_securitycheck_enabled()) {
         int sz = RSA_bits(rsa);
 
-        return protect ? (sz >= 2048) : (sz >= 1024);
+        if (protect ? (sz < 2048) : (sz < 1024)) {
+            ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH,
+                           "operation: %d", operation);
+            return 0;
+        }
     }
+#else
+    /* make protect used */
+    (void)protect;
 #endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
     return 1;
 }
author	Tomas Mraz <tomas@openssl.org>	2021-04-01 17:14:43 +0200
committer	Tomas Mraz <tomas@openssl.org>	2021-04-06 09:10:11 +0200
commit	0cfbc828e03ad69c50ae51e0c88920d90906498a (patch)
tree	1d931bc42093e7d9b119815785f7ada3330b8b6e /providers/common
parent	5ad3e6c56eb1c295a7de92de5bb2f54614d5c277 (diff)