Rename SSL_SIGN_RSA_PSS_SHA* constants.

This reflects the change to add the key type into the constant. The old
constants are left around for now as legacy aliases and will be removed
later.

Change-Id: I67f1b50c01fbe0ebf4a2e9e89d3e7d5ed5f5a9d7
Reviewed-on: https://boringssl-review.googlesource.com/27486
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2018-04-13 16:01:02 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent 5ad94767ab
commit 6879e19362
5 changed files with 38 additions and 62 deletions

View File

@ -970,9 +970,9 @@ OPENSSL_EXPORT int SSL_set_ocsp_response(SSL *ssl,
#define SSL_SIGN_ECDSA_SECP256R1_SHA256 0x0403 #define SSL_SIGN_ECDSA_SECP256R1_SHA256 0x0403
#define SSL_SIGN_ECDSA_SECP384R1_SHA384 0x0503 #define SSL_SIGN_ECDSA_SECP384R1_SHA384 0x0503
#define SSL_SIGN_ECDSA_SECP521R1_SHA512 0x0603 #define SSL_SIGN_ECDSA_SECP521R1_SHA512 0x0603
#define SSL_SIGN_RSA_PSS_SHA256 0x0804 #define SSL_SIGN_RSA_PSS_RSAE_SHA256 0x0804
#define SSL_SIGN_RSA_PSS_SHA384 0x0805 #define SSL_SIGN_RSA_PSS_RSAE_SHA384 0x0805
#define SSL_SIGN_RSA_PSS_SHA512 0x0806 #define SSL_SIGN_RSA_PSS_RSAE_SHA512 0x0806
#define SSL_SIGN_ED25519 0x0807 #define SSL_SIGN_ED25519 0x0807
// SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal signature algorithm used to // SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal signature algorithm used to
@ -4116,6 +4116,12 @@ OPENSSL_EXPORT SSL_SESSION *SSL_get1_session(SSL *ssl);
OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts, OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts,
const OPENSSL_INIT_SETTINGS *settings); const OPENSSL_INIT_SETTINGS *settings);
// The following constants are legacy aliases for RSA-PSS with rsaEncryption
// keys. Use the new names instead.
#define SSL_SIGN_RSA_PSS_SHA256 SSL_SIGN_RSA_PSS_RSAE_SHA256
#define SSL_SIGN_RSA_PSS_SHA384 SSL_SIGN_RSA_PSS_RSAE_SHA384
#define SSL_SIGN_RSA_PSS_SHA512 SSL_SIGN_RSA_PSS_RSAE_SHA512
// Private structures. // Private structures.
// //

View File

@ -111,9 +111,9 @@ static const SSL_SIGNATURE_ALGORITHM kSignatureAlgorithms[] = {
{SSL_SIGN_RSA_PKCS1_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 0}, {SSL_SIGN_RSA_PKCS1_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 0},
{SSL_SIGN_RSA_PKCS1_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 0}, {SSL_SIGN_RSA_PKCS1_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 0},
{SSL_SIGN_RSA_PSS_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, 1}, {SSL_SIGN_RSA_PSS_RSAE_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, 1},
{SSL_SIGN_RSA_PSS_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 1}, {SSL_SIGN_RSA_PSS_RSAE_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 1},
{SSL_SIGN_RSA_PSS_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 1}, {SSL_SIGN_RSA_PSS_RSAE_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 1},
{SSL_SIGN_ECDSA_SHA1, EVP_PKEY_EC, NID_undef, &EVP_sha1, 0}, {SSL_SIGN_ECDSA_SHA1, EVP_PKEY_EC, NID_undef, &EVP_sha1, 0},
{SSL_SIGN_ECDSA_SECP256R1_SHA256, EVP_PKEY_EC, NID_X9_62_prime256v1, {SSL_SIGN_ECDSA_SECP256R1_SHA256, EVP_PKEY_EC, NID_X9_62_prime256v1,
@ -429,12 +429,12 @@ const char *SSL_get_signature_algorithm_name(uint16_t sigalg,
return include_curve ? "ecdsa_secp384r1_sha384" : "ecdsa_sha384"; return include_curve ? "ecdsa_secp384r1_sha384" : "ecdsa_sha384";
case SSL_SIGN_ECDSA_SECP521R1_SHA512: case SSL_SIGN_ECDSA_SECP521R1_SHA512:
return include_curve ? "ecdsa_secp521r1_sha512" : "ecdsa_sha512"; return include_curve ? "ecdsa_secp521r1_sha512" : "ecdsa_sha512";
case SSL_SIGN_RSA_PSS_SHA256: case SSL_SIGN_RSA_PSS_RSAE_SHA256:
return "rsa_pss_sha256"; return "rsa_pss_rsae_sha256";
case SSL_SIGN_RSA_PSS_SHA384: case SSL_SIGN_RSA_PSS_RSAE_SHA384:
return "rsa_pss_sha384"; return "rsa_pss_rsae_sha384";
case SSL_SIGN_RSA_PSS_SHA512: case SSL_SIGN_RSA_PSS_RSAE_SHA512:
return "rsa_pss_sha512"; return "rsa_pss_rsae_sha512";
case SSL_SIGN_ED25519: case SSL_SIGN_ED25519:
return "ed25519"; return "ed25519";
default: default:

