diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-01 17:14:43 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-06 09:10:11 +0200 |
commit | 0cfbc828e03ad69c50ae51e0c88920d90906498a (patch) | |
tree | 1d931bc42093e7d9b119815785f7ada3330b8b6e /providers/common | |
parent | 5ad3e6c56eb1c295a7de92de5bb2f54614d5c277 (diff) |
Deprecate the EVP_PKEY controls for CMS and PKCS#7
Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.
Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.
Fixes #14276
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14760)
Diffstat (limited to 'providers/common')
-rw-r--r-- | providers/common/include/prov/securitycheck.h | 2 | ||||
-rw-r--r-- | providers/common/securitycheck.c | 41 |
2 files changed, 40 insertions, 3 deletions
diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h index c322457fc8..7d163f70fa 100644 --- a/providers/common/include/prov/securitycheck.h +++ b/providers/common/include/prov/securitycheck.h @@ -10,7 +10,7 @@ #include "crypto/types.h" /* Functions that are common */ -int ossl_rsa_check_key(const RSA *rsa, int protect); +int ossl_rsa_check_key(const RSA *rsa, int operation); int ossl_ec_check_key(const EC_KEY *ec, int protect); int ossl_dsa_check_key(const DSA *dsa, int sign); int ossl_dh_check_key(const DH *dh); diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c index 3f8a742286..08582d6346 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -13,6 +13,7 @@ #include <openssl/dsa.h> #include <openssl/dh.h> #include <openssl/ec.h> +#include <openssl/evp.h> #include <openssl/err.h> #include <openssl/proverr.h> #include <openssl/core_names.h> @@ -25,14 +26,50 @@ * Set protect = 1 for encryption or signing operations, or 0 otherwise. See * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. */ -int ossl_rsa_check_key(const RSA *rsa, int protect) +int ossl_rsa_check_key(const RSA *rsa, int operation) { + int protect = 0; + + switch (operation) { + case EVP_PKEY_OP_SIGN: + protect = 1; + /* fallthrough */ + case EVP_PKEY_OP_VERIFY: + break; + case EVP_PKEY_OP_ENCAPSULATE: + case EVP_PKEY_OP_ENCRYPT: + protect = 1; + /* fallthrough */ + case EVP_PKEY_OP_VERIFYRECOVER: + case EVP_PKEY_OP_DECAPSULATE: + case EVP_PKEY_OP_DECRYPT: + if (RSA_test_flags(rsa, + RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSASSAPSS) { + ERR_raise_data(ERR_LIB_PROV, + PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE, + "operation: %d", operation); + return 0; + } + break; + default: + ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR, + "invalid operation: %d", operation); + return 0; + } + #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) if (ossl_securitycheck_enabled()) { int sz = RSA_bits(rsa); - return protect ? (sz >= 2048) : (sz >= 1024); + if (protect ? (sz < 2048) : (sz < 1024)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH, + "operation: %d", operation); + return 0; + } } +#else + /* make protect used */ + (void)protect; #endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ return 1; } |