File 3721-ssl-Promote-securer-algorithms-by-default.... of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 3721-ssl-Promote-securer-algorithms-by-default.patch of Package erlang

From c7010912d938cb4f410f823abb7c0e8684da68e7 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 28 Mar 2022 09:26:30 +0200
Subject: [PATCH 1/2] ssl: Promote securer algorithms by default

Add RSASSA PSS algorithm default support to TLS-1.2.
Make EDDSA preferred in TLS-1.3

OTP-17565

Also fix a bug, that is that signature_algs_cert should be configurable also in
TLS-1.2. The bug was discovered due to negative test case starting to succeed
when default algorithms where changed.

OTP-18014
---
 lib/ssl/doc/src/ssl.xml         | 40 ++++++++++++++---------
 lib/ssl/src/ssl.erl             |  2 +-
 lib/ssl/src/tls_v1.erl          | 57 ++++++++++++++++++++++-----------
 lib/ssl/test/ssl_cert_SUITE.erl |  2 +-
 4 files changed, 65 insertions(+), 36 deletions(-)

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 1388111ee5..495f4426fa 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -422,7 +422,8 @@
 	 Signature algorithms used for certificates may be overridden by the
 	 <seetype marker="#sign_schemes">signature schemes</seetype> (algorithms) supplied by the <c>signature_algs_cert</c> option.
 
-	 TLS-1.2 default is 
+	 TLS-1.2 default is Default_TLS_12_Alg_Pairs interleaved with rsa_pss_schemes since ssl-11.0 (OTP-25)
+	 pss_pss is prefered over pss_rsae that is prefered over rsa
 
 	 <c>Default_TLS_12_Alg_Pairs =</c>
 	 <code>[
@@ -439,13 +440,21 @@
 {sha, ecdsa},
 {sha, rsa},
 {sha, dsa}
-]
-	 </code>
+]</code>
 
-	 Support for {md5, rsa} was removed from the TLS-1.2 default in ssl-8.0 (OTP-22) 
+Support for {md5, rsa} was removed from the the TLS-1.2 default in ssl-8.0 (OTP-22) 
 
+ <c> rsa_pss_schemes =</c>
+ <code>
+[rsa_pss_pss_sha512,
+rsa_pss_pss_sha384,
+rsa_pss_pss_sha256,
+rsa_pss_rsae_sha512,
+rsa_pss_rsae_sha384,
+rsa_pss_rsae_sha256]
+ </code>
 
- <c> TLS_13 _Legacy_Schemes =</c>
+ <c> TLS_13_Legacy_Schemes =</c>
 <code> [
 %% Legacy algorithms only applicable to certificate signatures
 rsa_pkcs1_sha512, %% Corresponds to {sha512, rsa}
@@ -458,21 +467,20 @@ rsa_pkcs1_sha1 %% Corresponds to {sha, rsa}
 
 <c> Default_TLS_13_Schemes =</c>
 <code> [
+ %% EDDSA
+eddsa_ed25519,
+eddsa_ed448
+
 %% ECDSA
 ecdsa_secp521r1_sha512,
 ecdsa_secp384r1_sha384,
-ecdsa_secp256r1_sha256,
+ecdsa_secp256r1_sha256] ++
+
 %% RSASSA-PSS
-rsa_pss_pss_sha512,
-rsa_pss_pss_sha384,
-rsa_pss_pss_sha256,
-rsa_pss_rsae_sha512,
-rsa_pss_rsae_sha384,
-rsa_pss_rsae_sha256,
-%% EDDSA
-eddsa_ed25519,
-eddsa_ed448]
-</code>
+rsa_pss_schemes()
+ </code>
+
+ EDDSA was made highest priority in ssl-11.0 (OTP-25) 
 
 TLS-1.3 default is
 <code>Default_TLS_13_Schemes ++ Legacy_TLS_13_Schemes </code>
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index a0217198ae..83e5b5d942 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -2481,7 +2481,7 @@ handle_hashsigns_option(_, _Version) ->
 undefined.
 
