wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5543 from SparkiDev/rsa_max_size_fix

Browse Source 
RSA max key size checks
This commit is contained in:
David Garske
2022-09-02 09:26:19 -07:00
committed by GitHub
parent daadd4a1b7 3bf6baf596
commit 11bb8b3dc4
2 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl.c
View File

@ -6812,14 +6812,16 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
if (ssl && !ssl->options.verifyNone) { if (ssl && !ssl->options.verifyNone) {
if (ssl->options.minRsaKeySz < 0 || if (ssl->options.minRsaKeySz < 0 ||
keySz < (int)ssl->options.minRsaKeySz) { keySz < (int)ssl->options.minRsaKeySz ||
keySz > (RSA_MAX_SIZE / 8)) {
ret = RSA_KEY_SIZE_E; ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG("Certificate RSA key size too small"); WOLFSSL_MSG("Certificate RSA key size too small");
} }
} }
else if (ctx && !ctx->verifyNone) { else if (ctx && !ctx->verifyNone) {
if (ctx->minRsaKeySz < 0 || if (ctx->minRsaKeySz < 0 ||
keySz < (int)ctx->minRsaKeySz) { keySz < (int)ctx->minRsaKeySz ||
keySz > (RSA_MAX_SIZE / 8)) {
ret = RSA_KEY_SIZE_E; ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG("Certificate RSA key size too small"); WOLFSSL_MSG("Certificate RSA key size too small");
} }

7
tests/api.c
View File

@ -2402,7 +2402,7 @@ static int test_wolfSSL_CertRsaPss(void)
XFILE f; XFILE f;
const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der"; const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der";
const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem"; const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem";
#ifdef WOLFSSL_SHA384 #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der"; const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der";
const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem"; const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem";
#endif #endif
@ -2417,7 +2417,7 @@ static int test_wolfSSL_CertRsaPss(void)
AssertNotNull(cm); AssertNotNull(cm);
AssertIntEQ(WOLFSSL_SUCCESS, AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL)); wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL));
#ifdef WOLFSSL_SHA384 #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
AssertIntEQ(WOLFSSL_SUCCESS, AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL)); wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL));
#endif #endif
@ -2430,7 +2430,8 @@ static int test_wolfSSL_CertRsaPss(void)
AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
wc_FreeDecodedCert(&cert); wc_FreeDecodedCert(&cert);
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
RSA_MAX_SIZE >= 3072
f = XFOPEN(rsaPssSha384Cert, "rb"); f = XFOPEN(rsaPssSha384Cert, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f); bytes = (int)XFREAD(buf, 1, sizeof(buf), f);