File 4572-ssl-Fix-filter-and-conversions-of-singnatu... of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 4572-ssl-Fix-filter-and-conversions-of-singnature-algorit.patch of Package erlang

From b7f0b29d2e3f5209a947a922e6c6606734494579 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 13 Oct 2021 15:05:06 +0200
Subject: [PATCH 2/4] ssl: Fix filter and conversions of singnature algorithms
 schemes for TLS-1.2

---
 lib/ssl/src/ssl_cipher.erl    | 29 +++++++++++++++++++++++++----
 lib/ssl/src/ssl_handshake.erl | 12 +++++++++---
 2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 63f46346ee..af53640ab9 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -597,6 +597,19 @@ signature_scheme(rsa_pss_pss_sha384) -> ?RSA_PSS_PSS_SHA384;
 signature_scheme(rsa_pss_pss_sha512) -> ?RSA_PSS_PSS_SHA512;
 signature_scheme(rsa_pkcs1_sha1) -> ?RSA_PKCS1_SHA1;
 signature_scheme(ecdsa_sha1) -> ?ECDSA_SHA1;
+%% New algorithms on legacy format
+signature_scheme({sha512, rsa_pss_pss}) ->
+    ?RSA_PSS_PSS_SHA512;
+signature_scheme({sha384, rsa_pss_pss}) ->
+    ?RSA_PSS_PSS_SHA384;
+signature_scheme({sha256, rsa_pss_pss}) ->
+    ?RSA_PSS_PSS_SHA256;
+signature_scheme({sha512, rsa_pss_rsae}) ->
+    ?RSA_PSS_RSAE_SHA512;
+signature_scheme({sha384, rsa_pss_rsae}) ->
+    ?RSA_PSS_RSAE_SHA384;
+signature_scheme({sha256, rsa_pss_rsae}) ->
+    ?RSA_PSS_RSAE_SHA256;
 %% Handling legacy signature algorithms
 signature_scheme({Hash0, Sign0}) ->
     Hash = hash_algorithm(Hash0),
@@ -627,10 +640,18 @@ signature_scheme(SignAlgo) when is_integer(SignAlgo) ->
 signature_scheme(_) -> unassigned.
 
 signature_schemes_1_2(SigAlgs) ->
-    lists:map(fun(Algs) ->
-                      {Hash, Sign, _} = scheme_to_components(Algs),
-                      {Hash, Sign}
-              end, SigAlgs).
+    lists:foldl(fun(Alg, Acc) when is_atom(Alg) ->
+                        case scheme_to_components(Alg) of
+                            {Hash, Sign = rsa_pss_pss,_} ->
+                                [{Hash, Sign} | Acc];
+                            {Hash, Sign = rsa_pss_rsae,_} ->
+                                [{Hash, Sign} | Acc];
+                            {_, _, _} ->
+                                Acc
+                        end;
+                   (Alg, Acc) ->
+                        [Alg| Acc]
+                end, [], SigAlgs).
 
 %% TODO: reserved code points?
 
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 6210240011..2d5e29fb61 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -652,8 +652,8 @@ encode_extensions([#srp{username = UserName} | Rest], Acc) ->
     encode_extensions(Rest, <<?UINT16(?SRP_EXT), ?UINT16(Len), ?BYTE(SRPLen),
 				    UserName/binary, Acc/binary>>);
 encode_extensions([#hash_sign_algos{hash_sign_algos = HashSignAlgos} | Rest], Acc) ->
-    SignAlgoList = << <<(ssl_cipher:hash_algorithm(Hash)):8, (ssl_cipher:sign_algorithm(Sign)):8>> ||
-		       {Hash, Sign} <- HashSignAlgos >>,
+    SignAlgoList = << <<(ssl_cipher:signature_scheme(SignatureScheme)):16 >> ||
+		       SignatureScheme <- HashSignAlgos >>,
     ListLen = byte_size(SignAlgoList),
     Len = ListLen + 2,
     encode_extensions(Rest, <<?UINT16(?SIGNATURE_ALGORITHMS_EXT),
@@ -988,12 +988,18 @@ available_signature_algs(undefined, _)  ->
 available_signature_algs(SupportedHashSigns, Version) when Version >= {3, 3} ->
     case contains_scheme(SupportedHashSigns) of
         true ->
-            #signature_algorithms{signature_scheme_list = SupportedHashSigns};
+            case Version of 
+                {3,3} ->
+                    #hash_sign_algos{hash_sign_algos = ssl_cipher:signature_schemes_1_2(SupportedHashSigns)};
+                _ ->
+                    #signature_algorithms{signature_scheme_list = SupportedHashSigns}
+            end;
         false ->
             #hash_sign_algos{hash_sign_algos = SupportedHashSigns}
     end;
 available_signature_algs(_, _) ->
     undefined.
+
 available_signature_algs(undefined, SupportedHashSigns, _, Version) when 
       Version >= {3,3} ->
     SupportedHashSigns;
-- 
2.31.1

Places

File 4572-ssl-Fix-filter-and-conversions-of-singnature-algorit.patch of Package erlang

Places