mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-07 19:38:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS

Browse Source 
This is an upstream fix for #13931

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13968)
This commit is contained in:
Dr. David von Oheimb 2021-01-26 11:53:15 +01:00 committed by Dr. David von Oheimb
parent 03f5c8930c
commit 199df4a93f
8 changed files with 133 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto/x509/v3_purp.c
View File

@ -362,18 +362,20 @@ static int setup_crldp(X509 *x)
} }
/* Check that issuer public key algorithm matches subject signature algorithm */ /* Check that issuer public key algorithm matches subject signature algorithm */
static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) static int check_sig_alg_match(const EVP_PKEY *issuer_key, const X509 *subject)
{ {
int pkey_nid; int signer_nid, subj_sig_nid;
if (pkey == NULL) if (issuer_key == NULL)
return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; return X509_V_ERR_NO_ISSUER_PUBLIC_KEY;
signer_nid = EVP_PKEY_base_id(issuer_key);
if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm),
NULL, &pkey_nid) == 0) NULL, &subj_sig_nid) == 0)
return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM;
if (EVP_PKEY_type(pkey_nid) != EVP_PKEY_base_id(pkey)) if (signer_nid == EVP_PKEY_type(subj_sig_nid)
return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; || (signer_nid == NID_rsaEncryption && subj_sig_nid == NID_rsassaPss))
return X509_V_OK; return X509_V_OK;
return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH;
} }
#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define V1_ROOT (EXFLAG_V1|EXFLAG_SS)

21
test/certs/ca-pss-cert.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDXjCCAhagAwIBAgIBAjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDASMRAwDgYDVQQDDAdSb290
IENBMCAXDTIxMDEyNjEwMDUwOFoYDzIxMjEwMTI3MTAwNTA4WjARMQ8wDQYDVQQD
DAZDQS1QU1MwggEgMAsGCSqGSIb3DQEBCgOCAQ8AMIIBCgKCAQEAtclsFtJOQgAC
ZxTPn2T2ksmibRNVAnEfVCgfJxsPN3aEERgqqhWbC4LmGHRIIjQ9DpobarydJivw
epDaiu11rgwXgenIobIVvVr2+L3ngalYdkwmmPVImNN8Ef575ybE/kVgTu9X37DJ
t+8psfVGeFg4RKykOi7SfPCSKHKSeZUXPj9AYwZDw4HX2rhstRopXAmUzz2/uAaR
fmU7tYOG5qhfMUpP+Ce0ZBlLE9JjasY+d20/mDFuvFEc5qjfzNqv/7okyBjaWB4h
gwnjXASrqKlqHKVU1UyrJc76yAniimy+IoXKAELetIJGSN15GYaWJcAIs0Eybjyk
gyAu7Zlf/wIDAQABo2AwXjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAd
BgNVHQ4EFgQUGfmhA/VcxWkh7VUBHxUdHHQLgrAwHwYDVR0jBBgwFoAUjvUlrx6b
a4Q9fICayVOcTXL3o1IwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAY
BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEBAF6rSSBj+dkv0UGuE1El
lB9zVpqVlV72RY8gAkmSJmbzblHEO/PYV/UnNJ2C2IXEhAQaE0xKCg+WC2RO56oc
qZc6UXBCN8G9rJKVxgXVbciP4pQYN6POpmhJfQqzNPwzTADt3HY6X9gQtyG0fuQF
OPDc+mXjRvBrcYMkAgYiKe+oA45WDWYpIvipWVQ3xP/BSGJqrdKx5SOrJA72+BLM
bPbD3tBC2SVirDjv0N926Wcb/JQFkM+5YY2/yKNybstngr4Pb1T/tESsIZvGG2Tk
3IhBl1dJtC9gpGTRa8NzQvcmPK9VUjWtv5YNA+FxD9FTxGibh7Aw1fbFCV91Qjc3
JQQ=
-----END CERTIFICATE-----