 handle_signature_algorithms_option(Value, Version) when is_list(Value)
- andalso Version >= {3, 4} ->
+ andalso Version >= {3, 3} ->
 case tls_v1:signature_schemes(Version, Value) of
 	[] ->
 	 throw({error, {options,
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 75d994f18c..e036efbe8c 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -869,25 +869,47 @@ signature_algs({3, 3}, HashSigns) ->
 default_signature_algs([{3, 4} = Version]) ->
 default_signature_schemes(Version) ++ legacy_signature_schemes(Version);
 default_signature_algs([{3, 4}, {3,3} | _]) ->
- default_signature_schemes({3,4}) ++ default_signature_algs([{3,3}]);
+ default_signature_schemes({3,4}) ++ default_pre_1_3_signature_algs_only();
 default_signature_algs([{3, 3} = Version |_]) ->
- Default = [%% SHA2
-	 {sha512, ecdsa},
-	 {sha512, rsa},
-	 {sha384, ecdsa},
-	 {sha384, rsa},
-	 {sha256, ecdsa},
-	 {sha256, rsa},
-	 {sha224, ecdsa},
-	 {sha224, rsa},
-	 %% SHA
-	 {sha, ecdsa},
-	 {sha, rsa},
-	 {sha, dsa}],
+ Default = [%% SHA2 ++ PSS
+ {sha512, ecdsa},
+ rsa_pss_pss_sha512,
+ rsa_pss_rsae_sha512,
+ {sha512, rsa},
+ {sha384, ecdsa},
+ rsa_pss_pss_sha384,
+ rsa_pss_rsae_sha384,
+ {sha384, rsa},
+ {sha256, ecdsa},
+ rsa_pss_pss_sha256,
+ rsa_pss_rsae_sha256,
+ {sha256, rsa},
+ {sha224, ecdsa},
+ {sha224, rsa},
+ %% SHA
+ {sha, ecdsa},
+ {sha, rsa},
+ {sha, dsa}],
 signature_algs(Version, Default);
 default_signature_algs(_) ->
 undefined.
 
+default_pre_1_3_signature_algs_only() ->
+ Default = [%% SHA2
+ {sha512, ecdsa},
+ {sha512, rsa},
+ {sha384, ecdsa},
+ {sha384, rsa},
+ {sha256, ecdsa},
+ {sha256, rsa},
+ {sha224, ecdsa},
+ {sha224, rsa},
+ %% SHA
+ {sha, ecdsa},
+ {sha, rsa},
+ {sha, dsa}],
+ signature_algs({3,3}, Default).
+
 
 signature_schemes(Version, [_|_] =SignatureSchemes) when is_tuple(Version)
 andalso Version >= {3, 3} ->
@@ -957,7 +979,8 @@ signature_schemes(_, _) ->
 [].
 
 default_signature_schemes(Version) ->
- Default = [
+ Default = [eddsa_ed25519,
+ eddsa_ed448,
 ecdsa_secp521r1_sha512,
 ecdsa_secp384r1_sha384,
 ecdsa_secp256r1_sha256,
@@ -966,9 +989,7 @@ default_signature_schemes(Version) ->
 rsa_pss_pss_sha256,
 rsa_pss_rsae_sha512,
 rsa_pss_rsae_sha384,
- rsa_pss_rsae_sha256,
- eddsa_ed25519,
- eddsa_ed448
+ rsa_pss_rsae_sha256
 ],
 signature_schemes(Version, Default).
 
diff --git a/lib/ssl/test/ssl_cert_SUITE.erl b/lib/ssl/test/ssl_cert_SUITE.erl
index 6b0b6f5f4d..6918a1bc22 100644
--- a/lib/ssl/test/ssl_cert_SUITE.erl
+++ b/lib/ssl/test/ssl_cert_SUITE.erl
@@ -1121,7 +1121,7 @@ unsupported_sign_algo_cert_client_auth(Config) ->
 'tlsv1.3' ->
 ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, certificate_required);
 _ ->
- ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, insufficient_security)
+ ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, bad_certificate)
 end.
 
 %%--------------------------------------------------------------------
-- 
2.34.1

Places

File 3721-ssl-Promote-securer-algorithms-by-default.patch of Package erlang

Places