Add back support for SHA224 based sig algs (d8311fc9) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/ssl_locl.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -1857,6 +1857,7 @@ typedef enum downgrade_en {
		#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403
		#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503
		#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603
		#define TLSEXT_SIGALG_ecdsa_sha224 0x0303
		#define TLSEXT_SIGALG_ecdsa_sha1 0x0203
		#define TLSEXT_SIGALG_rsa_pss_sha256 0x0804
		#define TLSEXT_SIGALG_rsa_pss_sha384 0x0805
		@@ -1864,10 +1865,12 @@ typedef enum downgrade_en {
		#define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401
		#define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501
		#define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601
		#define TLSEXT_SIGALG_rsa_pkcs1_sha224 0x0301
		#define TLSEXT_SIGALG_rsa_pkcs1_sha1 0x0201
		#define TLSEXT_SIGALG_dsa_sha256 0x0402
		#define TLSEXT_SIGALG_dsa_sha384 0x0502
		#define TLSEXT_SIGALG_dsa_sha512 0x0602
		#define TLSEXT_SIGALG_dsa_sha224 0x0302
		#define TLSEXT_SIGALG_dsa_sha1 0x0202
		#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee
		#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef

ssl/t1_lib.c

+24 −7

Original line number	Diff line number	Diff line
		@@ -686,10 +686,13 @@ static const uint16_t tls12_sigalgs[] = {
		TLSEXT_SIGALG_rsa_pkcs1_sha512,

		#ifndef OPENSSL_NO_EC
		TLSEXT_SIGALG_ecdsa_sha224,
		TLSEXT_SIGALG_ecdsa_sha1,
		#endif
		TLSEXT_SIGALG_rsa_pkcs1_sha224,
		TLSEXT_SIGALG_rsa_pkcs1_sha1,
		#ifndef OPENSSL_NO_DSA
		TLSEXT_SIGALG_dsa_sha224,
		TLSEXT_SIGALG_dsa_sha1,

		TLSEXT_SIGALG_dsa_sha256,
		@@ -716,6 +719,9 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
		{"ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
		NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
		NID_ecdsa_with_SHA512, NID_secp521r1},
		{NULL, TLSEXT_SIGALG_ecdsa_sha224,
		NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
		NID_ecdsa_with_SHA224, NID_undef},
		{NULL, TLSEXT_SIGALG_ecdsa_sha1,
		NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
		NID_ecdsa_with_SHA1, NID_undef},
		@@ -738,6 +744,9 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
		{"rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512,
		NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
		NID_sha512WithRSAEncryption, NID_undef},
		{"rsa_pkcs1_sha224", TLSEXT_SIGALG_rsa_pkcs1_sha224,
		NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
		NID_sha224WithRSAEncryption, NID_undef},
		{"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1,
		NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
		NID_sha1WithRSAEncryption, NID_undef},
		@@ -751,6 +760,9 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
		{NULL, TLSEXT_SIGALG_dsa_sha512,
		NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
		NID_undef, NID_undef},
		{NULL, TLSEXT_SIGALG_dsa_sha224,
		NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
		NID_undef, NID_undef},
		{NULL, TLSEXT_SIGALG_dsa_sha1,
		NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
		NID_dsaWithSHA1, NID_undef},
		@@ -901,10 +913,11 @@ int tls12_check_peer_sigalg(SSL s, uint16_t sig, EVP_PKEY pkey)
		}
		lu = tls1_lookup_sigalg(sig);
		/*
		* Check sigalgs is known. Disallow SHA1 with TLS 1.3. Check key type is
		* consistent with signature: RSA keys can be used for RSA-PSS
		* Check sigalgs is known. Disallow SHA1/SHA224 with TLS 1.3. Check key type
		* is consistent with signature: RSA keys can be used for RSA-PSS
		*/
		if (lu == NULL \|\| (SSL_IS_TLS13(s) && lu->hash == NID_sha1)
		if (lu == NULL
		\|\| (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 \|\| lu->hash == NID_sha224))
		\|\| (pkeyid != lu->sig
		&& (lu->sig != EVP_PKEY_RSA_PSS \|\| pkeyid != EVP_PKEY_RSA))) {
		SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
		@@ -1489,10 +1502,12 @@ int tls12_copy_sigalgs(SSL s, WPACKET pkt,
		return 0;
		/*
		* If TLS 1.3 must have at least one valid TLS 1.3 message
		* signing algorithm: i.e. neither RSA nor SHA1
		* signing algorithm: i.e. neither RSA nor SHA1/SHA224
		*/
		if (rv == 0 && (!SSL_IS_TLS13(s)
		\|\| (lu->sig != EVP_PKEY_RSA && lu->hash != NID_sha1)))
		\|\| (lu->sig != EVP_PKEY_RSA
		&& lu->hash != NID_sha1
		&& lu->hash != NID_sha224)))
		rv = 1;
		}
		if (rv == 0)
		@@ -2279,8 +2294,10 @@ int tls_choose_sigalg(SSL s, int al)
		for (i = 0; i < s->cert->shared_sigalgslen; i++) {
		lu = s->cert->shared_sigalgs[i];

		/* Skip SHA1, DSA and RSA if not PSS */
		if (lu->hash == NID_sha1 \|\| lu->sig == EVP_PKEY_DSA
		/* Skip SHA1, SHA224, DSA and RSA if not PSS */
		if (lu->hash == NID_sha1
		\|\| lu->hash == NID_sha224
		\|\| lu->sig == EVP_PKEY_DSA
		\|\| lu->sig == EVP_PKEY_RSA)
		continue;
		if (ssl_md(lu->hash_idx) == NULL)

ssl/t1_trce.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -533,6 +533,7 @@ static ssl_trace_tbl ssl_sigalg_tbl[] = {
		{TLSEXT_SIGALG_ecdsa_secp256r1_sha256, "ecdsa_secp256r1_sha256"},
		{TLSEXT_SIGALG_ecdsa_secp384r1_sha384, "ecdsa_secp384r1_sha384"},
		{TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512"},
		{TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224"},
		{TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1"},
		{TLSEXT_SIGALG_rsa_pss_sha256, "rsa_pss_sha256"},
		{TLSEXT_SIGALG_rsa_pss_sha384, "rsa_pss_sha384"},
		@@ -540,10 +541,12 @@ static ssl_trace_tbl ssl_sigalg_tbl[] = {
		{TLSEXT_SIGALG_rsa_pkcs1_sha256, "rsa_pkcs1_sha256"},
		{TLSEXT_SIGALG_rsa_pkcs1_sha384, "rsa_pkcs1_sha384"},
		{TLSEXT_SIGALG_rsa_pkcs1_sha512, "rsa_pkcs1_sha512"},
		{TLSEXT_SIGALG_rsa_pkcs1_sha224, "rsa_pkcs1_sha224"},
		{TLSEXT_SIGALG_rsa_pkcs1_sha1, "rsa_pkcs1_sha1"},
		{TLSEXT_SIGALG_dsa_sha256, "dsa_sha256"},
		{TLSEXT_SIGALG_dsa_sha384, "dsa_sha384"},
		{TLSEXT_SIGALG_dsa_sha512, "dsa_sha512"},
		{TLSEXT_SIGALG_dsa_sha224, "dsa_sha224"},
		{TLSEXT_SIGALG_dsa_sha1, "dsa_sha1"},
		{TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"},
		{TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"},

Admin message