28
test/certs/ca-pss-key.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADALBgkqhkiG9w0BAQoEggSpMIIEpQIBAAKCAQEAtclsFtJOQgACZxTP
n2T2ksmibRNVAnEfVCgfJxsPN3aEERgqqhWbC4LmGHRIIjQ9DpobarydJivwepDa
iu11rgwXgenIobIVvVr2+L3ngalYdkwmmPVImNN8Ef575ybE/kVgTu9X37DJt+8p
sfVGeFg4RKykOi7SfPCSKHKSeZUXPj9AYwZDw4HX2rhstRopXAmUzz2/uAaRfmU7
tYOG5qhfMUpP+Ce0ZBlLE9JjasY+d20/mDFuvFEc5qjfzNqv/7okyBjaWB4hgwnj
XASrqKlqHKVU1UyrJc76yAniimy+IoXKAELetIJGSN15GYaWJcAIs0EybjykgyAu
7Zlf/wIDAQABAoIBAErkiNt+GS+nwVWmhUMt3UfsOjal2EgBQt7xCKSbyVEYSqCg
TDN2Y0IC07kPbwhobR8u7kyzGCs5vwE/3EmQOwNRh/3FyxqSu9IfP9CKrG4GzqMu
DFjH9PjBaEQhi/pXRqFbA6qBgLpvoytcJNlkK3w5HDVuytoNoDpJAm4XhbEAwVG2
u3De40lPKXBFaGjSrUQETnrm0Fhj+J7+VMheQZVjEHwMIOmbIDcckV0OSIWn00XG
/Md0y0i/U8S0TkP9sVC+cKkKMCNL+BJYf5YucUIna/9PgBD36RRRq2D0e8/iP8m+
ftnmW7fxlL2neTZ2sAS+4sm7sOoudaeAta+JoEECgYEA5ZjbBJf+FhyFOBFRoYow
OHP+JfU7rdi8n5GpNswVmtNx3FK+eoUz+PlXTluUydS3L40ba7/mzYFzAZETF6YO
Z8STkmvLxRTDzvZoE0SCJQAcG9I1oVWMufDVnHvljflH+IBjvMQM527dfFgaebvD
TkRvnCup2oV3uT430++15K0CgYEAyrESfgP5f9+zZqz30N+QTWHZCzCUqSDcGhke
Irvjs5tSrCQibbSGkGNHZ/V019K8rKJQlvNbEEzlRRcohuqIuUPgPmXBbbruqCBP
a1+DD/HRg6BrTsNo67SbUJ6EsV5D80Ie76Yzye3By7E71xvFzFxbMwcwPFHBDViR
m4oRwNsCgYEAtdb/N78tVNPXytUkot0wXbW4RtXYI1Lx6StTKnwubEYk+otqIt1W
kUzhkcTEralUQEvwuMDvCjoJHOeKiINTC2pMOn43j+pnPoY3XXM35BgXKw2svg9k
emu8ssgJwgz5rF37ICjh03Yh4vZgWaOVBmr7PmPyjYiBjuwxCSDkHa0CgYEAkqwP
9aBqq131NBd2PG+KvHRR2wcMjFZ672e9puTPoOiEqox7XWeE+Hbe9RtpscONRF8w
cgsnmmQKhDR93yNYTLgRTRXVItJiYMcAsXIsJR2XvugWvqgpBGds/Km426CbCyyN
tl1OnJCv6/YUl1RBjeBHHmXVQdDnIgE1XJhMwIECgYEAt4zgPqswoicfDBqakP6X
ZND0s7fiki2YBmXyASIoUACnpJEWsOOEJrAcW7xtgXgjNxKdk1JqYV3ggU8wgCvv
9Ugsx0FiuPmIBhYNZMWIItNmpYqPm8KbEwIPqChs9OA+5FREFwFjJgGK2ublfmVj
dN2I3LilMIXTE4/MQ8Lhcjc=
-----END PRIVATE KEY-----

