Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:23
erlang
4572-ssl-Fix-filter-and-conversions-of-singnatu...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 4572-ssl-Fix-filter-and-conversions-of-singnature-algorit.patch of Package erlang
From b7f0b29d2e3f5209a947a922e6c6606734494579 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin <ingela@erlang.org> Date: Wed, 13 Oct 2021 15:05:06 +0200 Subject: [PATCH 2/4] ssl: Fix filter and conversions of singnature algorithms schemes for TLS-1.2 --- lib/ssl/src/ssl_cipher.erl | 29 +++++++++++++++++++++++++---- lib/ssl/src/ssl_handshake.erl | 12 +++++++++--- 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index 63f46346ee..af53640ab9 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -597,6 +597,19 @@ signature_scheme(rsa_pss_pss_sha384) -> ?RSA_PSS_PSS_SHA384; signature_scheme(rsa_pss_pss_sha512) -> ?RSA_PSS_PSS_SHA512; signature_scheme(rsa_pkcs1_sha1) -> ?RSA_PKCS1_SHA1; signature_scheme(ecdsa_sha1) -> ?ECDSA_SHA1; +%% New algorithms on legacy format +signature_scheme({sha512, rsa_pss_pss}) -> + ?RSA_PSS_PSS_SHA512; +signature_scheme({sha384, rsa_pss_pss}) -> + ?RSA_PSS_PSS_SHA384; +signature_scheme({sha256, rsa_pss_pss}) -> + ?RSA_PSS_PSS_SHA256; +signature_scheme({sha512, rsa_pss_rsae}) -> + ?RSA_PSS_RSAE_SHA512; +signature_scheme({sha384, rsa_pss_rsae}) -> + ?RSA_PSS_RSAE_SHA384; +signature_scheme({sha256, rsa_pss_rsae}) -> + ?RSA_PSS_RSAE_SHA256; %% Handling legacy signature algorithms signature_scheme({Hash0, Sign0}) -> Hash = hash_algorithm(Hash0), @@ -627,10 +640,18 @@ signature_scheme(SignAlgo) when is_integer(SignAlgo) -> signature_scheme(_) -> unassigned. signature_schemes_1_2(SigAlgs) -> - lists:map(fun(Algs) -> - {Hash, Sign, _} = scheme_to_components(Algs), - {Hash, Sign} - end, SigAlgs). + lists:foldl(fun(Alg, Acc) when is_atom(Alg) -> + case scheme_to_components(Alg) of + {Hash, Sign = rsa_pss_pss,_} -> + [{Hash, Sign} | Acc]; + {Hash, Sign = rsa_pss_rsae,_} -> + [{Hash, Sign} | Acc]; + {_, _, _} -> + Acc + end; + (Alg, Acc) -> + [Alg| Acc] + end, [], SigAlgs). %% TODO: reserved code points? diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 6210240011..2d5e29fb61 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -652,8 +652,8 @@ encode_extensions([#srp{username = UserName} | Rest], Acc) -> encode_extensions(Rest, <<?UINT16(?SRP_EXT), ?UINT16(Len), ?BYTE(SRPLen), UserName/binary, Acc/binary>>); encode_extensions([#hash_sign_algos{hash_sign_algos = HashSignAlgos} | Rest], Acc) -> - SignAlgoList = << <<(ssl_cipher:hash_algorithm(Hash)):8, (ssl_cipher:sign_algorithm(Sign)):8>> || - {Hash, Sign} <- HashSignAlgos >>, + SignAlgoList = << <<(ssl_cipher:signature_scheme(SignatureScheme)):16 >> || + SignatureScheme <- HashSignAlgos >>, ListLen = byte_size(SignAlgoList), Len = ListLen + 2, encode_extensions(Rest, <<?UINT16(?SIGNATURE_ALGORITHMS_EXT), @@ -988,12 +988,18 @@ available_signature_algs(undefined, _) -> available_signature_algs(SupportedHashSigns, Version) when Version >= {3, 3} -> case contains_scheme(SupportedHashSigns) of true -> - #signature_algorithms{signature_scheme_list = SupportedHashSigns}; + case Version of + {3,3} -> + #hash_sign_algos{hash_sign_algos = ssl_cipher:signature_schemes_1_2(SupportedHashSigns)}; + _ -> + #signature_algorithms{signature_scheme_list = SupportedHashSigns} + end; false -> #hash_sign_algos{hash_sign_algos = SupportedHashSigns} end; available_signature_algs(_, _) -> undefined. + available_signature_algs(undefined, SupportedHashSigns, _, Version) when Version >= {3,3} -> SupportedHashSigns; -- 2.31.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor