diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-03-31 13:56:23 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-04-10 20:21:57 +0200 |
commit | 491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03 (patch) | |
tree | 6a5a1e6fc0fc1befdbf2d97260c18d68cee565cb | |
parent | ee215c7eea91f193d4765127eb31332758753058 (diff) | |
download | openssl-491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03.zip openssl-491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03.tar.gz openssl-491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03.tar.bz2 |
Avoid creating invalid rsa pss params
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8621)
-rw-r--r-- | crypto/rsa/rsa_ameth.c | 4 | ||||
-rw-r--r-- | test/recipes/80-test_cms.t | 8 |
2 files changed, 11 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 139415e..82d1d56 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -583,10 +583,12 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) return NULL; if (saltlen == -1) { saltlen = EVP_MD_size(sigmd); - } else if (saltlen == -2) { + } else if (saltlen == -2 || saltlen == -3) { saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; if ((EVP_PKEY_bits(pk) & 0x7) == 1) saltlen--; + if (saltlen < 0) + return NULL; } return rsa_pss_params_create(sigmd, mgf1md, saltlen); diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 76f1ec2..7beebcc 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -324,6 +324,14 @@ my @smime_cms_param_tests = ( "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] ], + [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=-3", + [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", + "-keyopt", "rsa_pss_saltlen:-3", "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr", "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", |