Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:26
erlang
1653-ssl-Be-explcit-about-negotiated-params.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 1653-ssl-Be-explcit-about-negotiated-params.patch of Package erlang
From 7ac2a64a813e4d22789ef57a36e2ca02afa29525 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin <ingela@erlang.org> Date: Sat, 25 Nov 2023 10:50:19 +0100 Subject: [PATCH 3/4] ssl: Be explcit about negotiated params Do not use undocumented OpenSSL "implicit param", rather be explicit about what PSS params that where negotiated. --- lib/ssl/src/ssl_handshake.erl | 41 ++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index c72c950d1b..c59d97b882 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -388,15 +388,15 @@ certificate_verify(Signature, PublicKeyInfo, Version, %% Description: Checks that a public_key signature is valid. %%-------------------------------------------------------------------- verify_signature(_, Msg, {HashAlgo, SignAlgo}, Signature, - {_, PubKey, PubKeyParams}) when SignAlgo == rsa_pss_rsae; - SignAlgo == rsa_pss_pss -> - Options = verify_options(SignAlgo, HashAlgo, PubKeyParams), + {_, PubKey, _}) when SignAlgo == rsa_pss_rsae; + SignAlgo == rsa_pss_pss -> + Options = verify_options(SignAlgo, HashAlgo), public_key:verify(Msg, HashAlgo, Signature, PubKey, Options); -verify_signature(Version, Msg, {HashAlgo, SignAlgo}, Signature, {?rsaEncryption, PubKey, PubKeyParams}) +verify_signature(Version, Msg, {HashAlgo, SignAlgo}, Signature, {?rsaEncryption, PubKey, _}) when ?TLS_GTE(Version, ?TLS_1_2) -> - Options = verify_options(SignAlgo, HashAlgo, PubKeyParams), + Options = verify_options(SignAlgo, HashAlgo), public_key:verify(Msg, HashAlgo, Signature, PubKey, Options); -verify_signature(Version, {digest, Digest}, _HashAlgo, Signature, {?rsaEncryption, PubKey, _PubKeyParams}) +verify_signature(Version, {digest, Digest}, _HashAlgo, Signature, {?rsaEncryption, PubKey, _}) when ?TLS_LTE(Version, ?TLS_1_1) -> case public_key:decrypt_public(Signature, PubKey, [{rsa_pad, rsa_pkcs1_padding}]) of @@ -2167,25 +2167,32 @@ do_digitally_signed(_, Msg, HashAlgo, Key, SignAlgo) -> Options = signature_options(SignAlgo, HashAlgo), public_key:sign(Msg, HashAlgo, Key, Options). -signature_options(SignAlgo, HashAlgo) when SignAlgo =:= rsa_pss_rsae orelse - SignAlgo =:= rsa_pss_pss -> - pss_options(HashAlgo); +signature_options(rsa_pss_rsae, HashAlgo) -> + pss_options(HashAlgo, hash_algo_byte_size(HashAlgo)); +signature_options(rsa_pss_pss, HashAlgo) -> + pss_options(HashAlgo, hash_algo_byte_size(HashAlgo)); signature_options(_, _) -> []. -verify_options(SignAlgo, HashAlgo, _KeyParams) - when SignAlgo =:= rsa_pss_rsae orelse - SignAlgo =:= rsa_pss_pss -> - pss_options(HashAlgo); -verify_options(_, _, _) -> +verify_options(rsa_pss_rsae, HashAlgo) -> + pss_options(HashAlgo, hash_algo_byte_size(HashAlgo)); +verify_options(rsa_pss_pss, HashAlgo) -> + pss_options(HashAlgo, hash_algo_byte_size(HashAlgo)); +verify_options(_, _) -> []. -pss_options(HashAlgo) -> - %% of the digest algorithm: rsa_pss_saltlen = -1 +pss_options(HashAlgo, SaltLen) -> [{rsa_padding, rsa_pkcs1_pss_padding}, - {rsa_pss_saltlen, -1}, + {rsa_pss_saltlen, SaltLen}, {rsa_mgf1_md, HashAlgo}]. +hash_algo_byte_size(sha256) -> + 32; +hash_algo_byte_size(sha384) -> + 48; +hash_algo_byte_size(sha512) -> + 64. + bad_key(#'DSAPrivateKey'{}) -> unacceptable_dsa_key; bad_key(#'RSAPrivateKey'{}) -> -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor