In 1.1.0 and above we check the digest algorithm used to create signatures
in intermediate CA certs. If it is not sufficiently strong then we reject
the cert. To work out what digest was used we look at the OID for the
signature. This works for most signatures, but not for RSA PSS where the
digest is stored as parameter of the SignatureAlgorithmIdentifier. This
results in the digest look up routines failing and the cert being rejected.
PR #3301 added support for doing this properly in master. So in that
branch this all works as expected. It also works properly in 1.0.2 where we
don't have the digest checks at all. So the only branch where this fails is
1.1.0.
PR #3301 seems too significant to backport to 1.1.0. Instead we simply skip
the signature digest algorithm strength checks if we detect RSA PSS.
Fixes #3558.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/6052)
if (level > NUM_AUTH_LEVELS)
level = NUM_AUTH_LEVELS;
+ /* We are not able to look up the CA MD for RSA PSS in this version */
+ if (nid == NID_rsassaPss)
+ return 1;
+
/* Lookup signature algorithm digest */
if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) {
const EVP_MD *md;
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
return 1;
sig_nid = X509_get_signature_nid(x);
+ /* We are not able to look up the CA MD for RSA PSS in this version */
+ if (sig_nid == NID_rsassaPss)
+ return 1;
if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) {
const EVP_MD *md;
if (md_nid && (md = EVP_get_digestbynid(md_nid)))
projects / openssl / commitdiff