Skip to content

Commit 6718bb2

Browse files
committed
crypto/tls: send a "handshake failure" alert if the RSA key is too small
Fixes #29779 Change-Id: I7eb8b4db187597e07d8ec7d3ff651f008e2ca433 Reviewed-on: https://go-review.googlesource.com/c/158639 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]>
1 parent a15a013 commit 6718bb2

File tree

2 files changed

+50
-1
lines changed

2 files changed

+50
-1
lines changed

src/crypto/tls/handshake_server_test.go

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1697,3 +1697,46 @@ func TestCloneHash(t *testing.T) {
16971697
t.Error("cloned hash generated a different sum")
16981698
}
16991699
}
1700+
1701+
func TestKeyTooSmallForRSAPSS(t *testing.T) {
1702+
clientConn, serverConn := localPipe(t)
1703+
client := Client(clientConn, testConfig)
1704+
cert, err := X509KeyPair([]byte(`-----BEGIN CERTIFICATE-----
1705+
MIIBcTCCARugAwIBAgIQGjQnkCFlUqaFlt6ixyz/tDANBgkqhkiG9w0BAQsFADAS
1706+
MRAwDgYDVQQKEwdBY21lIENvMB4XDTE5MDExODIzMjMyOFoXDTIwMDExODIzMjMy
1707+
OFowEjEQMA4GA1UEChMHQWNtZSBDbzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDd
1708+
ez1rFUDwax2HTxbcnFUP9AhcgEGMHVV2nn4VVEWFJB6I8C/Nkx0XyyQlrmFYBzEQ
1709+
nIPhKls4T0hFoLvjJnXpAgMBAAGjTTBLMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE
1710+
DDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBYGA1UdEQQPMA2CC2V4YW1wbGUu
1711+
Y29tMA0GCSqGSIb3DQEBCwUAA0EAxDuUS+BrrS3c+h+k+fQPOmOScy6yTX9mHw0Q
1712+
KbucGamXYEy0URIwOdO0tQ3LHPc1YGvYSPwkDjkjqECs2Vm/AA==
1713+
-----END CERTIFICATE-----`), []byte(`-----BEGIN RSA PRIVATE KEY-----
1714+
MIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T
1715+
HRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/
1716+
yt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z
1717+
4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz
1718+
nKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd
1719+
hXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s
1720+
T+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g
1721+
-----END RSA PRIVATE KEY-----`))
1722+
if err != nil {
1723+
t.Fatal(err)
1724+
}
1725+
done := make(chan struct{})
1726+
go func() {
1727+
config := testConfig.Clone()
1728+
config.Certificates = []Certificate{cert}
1729+
config.MinVersion = VersionTLS13
1730+
server := Server(serverConn, config)
1731+
err := server.Handshake()
1732+
if !strings.Contains(err.Error(), "key size too small for PSS signature") {
1733+
t.Errorf(`expected "key size too small for PSS signature", got %q`, err)
1734+
}
1735+
close(done)
1736+
}()
1737+
err = client.Handshake()
1738+
if !strings.Contains(err.Error(), "handshake failure") {
1739+
t.Errorf(`expected "handshake failure", got %q`, err)
1740+
}
1741+
<-done
1742+
}

src/crypto/tls/handshake_server_tls13.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -635,7 +635,13 @@ func (hs *serverHandshakeStateTLS13) sendServerCertificate() error {
635635
}
636636
sig, err := hs.cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), h.Sum(nil), signOpts)
637637
if err != nil {
638-
c.sendAlert(alertInternalError)
638+
public := hs.cert.PrivateKey.(crypto.Signer).Public()
639+
if rsaKey, ok := public.(*rsa.PublicKey); ok && sigType == signatureRSAPSS &&
640+
rsaKey.N.BitLen()/8 < sigHash.Size()*2+2 { // key too small for RSA-PSS
641+
c.sendAlert(alertHandshakeFailure)
642+
} else {
643+
c.sendAlert(alertInternalError)
644+
}
639645
return errors.New("tls: failed to sign handshake: " + err.Error())
640646
}
641647
certVerifyMsg.signature = sig

0 commit comments

Comments
 (0)