Add a helper to set RSASSA-PSS padding parameters

This sets the AlgorithmIdentifier's algorithm to id-RSASSA-PSS with appropriate RSASSA-PSS parameters. This pulls a chunk of code out of rsa_cms_sign() and rewrites it with proper error checking, thereby fixing a long-standing leak. This helper can also be used in rsa_item_sign(), but that part is a bit special, and will therefore be commmitted separately. ok jsing
author: tb <> 2023-11-07 15:59:29 +0000
committer: tb <> 2023-11-07 15:59:29 +0000
commit: 2e7c7e380a9fb64d45feb484bc1dcc142c7dd305 (patch)
tree: 4ee2dc606d70ff0cb3d1f9333e8816be7620414a /src/lib
parent: a708d2161971398e204c82107e26fd3f23f91219 (diff)
download: openbsd-2e7c7e380a9fb64d45feb484bc1dcc142c7dd305.tar.gz
openbsd-2e7c7e380a9fb64d45feb484bc1dcc142c7dd305.tar.bz2
openbsd-2e7c7e380a9fb64d45feb484bc1dcc142c7dd305.zip
1 files changed, 29 insertions, 10 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index 35adcb391e..9549a57a7a 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.35 2023/11/07 15:45:41 tb Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.36 2023/11/07 15:59:29 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -894,6 +894,29 @@ rsa_alg_set_pkcs1_padding(X509_ALGOR *alg)
        return X509_ALGOR_set0_by_nid(alg, NID_rsaEncryption, V_ASN1_NULL, NULL);
 }
+static int
+rsa_alg_set_pss_padding(X509_ALGOR *alg, EVP_PKEY_CTX *pkey_ctx)
+{
+        ASN1_STRING *astr = NULL;
+        int ret = 0;
+        if (pkey_ctx == NULL)
+                goto err;
+        if ((astr = rsa_ctx_to_pss_string(pkey_ctx)) == NULL)
+                goto err;
+        if (!X509_ALGOR_set0_by_nid(alg, EVP_PKEY_RSA_PSS, V_ASN1_SEQUENCE, astr))
+                goto err;
+        astr = NULL;
+        ret = 1;
+ err:
+        ASN1_STRING_free(astr);
+        return ret;
+}
 #ifndef OPENSSL_NO_CMS
 static int
 rsa_cms_sign(CMS_SignerInfo *si)
@@ -901,23 +924,19 @@ rsa_cms_sign(CMS_SignerInfo *si)
        int pad_mode = RSA_PKCS1_PADDING;
        X509_ALGOR *alg;
        EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
-        ASN1_STRING *os = NULL;
        CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
        if (pkctx) {
                if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
                        return 0;
        }
        if (pad_mode == RSA_PKCS1_PADDING)
                return rsa_alg_set_pkcs1_padding(alg);
-        /* We don't support it */
+        if (pad_mode == RSA_PKCS1_PSS_PADDING)
-        if (pad_mode != RSA_PKCS1_PSS_PADDING)
+                return rsa_alg_set_pss_padding(alg, pkctx);
-                return 0;
-        os = rsa_ctx_to_pss_string(pkctx);
+        return 0;
-        if (!os)
-                return 0;
-        X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
-        return 1;
 }
 #endif
author	tb <>	2023-11-07 15:59:29 +0000
committer	tb <>	2023-11-07 15:59:29 +0000
commit	2e7c7e380a9fb64d45feb484bc1dcc142c7dd305 (patch)
tree	4ee2dc606d70ff0cb3d1f9333e8816be7620414a /src/lib
parent	a708d2161971398e204c82107e26fd3f23f91219 (diff)
download	openbsd-2e7c7e380a9fb64d45feb484bc1dcc142c7dd305.tar.gz openbsd-2e7c7e380a9fb64d45feb484bc1dcc142c7dd305.tar.bz2 openbsd-2e7c7e380a9fb64d45feb484bc1dcc142c7dd305.zip

diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c index 35adcb391e..9549a57a7a 100644 --- a/src/lib/libcrypto/rsa/rsa_ameth.c +++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa_ameth.c,v 1.35 2023/11/07 15:45:41 tb Exp $ */	1	/* $OpenBSD: rsa_ameth.c,v 1.36 2023/11/07 15:59:29 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -894,6 +894,29 @@ rsa_alg_set_pkcs1_padding(X509_ALGOR *alg)
894	return X509_ALGOR_set0_by_nid(alg, NID_rsaEncryption, V_ASN1_NULL, NULL);	894	return X509_ALGOR_set0_by_nid(alg, NID_rsaEncryption, V_ASN1_NULL, NULL);
895	}	895	}
896		896
		897	static int
		898	rsa_alg_set_pss_padding(X509_ALGOR alg, EVP_PKEY_CTX pkey_ctx)
		899	{
		900	ASN1_STRING *astr = NULL;
		901	int ret = 0;
		902
		903	if (pkey_ctx == NULL)
		904	goto err;
		905
		906	if ((astr = rsa_ctx_to_pss_string(pkey_ctx)) == NULL)
		907	goto err;
		908	if (!X509_ALGOR_set0_by_nid(alg, EVP_PKEY_RSA_PSS, V_ASN1_SEQUENCE, astr))
		909	goto err;
		910	astr = NULL;
		911
		912	ret = 1;
		913
		914	err:
		915	ASN1_STRING_free(astr);
		916
		917	return ret;
		918	}
		919
897	#ifndef OPENSSL_NO_CMS	920	#ifndef OPENSSL_NO_CMS
898	static int	921	static int
899	rsa_cms_sign(CMS_SignerInfo *si)	922	rsa_cms_sign(CMS_SignerInfo *si)
@@ -901,23 +924,19 @@ rsa_cms_sign(CMS_SignerInfo *si)
901	int pad_mode = RSA_PKCS1_PADDING;	924	int pad_mode = RSA_PKCS1_PADDING;
902	X509_ALGOR *alg;	925	X509_ALGOR *alg;
903	EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);	926	EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
904	ASN1_STRING *os = NULL;
905		927
906	CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);	928	CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
907	if (pkctx) {	929	if (pkctx) {
908	if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)	930	if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
909	return 0;	931	return 0;
910	}	932	}
		933
911	if (pad_mode == RSA_PKCS1_PADDING)	934	if (pad_mode == RSA_PKCS1_PADDING)
912	return rsa_alg_set_pkcs1_padding(alg);	935	return rsa_alg_set_pkcs1_padding(alg);
913	/* We don't support it */	936	if (pad_mode == RSA_PKCS1_PSS_PADDING)
914	if (pad_mode != RSA_PKCS1_PSS_PADDING)	937	return rsa_alg_set_pss_padding(alg, pkctx);
915	return 0;	938
916	os = rsa_ctx_to_pss_string(pkctx);	939	return 0;
917	if (!os)
918	return 0;
919	X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
920	return 1;
921	}	940	}
922	#endif	941	#endif
923		942