diff options
author | Noah Robbin <noah_robbin@symantec.com> | 2017-09-19 12:15:42 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2018-01-08 11:49:53 -0500 |
commit | 0fe3db251a49b11cafdc3e4a25fdac947f3bdf3b (patch) | |
tree | ba349b6c986b40ea52fa953f679da8c838f3af08 /ssl/t1_lib.c | |
parent | 40cea0a45780bf5b02010b6c7aab1d390bf8dd85 (diff) |
Use size of server key when selecting signature algorithm.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4389)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9dfbb8ed3c..a2be135e44 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -788,6 +788,27 @@ int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd) } /* + * Check if key is large enough to generate RSA-PSS signature. + * + * The key must greater than or equal to 2 * hash length + 2. + * SHA512 has a hash length of 64 bytes, which is incompatible + * with a 128 byte (1024 bit) key. + */ +#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2) +static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu) +{ + const EVP_MD *md; + + if (rsa == NULL) + return 0; + if (!tls1_lookup_md(lu, &md) || md == NULL) + return 0; + if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md)) + return 0; + return 1; +} + +/* * Return a signature algorithm for TLS < 1.2 where the signature type * is fixed by the certificate type. */ @@ -2303,6 +2324,12 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) #else continue; #endif + } else if (lu->sig == EVP_PKEY_RSA_PSS) { + /* validate that key is large enough for the signature algorithm */ + const RSA *rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_PSS_SIGN].privatekey); + + if (!rsa_pss_check_min_key_size(rsa, lu)) + continue; } break; } @@ -2356,6 +2383,13 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) sig_idx = SSL_PKEY_RSA; } } + if (lu->sig == EVP_PKEY_RSA_PSS) { + /* validate that key is large enough for the signature algorithm */ + const RSA *rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_PSS_SIGN].privatekey); + + if (!rsa_pss_check_min_key_size(rsa, lu)) + continue; + } #ifndef OPENSSL_NO_EC if (curve == -1 || lu->curve == curve) #endif |