Skip to content

Commit

Permalink
Use size of server key when selecting signature algorithm.
Browse files Browse the repository at this point in the history
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from openssl#4389)
  • Loading branch information
Noah Robbin authored and Rich Salz committed Jan 8, 2018
1 parent 40cea0a commit 0fe3db2
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions ssl/t1_lib.c
Original file line number Diff line number Diff line change
Expand Up @@ -787,6 +787,27 @@ int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
return 1;
}

/*
* Check if key is large enough to generate RSA-PSS signature.
*
* The key must greater than or equal to 2 * hash length + 2.
* SHA512 has a hash length of 64 bytes, which is incompatible
* with a 128 byte (1024 bit) key.
*/
#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2)
static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu)
{
const EVP_MD *md;

if (rsa == NULL)
return 0;
if (!tls1_lookup_md(lu, &md) || md == NULL)
return 0;
if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md))
return 0;
return 1;
}

/*
* Return a signature algorithm for TLS < 1.2 where the signature type
* is fixed by the certificate type.
Expand Down Expand Up @@ -2303,6 +2324,12 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
#else
continue;
#endif
} else if (lu->sig == EVP_PKEY_RSA_PSS) {
/* validate that key is large enough for the signature algorithm */
const RSA *rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_PSS_SIGN].privatekey);

if (!rsa_pss_check_min_key_size(rsa, lu))
continue;
}
break;
}
Expand Down Expand Up @@ -2356,6 +2383,13 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
sig_idx = SSL_PKEY_RSA;
}
}
if (lu->sig == EVP_PKEY_RSA_PSS) {
/* validate that key is large enough for the signature algorithm */
const RSA *rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_PSS_SIGN].privatekey);

if (!rsa_pss_check_min_key_size(rsa, lu))
continue;
}
#ifndef OPENSSL_NO_EC
if (curve == -1 || lu->curve == curve)
#endif
Expand Down

0 comments on commit 0fe3db2

Please sign in to comment.