)]}' { "commit": "a6d321b11fa80496b7c8ae6405468c212d4f5c87", "tree": "c20ba4b3e0d0302b1670f7b527cfabccf7d757a2", "parents": [ "d45d8933e61ccd8bd50fcf58f33a604627e6552c" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Wed Aug 03 18:36:25 2022 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Aug 15 19:26:25 2022 +0000" }, "message": "Tighten up supported PSS combinations in X.509.\n\nMatching Chromium, Go, and TLS 1.3, only allow SHA-256, SHA-384, and\nSHA-512 RSA-PSS signatures, where MGF-1 and message hash match and salt\nlength is hash length. Sadly, we are stuck tolerating an explicit\ntrailerField for now. See the certificates in cl/362617931.\n\nThis also fixes an overflow bug in handling the salt length. On\nplatforms with 64-bit long and 32-bit int, we would misinterpret, e.g,\n2^62 + 32 as 32. Also clean up the error-handling of maskHash. It was\npreviously handled in a very confusing way; syntax errors in maskHash\nwould succeed and only be noticed later, in rsa_mgf1_decode.\n\nI haven\u0027t done it in this change, but as a followup, we can, like\nChromium, reduce X.509 signature algorithms down to a single enum.\n\nUpdate-Note: Unusual RSA-PSS combinations in X.509 are no longer\naccepted. This same change (actually a slightly stricter version) has\nalready landed in Chrome.\n\nBug: 489\nChange-Id: I85ca3a4e14f76358cac13e66163887f6dade1ace\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53865\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "f5716a61e20153e2e6f185a19c1aeceb593b4867", "old_mode": 33188, "old_path": "crypto/x509/rsa_pss.c", "new_id": "42b4f21e7cd7a3bf002dc0a2a97c28940d8fcc8f", "new_mode": 33188, "new_path": "crypto/x509/rsa_pss.c" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "1ab90d44d14c3bae9810349ecb9e7848005216f6", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha1.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "7847916ee78f22dd5331757efe46a610ca15f9bb", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha1_explicit.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "3ba32f184c373e798d3af2897e4fb8c66b1a3de0", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha1_mgf1_syntax_error.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "422615d5039c8efd3010679adf97c26f7579ec5d", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha224.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "fc8ce18ec5c46f771d5bcaeb5eb0e54568c2004c", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha256.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "52820b76c32d1147ac6136d4f061a9042b88efc4", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha256_explicit_trailer.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "dd3b4e9374188e29a2909b4c7d45bd0e7403dbfa", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha256_mgf1_sha384.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "5d77bf274628a85684fff31900303a6b7a20f4b0", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha256_mgf1_syntax_error.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "c5b025ba66876156b20f94d8936e54b0c6c14b01", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha256_omit_nulls.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "964df2092735e1a17178e0377c207e01614b61f5", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha256_salt31.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "85f5f3a9177f0ae08130e8a615e284def5adb661", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha256_salt_overflow.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "e296652619263e9cde380a5a275d3e01625af296", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha256_unknown_mgf.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "dda85016d18a2cef08cd025021cea471d6a8fed3", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha256_wrong_trailer.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "faf59b8855cccd1cbcd81fd7eda52c725333c9f3", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha384.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "1beb991ef426e556389ac99d3c30a99361b0d76a", "new_mode": 33188, "new_path": "crypto/x509/test/pss_sha512.pem" }, { "type": "modify", "old_id": "1bb6ff2122d2c78cf564b3e376e2b140948e5017", "old_mode": 33188, "old_path": "crypto/x509/x509_test.cc", "new_id": "1bcc56929b115872c4fbb8475475d4984fb36bbe", "new_mode": 33188, "new_path": "crypto/x509/x509_test.cc" }, { "type": "modify", "old_id": "b3355a7d78c13dbc276e36cd683d69c84f5f6506", "old_mode": 33188, "old_path": "sources.cmake", "new_id": "aaca5a4765845f86b7de9c8d5a198a86574b77df", "new_mode": 33188, "new_path": "sources.cmake" } ] }