/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
TLSEXT_SIGALG_ed25519,
#endif
- TLSEXT_SIGALG_rsa_pss_sha256,
- TLSEXT_SIGALG_rsa_pss_sha384,
- TLSEXT_SIGALG_rsa_pss_sha512,
+ TLSEXT_SIGALG_rsa_pss_pss_sha256,
+ TLSEXT_SIGALG_rsa_pss_pss_sha384,
+ TLSEXT_SIGALG_rsa_pss_pss_sha512,
+ TLSEXT_SIGALG_rsa_pss_rsae_sha256,
+ TLSEXT_SIGALG_rsa_pss_rsae_sha384,
+ TLSEXT_SIGALG_rsa_pss_rsae_sha512,
TLSEXT_SIGALG_rsa_pkcs1_sha256,
TLSEXT_SIGALG_rsa_pkcs1_sha384,
NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA1, NID_undef},
#endif
- {"rsa_pss_sha256", TLSEXT_SIGALG_rsa_pss_sha256,
+ {"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256,
+ NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+ NID_undef, NID_undef},
+ {"rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384,
+ NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+ NID_undef, NID_undef},
+ {"rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512,
+ NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+ NID_undef, NID_undef},
+ {"rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256,
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef},
- {"rsa_pss_sha384", TLSEXT_SIGALG_rsa_pss_sha384,
+ {"rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384,
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef},
- {"rsa_pss_sha512", TLSEXT_SIGALG_rsa_pss_sha512,
+ {"rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512,
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef},
{"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256,
/* Look for a certificate matching shared sigalgs */
for (i = 0; i < s->cert->shared_sigalgslen; i++) {
lu = s->cert->shared_sigalgs[i];
+ sig_idx = -1;
/* Skip SHA1, SHA224, DSA and RSA if not PSS */
if (lu->hash == NID_sha1
#endif
} else if (lu->sig == EVP_PKEY_RSA_PSS) {
/* validate that key is large enough for the signature algorithm */
- const RSA *rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_PSS_SIGN].privatekey);
+ EVP_PKEY *pkey;
+ int pkey_id;
- if (!rsa_pss_check_min_key_size(rsa, lu))
+ if (sig_idx == -1)
+ pkey = s->cert->pkeys[lu->sig_idx].privatekey;
+ else
+ pkey = s->cert->pkeys[sig_idx].privatekey;
+ pkey_id = EVP_PKEY_id(pkey);
+ if (pkey_id != EVP_PKEY_RSA_PSS
+ && pkey_id != EVP_PKEY_RSA)
+ continue;
+ /*
+ * The pkey type is EVP_PKEY_RSA_PSS or EVP_PKEY_RSA
+ * EVP_PKEY_get0_RSA returns NULL if the type is not EVP_PKEY_RSA
+ * so use EVP_PKEY_get0 instead
+ */
+ if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
continue;
}
break;
}
if (lu->sig == EVP_PKEY_RSA_PSS) {
/* validate that key is large enough for the signature algorithm */
- const RSA *rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_PSS_SIGN].privatekey);
+ EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey;
+ int pkey_id = EVP_PKEY_id(pkey);
- if (!rsa_pss_check_min_key_size(rsa, lu))
+ if (pkey_id != EVP_PKEY_RSA_PSS
+ && pkey_id != EVP_PKEY_RSA)
+ continue;
+ if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
continue;
}
#ifndef OPENSSL_NO_EC