openbsd/src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2026-04-17 02:34:41 +00:00
Code Issues Projects Releases Wiki Activity

ssl_sigalg_pkey_ok: allow RSASSA-PSS with pubkey OID RSASSA-PSS

Browse Source 
This fixes a long-standing logic error that hasn't been noticed because
we never announced the rsa_pss_pss_sha{256,384,512} SignatureScheme. The
EVP_PKEY_id() of a RSA-PSS pubkey is EVP_PKEY_RSA_PSS, not EVP_PKEY_RSA.

Thanks to beck for helping me figure out how to fix this correctly. It
drove me nuts for a very long time. Problem also noticed by Tom Lane
due to some PostgreSQL regress failures.

ok djm jsing kenjiro
This commit is contained in:
tb
2026-03-30 06:02:21 +00:00
parent a8b0d4d0a7
commit 97142c6557
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/libssl/ssl_sigalgs.c
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ssl_sigalgs.c,v 1.51 2026/03/30 05:49:31 tb Exp $ */
/* $OpenBSD: ssl_sigalgs.c,v 1.52 2026/03/30 06:02:21 tb Exp $ */
/*
* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -90,21 +90,21 @@ const struct ssl_sigalg sigalgs[] = {
},
{
.value = SIGALG_RSA_PSS_PSS_SHA256,
.key_type = EVP_PKEY_RSA,
.key_type = EVP_PKEY_RSA_PSS,
.md = EVP_sha256,
.security_level = 3,
.flags = SIGALG_FLAG_RSA_PSS,
},
{
.value = SIGALG_RSA_PSS_PSS_SHA384,
.key_type = EVP_PKEY_RSA,
.key_type = EVP_PKEY_RSA_PSS,
.md = EVP_sha384,
.security_level = 4,
.flags = SIGALG_FLAG_RSA_PSS,
},
{
.value = SIGALG_RSA_PSS_PSS_SHA512,
.key_type = EVP_PKEY_RSA,
.key_type = EVP_PKEY_RSA_PSS,
.md = EVP_sha512,
.security_level = 5,
.flags = SIGALG_FLAG_RSA_PSS,
@@ -277,7 +277,8 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey)
/* RSA PSS must have a sufficiently large RSA key. */
if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) {
if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA ||
if ((EVP_PKEY_id(pkey) != EVP_PKEY_RSA &&
EVP_PKEY_id(pkey) != EVP_PKEY_RSA_PSS) ||
EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2))
return 0;
}