21
test/certs/ee-pss-cert.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDdDCCAiygAwIBAgIBAjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDARMQ8wDQYDVQQDDAZDQS1Q
U1MwIBcNMjEwMTI2MTAwNjMzWhgPMjEyMTAxMjcxMDA2MzNaMBExDzANBgNVBAMM
BkVFLVBTUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e
2ywP1XP74reoG3p1YCvUfTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//
DcZD/jE0+CjYdemju4iC76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aO
wjagEf/AWTX9SRzdHEIzBniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5Zq
ghsVi9GZq+Seb5Sq0pblV/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktH
aKcpxz9K4iIntO+QY9fv0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h
/nk0H0qJH7cCAwEAAaN1MHMwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4HmCKX4XOi
MB8GA1UdIwQYMBaAFBn5oQP1XMVpIe1VAR8VHRx0C4KwMAkGA1UdEwQCMAAwEwYD
VR0lBAwwCgYIKwYBBQUHAwEwEQYDVR0RBAowCIIGRUUtUFNTMD0GCSqGSIb3DQEB
CjAwoA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaID
AgEgA4IBAQCzCXb5XpMvhuwWso9wj4B8AJjCugMlGdrLXIj3ueqyS1qSEcFp1meO
9jMDCjAkitTdZjf3gqEghC/joUd+XAw3JfOPOl36WlNrm9bwZTnfnCYFRrdprfMo
Q1Kqy9SNvDeHZZVcGeU3PZSt+EabmR9mQODg/qfpa9/3WktzFbvxlPOS7Tb0n2tn
vQnTmyrmGN2/o8X1qGQgETw5bH3csKgsPh668zN/gv3DxNN0EVACLaOSahNsNQa7
KCcl1ez5KcFc0QIlQajhorTYOIeTb8UmR4wdy5C4Nd9P5OKv1sQvVO9PtswAv/s7
Vs48cDO1+ASn0KjN41hXN5+fOIlNqOeU
-----END CERTIFICATE-----

19
test/certs/ee-pss-wrong1.5-cert.pem Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDIjCCAgygAwIBAgIBAjALBgkqhkiG9w0BAQswETEPMA0GA1UEAwwGQ0EtUFNT
MCAXDTIxMDEyNzA2NTIzMloYDzIxMjEwMTI4MDY1MjMyWjAaMRgwFgYDVQQDDA9F
RS1QU1Mtd3JvbmcxLjUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo
/4lYYYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0
LLuT5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsI
Vl1lDz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1K
xMY1U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr
3zG5ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNG
T4tniIQPYf55NB9KiR+3AgMBAAGjfjB8MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWO
B5gil+FzojAfBgNVHSMEGDAWgBQZ+aED9VzFaSHtVQEfFR0cdAuCsDAJBgNVHRME
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQTMBGCD0VFLVBTUy13cm9u
ZzEuNTALBgkqhkiG9w0BAQsDggEBAJYxCmTZfgjCfhf1r4dS+nebCM1qQ2WsOvwS
SXSMOxVs0sRc2KUjiTR00j/pgASaRVPauom5y+Qp6J2NUUBcwkQhGbQPDr8pdmWv
NPXX3UwfIl2gO9Bo5z0G0BOZmhCgNqbHcuJrW1tLRLwQWHsqm7gcqIq+/0Wsz5SA
QETZfmMbPAlj+aotLJmc2UvcGyz7jAeEJ3xIikey9c8HK73c4UyXepeUckQKsTRe
hs6+TluxaJerm3/1MRTOrq9aBGxoxNUc5cpJDZFF1rG9BtQgXxyGpiItkZX60N/3
P1js8/l2FH8fEcb63WeChKMmqnw18fQUmunVyZWvsFiQVRHterM=
-----END CERTIFICATE-----

22
test/certs/mkcert.sh
View File

@ -116,6 +116,19 @@ genroot() {
} }
genca() { genca() {
local OPTIND=1
local purpose=
while getopts p: o
do
case $o in
p) purpose="$OPTARG";;
*) echo "Usage: $0 genca [-p EKU] cn keyname certname cakeyname cacertname" >&2
return 1;;
esac
done
shift $((OPTIND - 1))
local cn=$1; shift local cn=$1; shift
local key=$1; shift local key=$1; shift
local cert=$1; shift local cert=$1; shift
@ -127,17 +140,16 @@ genca() {
local akid="authorityKeyIdentifier = keyid" local akid="authorityKeyIdentifier = keyid"
exts=$(printf "%s\n%s\n%s\n" "$bcon" "$ku" "$skid" "$akid") exts=$(printf "%s\n%s\n%s\n" "$bcon" "$ku" "$skid" "$akid")
for eku in "$@" if [ -n "$purpose" ]; then
do exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$purpose")
exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku") fi
done
if [ -n "$NC" ]; then if [ -n "$NC" ]; then
exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC") exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC")
fi fi
csr=$(req "$key" "CN = $cn") || return 1 csr=$(req "$key" "CN = $cn") || return 1
echo "$csr" | echo "$csr" |
cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \ cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
-set_serial 2 -days "${DAYS}" -set_serial 2 -days "${DAYS}" "$@"
} }
gen_nonbc_ca() { gen_nonbc_ca() {

