diff options
| author | beck <> | 2018-11-11 21:54:47 +0000 |
|---|---|---|
| committer | beck <> | 2018-11-11 21:54:47 +0000 |
| commit | f5300bb014a205047638e02ab49acb28240d93eb (patch) | |
| tree | 0cdd1c2782b8d6a68cb8c13faf997369c97af830 /src/lib | |
| parent | 81c0433d7784aab7c55c418f41fe8c02ad142579 (diff) | |
| download | openbsd-f5300bb014a205047638e02ab49acb28240d93eb.tar.gz openbsd-f5300bb014a205047638e02ab49acb28240d93eb.tar.bz2 openbsd-f5300bb014a205047638e02ab49acb28240d93eb.zip | |
Add check function to verify that pkey is usable with a sigalg.
Include check for appropriate RSA key size when used with PSS.
ok tb@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 18 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 6 |
4 files changed, 24 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 9f8d999ff1..2094417994 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.43 2018/11/11 02:22:34 beck Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.44 2018/11/11 21:54:47 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1527,7 +1527,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1527 | al = SSL_AD_DECODE_ERROR; | 1527 | al = SSL_AD_DECODE_ERROR; |
| 1528 | goto f_err; | 1528 | goto f_err; |
| 1529 | } | 1529 | } |
| 1530 | if (sigalg->key_type != pkey->type) { | 1530 | if (!ssl_sigalg_pkey_ok(sigalg, pkey)) { |
| 1531 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); | 1531 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); |
| 1532 | al = SSL_AD_DECODE_ERROR; | 1532 | al = SSL_AD_DECODE_ERROR; |
| 1533 | goto f_err; | 1533 | goto f_err; |
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 5dc261810b..a6c5a4e9d8 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.6 2018/11/11 02:03:23 beck Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.7 2018/11/11 21:54:47 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -225,3 +225,19 @@ ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len) | |||
| 225 | } | 225 | } |
| 226 | return 1; | 226 | return 1; |
| 227 | } | 227 | } |
| 228 | |||
| 229 | int | ||
| 230 | ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | ||
| 231 | { | ||
| 232 | if (sigalg->key_type == pkey->type) { | ||
| 233 | if (!(sigalg->flags & SIGALG_FLAG_RSA_PSS)) | ||
| 234 | return 1; | ||
| 235 | /* | ||
| 236 | * RSA keys for PSS need to be at least | ||
| 237 | * as big as twice the size of the hash + 2 | ||
| 238 | */ | ||
| 239 | if (EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) | ||
| 240 | return 1; | ||
| 241 | } | ||
| 242 | return 0; | ||
| 243 | } | ||
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h index f6fb5e2ad6..1bce6e8ee3 100644 --- a/src/lib/libssl/ssl_sigalgs.h +++ b/src/lib/libssl/ssl_sigalgs.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.h,v 1.6 2018/11/10 08:42:39 beck Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.h,v 1.7 2018/11/11 21:54:47 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -73,6 +73,7 @@ const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg); | |||
| 73 | const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len); | 73 | const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len); |
| 74 | int ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len); | 74 | int ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len); |
| 75 | int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk); | 75 | int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk); |
| 76 | int ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey); | ||
| 76 | 77 | ||
| 77 | __END_HIDDEN_DECLS | 78 | __END_HIDDEN_DECLS |
| 78 | 79 | ||
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index e09817e2d0..27024be856 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.59 2018/11/11 07:57:44 bcook Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.60 2018/11/11 21:54:47 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2179,7 +2179,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2179 | al = SSL_AD_DECODE_ERROR; | 2179 | al = SSL_AD_DECODE_ERROR; |
| 2180 | goto f_err; | 2180 | goto f_err; |
| 2181 | } | 2181 | } |
| 2182 | if (sigalg->key_type != pkey->type) { | 2182 | if (!ssl_sigalg_pkey_ok(sigalg, pkey)) { |
| 2183 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); | 2183 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); |
| 2184 | al = SSL_AD_DECODE_ERROR; | 2184 | al = SSL_AD_DECODE_ERROR; |
| 2185 | goto f_err; | 2185 | goto f_err; |
| @@ -2216,7 +2216,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2216 | (pctx, RSA_PKCS1_PSS_PADDING) || | 2216 | (pctx, RSA_PKCS1_PSS_PADDING) || |
| 2217 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { | 2217 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { |
| 2218 | al = SSL_AD_INTERNAL_ERROR; | 2218 | al = SSL_AD_INTERNAL_ERROR; |
| 2219 | goto err; | 2219 | goto f_err; |
| 2220 | } | 2220 | } |
| 2221 | if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { | 2221 | if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { |
| 2222 | SSLerror(s, ERR_R_EVP_LIB); | 2222 | SSLerror(s, ERR_R_EVP_LIB); |