]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b33fb68)
rsa_signverify_init: Set the PARAMS after key is set
authorTomas Mraz <tomas@openssl.org>
Fri, 19 Nov 2021 14:16:53 +0000 (15:16 +0100)
committerTomas Mraz <tomas@openssl.org>
Tue, 23 Nov 2021 14:15:32 +0000 (15:15 +0100)
Also, default to unrestricted pss parameters until the key is set.

Fixes #17075

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17080)

providers/implementations/signature/rsa_sig.c patch | blob | blame | history

diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index f2d5d36928a649876a644c19800138a811094a42..14741dee9dded76c64e7d13e054daa6e7e0b3a38 100644 (file)
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -190,6 +190,9 @@ static void *rsa_newctx(void *provctx, const char *propq)
     prsactx->libctx = PROV_LIBCTX_OF(provctx);
     prsactx->flag_allow_md = 1;
     prsactx->propq = propq_copy;
+    /* Maximum for sign, auto for verify */
+    prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
+    prsactx->min_saltlen = -1;
     return prsactx;
 }
 
@@ -406,9 +409,6 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
 
     prsactx->operation = operation;
 
-    if (!rsa_set_ctx_params(prsactx, params))
-        return 0;
-
     /* Maximum for sign, auto for verify */
     prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
     prsactx->min_saltlen = -1;
@@ -462,9 +462,10 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
                 prsactx->saltlen = min_saltlen;
 
                 /* call rsa_setup_mgf1_md before rsa_setup_md to avoid duplication */
-                return rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq)
-                    && rsa_setup_md(prsactx, mdname, prsactx->propq)
-                    && rsa_check_parameters(prsactx, min_saltlen);
+                if (!rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq)
+                    || !rsa_setup_md(prsactx, mdname, prsactx->propq)
+                    || !rsa_check_parameters(prsactx, min_saltlen))
+                    return 0;
             }
         }
 
@@ -474,6 +475,9 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
         return 0;
     }
 
+    if (!rsa_set_ctx_params(prsactx, params))
+        return 0;
+
     return 1;
 }
 
Mirror of https://github.com/openssl/openssl.git