diff options
| author | Daiki Ueno <ueno@gnu.org> | 2021-08-02 18:32:28 +0200 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2021-08-07 08:51:52 +0200 |
| commit | 3cdbb84fab1dfbe157804eb72e279265eaaa2cb7 (patch) | |
| tree | 8c4bfe6d66f8401bd78e59dcdfc87915925f1bb2 /lib/includes | |
| parent | c4f1d5308f3c14f5a82dd1debf5dc0806f361399 (diff) | |
| download | gnutls-3cdbb84fab1dfbe157804eb72e279265eaaa2cb7.tar.gz | |
pk: add flags to force RSA-PSS salt length to match digest length
This adds a couple of flags to RSA-PSS signing and verification, to
enforce that the salt length matches the digest length. That is not
only recommended in RFC 4055, but also mandated in RFC 8446 in the TLS
1.3 context.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'lib/includes')
| -rw-r--r-- | lib/includes/gnutls/abstract.h | 6 | ||||
| -rw-r--r-- | lib/includes/gnutls/x509.h | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 7e98ea2b13..c9f8067c13 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -388,6 +388,9 @@ int gnutls_privkey_status(gnutls_privkey_t key); * @GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT: Keys generated or imported as provable require an extended format which cannot be read by previous versions * of gnutls or other applications. By setting this flag the key will be exported in a backwards compatible way, * even if the information about the seed used will be lost. + * @GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: When making an RSA-PSS + * signature, use the salt whose length is equal to the digest length, as + * mandated in RFC 8446 4.2.3. * * Enumeration of different certificate import flags. */ @@ -400,7 +403,8 @@ typedef enum gnutls_privkey_flags { GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT = 1 << 6, GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS = 1 << 7, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE = 1 << 8, - GNUTLS_PRIVKEY_FLAG_CA = 1 << 9 + GNUTLS_PRIVKEY_FLAG_CA = 1 << 9, + GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH = 1 << 10 } gnutls_privkey_flags_t; int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey, diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 5f54e888bc..7953a30460 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -959,6 +959,9 @@ int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, * as in the TLS 1.0 protocol. Not all functions accept this flag. * @GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS: This signals the verification * process, not to fail on unknown critical extensions. + * @GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: Disallow RSA-PSS signatures made + * with mismatching salt length with digest length, as mandated in RFC 8446 + * 4.2.3. * * Enumeration of different certificate verify flags. Additional * verification profiles can be set using GNUTLS_PROFILE_TO_VFLAGS() @@ -980,7 +983,8 @@ typedef enum gnutls_certificate_verify_flags { GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS = 1 << 12, GNUTLS_VERIFY_USE_TLS1_RSA = 1 << 13, GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS = 1 << 14, - GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 = 1 << 15 + GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 = 1 << 15, + GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH = 1 << 16 /* cannot exceed 2^24 due to GNUTLS_PROFILE_TO_VFLAGS() */ } gnutls_certificate_verify_flags; |