15
test/certs/setup.sh
View File

@ -125,7 +125,7 @@ OPENSSL_KEYBITS=768 \
# client intermediate ca: cca-cert # client intermediate ca: cca-cert
# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
# #
./mkcert.sh genca "CA" ca-key cca-cert root-key root-cert clientAuth ./mkcert.sh genca -p clientAuth "CA" ca-key cca-cert root-key root-cert
# #
openssl x509 -in cca-cert.pem -trustout \ openssl x509 -in cca-cert.pem -trustout \
-addtrust serverAuth -out cca+serverAuth.pem -addtrust serverAuth -out cca+serverAuth.pem
@ -143,7 +143,7 @@ openssl x509 -in cca-cert.pem -trustout \
# server intermediate ca: sca-cert # server intermediate ca: sca-cert
# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, -anyEKU, +anyEKU # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, -anyEKU, +anyEKU
# #
./mkcert.sh genca "CA" ca-key sca-cert root-key root-cert serverAuth ./mkcert.sh genca -p serverAuth "CA" ca-key sca-cert root-key root-cert
# #
openssl x509 -in sca-cert.pem -trustout \ openssl x509 -in sca-cert.pem -trustout \
-addtrust serverAuth -out sca+serverAuth.pem -addtrust serverAuth -out sca+serverAuth.pem
@ -392,9 +392,16 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
# SHA1 # SHA1
./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \ ./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \
-sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
# SHA256 # EE SHA256
./mkcert.sh genee PSS-SHA256 ee-key ee-pss-sha256-cert ca-key ca-cert \ ./mkcert.sh genee PSS-SHA256 ee-key ee-pss-sha256-cert ca-key ca-cert \
-sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
# CA-PSS
./mkcert.sh genca "CA-PSS" ca-pss-key ca-pss-cert root-key root-cert \
-sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
./mkcert.sh genee "EE-PSS" ee-key ee-pss-cert ca-pss-key ca-pss-cert \
-sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
# Should not have been possible to produce, see issue #13968:
#./mkcert.sh genee "EE-PSS-wrong1.5" ee-key ee-pss-wrong1.5-cert ca-pss-key ca-pss-cert -sha256
OPENSSL_KEYALG=ec OPENSSL_KEYBITS=brainpoolP256r1 ./mkcert.sh genee \ OPENSSL_KEYALG=ec OPENSSL_KEYBITS=brainpoolP256r1 ./mkcert.sh genee \
"Server ECDSA brainpoolP256r1 cert" server-ecdsa-brainpoolP256r1-key \ "Server ECDSA brainpoolP256r1 cert" server-ecdsa-brainpoolP256r1-key \

7
test/recipes/25-test_verify.t
View File

@ -27,7 +27,7 @@ sub verify {
run(app([@args])); run(app([@args]));
} }
plan tests => 153; plan tests => 155;
# Canonical success # Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@ -380,6 +380,11 @@ ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_l
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
"PSS signature using SHA256 and auth level 2"); "PSS signature using SHA256 and auth level 2");
ok(verify("ee-pss-cert", "sslserver", ["root-cert"], ["ca-pss-cert"], ),
"CA PSS signature");
ok(!verify("ee-pss-wrong1.5-cert", "sslserver", ["root-cert"], ["ca-pss-cert"], ),
"CA producing regular PKCS#1 v1.5 signature with PSA-PSS key");
ok(!verify("many-names1", "sslserver", ["many-constraints"], ["many-constraints"], ), ok(!verify("many-names1", "sslserver", ["many-constraints"], ["many-constraints"], ),
"Too many names and constraints to check (1)"); "Too many names and constraints to check (1)");
ok(!verify("many-names2", "sslserver", ["many-constraints"], ["many-constraints"], ), ok(!verify("many-names2", "sslserver", ["many-constraints"], ["many-constraints"], ),