Chiebot-Mirror
/
boringssl
mirror of https://gitee.com/mirrors/boringssl.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Forbid RSA delegated credentials

Browse Source 
RFC 9345 has this bizarre special case forbiding the rsaEncryption OID
for delegated credentials. This doesn't make much sense as DCs already
constrain to a single signature algorithm. In fact, they didn't need to
use SPKIs at all and could have just encoded the type-specific values.

Nonetheless, this is where the spec went up. We have long rejected the
RSASSA-PSS OID as being unusably complex, so this effectively means we
will never permit RSA delegated credentials.

This was another oversight in
https://boringssl-review.googlesource.com/c/34884. Fix it separately
before everything is reworked to SSL_CREDENTIAL.

Bug: 249
Change-Id: I7eae1e8da9da8052b8d985e78388ef8f2b235942
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66567
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
fips-20240407
David Benjamin 9 months ago committed by Boringssl LUCI CQ
parent efad2bfc83
commit c9a9d8d5a9
2 changed files with 30 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      ssl/ssl_cert.cc
  2. 21
      ssl/test/runner/runner.go

10
ssl/ssl_cert.cc
Unescape View File

@ -726,6 +726,16 @@ UniquePtr<DC> DC::Parse(CRYPTO_BUFFER *in, uint8_t *out_alert) {
return nullptr; return nullptr;
} }
// RFC 9345 forbids algorithms that use the rsaEncryption OID. As the
// RSASSA-PSS OID is unusably complicated, this effectively means we will not
// support RSA delegated credentials.
if (SSL_get_signature_algorithm_key_type(dc->dc_cert_verify_algorithm) ==
EVP_PKEY_RSA) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SIGNATURE_ALGORITHM);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
return nullptr;
}
return dc; return dc;
} }

21
ssl/test/runner/runner.go
Unescape View File

@ -328,7 +328,7 @@ func createDelegatedCredential(config delegatedCredentialConfig, parentDER []byt
switch dcAlgo { switch dcAlgo {
case signatureRSAPKCS1WithMD5, signatureRSAPKCS1WithSHA1, signatureRSAPKCS1WithSHA256, signatureRSAPKCS1WithSHA384, signatureRSAPKCS1WithSHA512, signatureRSAPSSWithSHA256, signatureRSAPSSWithSHA384, signatureRSAPSSWithSHA512: case signatureRSAPKCS1WithMD5, signatureRSAPKCS1WithSHA1, signatureRSAPKCS1WithSHA256, signatureRSAPKCS1WithSHA384, signatureRSAPKCS1WithSHA512, signatureRSAPSSWithSHA256, signatureRSAPSSWithSHA384, signatureRSAPSSWithSHA512:
pub = &rsa2048Key.PublicKey pub = &rsa2048Key.PublicKey
privPKCS8, err = x509.MarshalPKCS8PrivateKey(rsa2048Key) privPKCS8, err = x509.MarshalPKCS8PrivateKey(&rsa2048Key)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@ -16561,6 +16561,25 @@ func addDelegatedCredentialTests() {
shouldFail: true, shouldFail: true,
expectedError: ":KEY_VALUES_MISMATCH:", expectedError: ":KEY_VALUES_MISMATCH:",
}) })
// RSA delegated credentials should be rejected at configuration time.
rsaDC, rsaPKCS8, err := createDelegatedCredential(delegatedCredentialConfig{
algo: signatureRSAPSSWithSHA256,
dcAlgo: signatureRSAPSSWithSHA256,
}, rsaCertificate.Leaf.Raw, rsaCertificate.PrivateKey)
if err != nil {
panic(err)
}
rsaFlagValue := fmt.Sprintf("%x,%x", rsaDC, rsaPKCS8)
testCases = append(testCases, testCase{
testType: serverTest,
name: "DelegatedCredentials-NoRSA",
flags: []string{
"-delegated-credential", rsaFlagValue,
},
shouldFail: true,
expectedError: ":INVALID_SIGNATURE_ALGORITHM:",
})
} }
type echCipher struct { type echCipher struct {

Write Preview
Loading…
Cancel
Save