diff options
| author | tb <> | 2026-03-30 06:02:21 +0000 |
|---|---|---|
| committer | tb <> | 2026-03-30 06:02:21 +0000 |
| commit | 2cce484ddc397481c8dab3c2e72dc77bbefcfddb (patch) | |
| tree | bdeb72fa2ce3bf69a869386d33ae88cdb0da9729 /src/lib/libssl | |
| parent | 981fa719b7606cbf7df120993df445357b9b2df7 (diff) | |
| download | openbsd-2cce484ddc397481c8dab3c2e72dc77bbefcfddb.tar.gz openbsd-2cce484ddc397481c8dab3c2e72dc77bbefcfddb.tar.bz2 openbsd-2cce484ddc397481c8dab3c2e72dc77bbefcfddb.zip | |
ssl_sigalg_pkey_ok: allow RSASSA-PSS with pubkey OID RSASSA-PSS
This fixes a long-standing logic error that hasn't been noticed because
we never announced the rsa_pss_pss_sha{256,384,512} SignatureScheme. The
EVP_PKEY_id() of a RSA-PSS pubkey is EVP_PKEY_RSA_PSS, not EVP_PKEY_RSA.
Thanks to beck for helping me figure out how to fix this correctly. It
drove me nuts for a very long time. Problem also noticed by Tom Lane
due to some PostgreSQL regress failures.
ok djm jsing kenjiro
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index e2394561cf..dc68e31fa2 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.51 2026/03/30 05:49:31 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.52 2026/03/30 06:02:21 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> |
| @@ -90,21 +90,21 @@ const struct ssl_sigalg sigalgs[] = { | |||
| 90 | }, | 90 | }, |
| 91 | { | 91 | { |
| 92 | .value = SIGALG_RSA_PSS_PSS_SHA256, | 92 | .value = SIGALG_RSA_PSS_PSS_SHA256, |
| 93 | .key_type = EVP_PKEY_RSA, | 93 | .key_type = EVP_PKEY_RSA_PSS, |
| 94 | .md = EVP_sha256, | 94 | .md = EVP_sha256, |
| 95 | .security_level = 3, | 95 | .security_level = 3, |
| 96 | .flags = SIGALG_FLAG_RSA_PSS, | 96 | .flags = SIGALG_FLAG_RSA_PSS, |
| 97 | }, | 97 | }, |
| 98 | { | 98 | { |
| 99 | .value = SIGALG_RSA_PSS_PSS_SHA384, | 99 | .value = SIGALG_RSA_PSS_PSS_SHA384, |
| 100 | .key_type = EVP_PKEY_RSA, | 100 | .key_type = EVP_PKEY_RSA_PSS, |
| 101 | .md = EVP_sha384, | 101 | .md = EVP_sha384, |
| 102 | .security_level = 4, | 102 | .security_level = 4, |
| 103 | .flags = SIGALG_FLAG_RSA_PSS, | 103 | .flags = SIGALG_FLAG_RSA_PSS, |
| 104 | }, | 104 | }, |
| 105 | { | 105 | { |
| 106 | .value = SIGALG_RSA_PSS_PSS_SHA512, | 106 | .value = SIGALG_RSA_PSS_PSS_SHA512, |
| 107 | .key_type = EVP_PKEY_RSA, | 107 | .key_type = EVP_PKEY_RSA_PSS, |
| 108 | .md = EVP_sha512, | 108 | .md = EVP_sha512, |
| 109 | .security_level = 5, | 109 | .security_level = 5, |
| 110 | .flags = SIGALG_FLAG_RSA_PSS, | 110 | .flags = SIGALG_FLAG_RSA_PSS, |
| @@ -277,7 +277,8 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | |||
| 277 | 277 | ||
| 278 | /* RSA PSS must have a sufficiently large RSA key. */ | 278 | /* RSA PSS must have a sufficiently large RSA key. */ |
| 279 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { | 279 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { |
| 280 | if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA || | 280 | if ((EVP_PKEY_id(pkey) != EVP_PKEY_RSA && |
| 281 | EVP_PKEY_id(pkey) != EVP_PKEY_RSA_PSS) || | ||
| 281 | EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) | 282 | EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) |
| 282 | return 0; | 283 | return 0; |
| 283 | } | 284 | } |