View File

@ -3884,10 +3884,10 @@ TEST(SSLTest, SignatureAlgorithmProperties) {
SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_ECDSA_SECP256R1_SHA256)); SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_ECDSA_SECP256R1_SHA256));
EXPECT_EQ(EVP_PKEY_RSA, EXPECT_EQ(EVP_PKEY_RSA,
SSL_get_signature_algorithm_key_type(SSL_SIGN_RSA_PSS_SHA384)); SSL_get_signature_algorithm_key_type(SSL_SIGN_RSA_PSS_RSAE_SHA384));
EXPECT_EQ(EVP_sha384(), EXPECT_EQ(EVP_sha384(),
SSL_get_signature_algorithm_digest(SSL_SIGN_RSA_PSS_SHA384)); SSL_get_signature_algorithm_digest(SSL_SIGN_RSA_PSS_RSAE_SHA384));
EXPECT_TRUE(SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_RSA_PSS_SHA384)); EXPECT_TRUE(SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_RSA_PSS_RSAE_SHA384));
} }
void MoveBIOs(SSL *dest, SSL *src) { void MoveBIOs(SSL *dest, SSL *src) {

View File

@ -419,15 +419,15 @@ static const uint16_t kVerifySignatureAlgorithms[] = {
// List our preferred algorithms first. // List our preferred algorithms first.
SSL_SIGN_ED25519, SSL_SIGN_ED25519,
SSL_SIGN_ECDSA_SECP256R1_SHA256, SSL_SIGN_ECDSA_SECP256R1_SHA256,
SSL_SIGN_RSA_PSS_SHA256, SSL_SIGN_RSA_PSS_RSAE_SHA256,
SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_RSA_PKCS1_SHA256,
// Larger hashes are acceptable. // Larger hashes are acceptable.
SSL_SIGN_ECDSA_SECP384R1_SHA384, SSL_SIGN_ECDSA_SECP384R1_SHA384,
SSL_SIGN_RSA_PSS_SHA384, SSL_SIGN_RSA_PSS_RSAE_SHA384,
SSL_SIGN_RSA_PKCS1_SHA384, SSL_SIGN_RSA_PKCS1_SHA384,
SSL_SIGN_RSA_PSS_SHA512, SSL_SIGN_RSA_PSS_RSAE_SHA512,
SSL_SIGN_RSA_PKCS1_SHA512, SSL_SIGN_RSA_PKCS1_SHA512,
// For now, SHA-1 is still accepted but least preferable. // For now, SHA-1 is still accepted but least preferable.
@ -445,18 +445,18 @@ static const uint16_t kSignSignatureAlgorithms[] = {
// List our preferred algorithms first. // List our preferred algorithms first.
SSL_SIGN_ED25519, SSL_SIGN_ED25519,
SSL_SIGN_ECDSA_SECP256R1_SHA256, SSL_SIGN_ECDSA_SECP256R1_SHA256,
SSL_SIGN_RSA_PSS_SHA256, SSL_SIGN_RSA_PSS_RSAE_SHA256,
SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_RSA_PKCS1_SHA256,
// If needed, sign larger hashes. // If needed, sign larger hashes.
// //
// TODO(davidben): Determine which of these may be pruned. // TODO(davidben): Determine which of these may be pruned.
SSL_SIGN_ECDSA_SECP384R1_SHA384, SSL_SIGN_ECDSA_SECP384R1_SHA384,
SSL_SIGN_RSA_PSS_SHA384, SSL_SIGN_RSA_PSS_RSAE_SHA384,
SSL_SIGN_RSA_PKCS1_SHA384, SSL_SIGN_RSA_PKCS1_SHA384,
SSL_SIGN_ECDSA_SECP521R1_SHA512, SSL_SIGN_ECDSA_SECP521R1_SHA512,
SSL_SIGN_RSA_PSS_SHA512, SSL_SIGN_RSA_PSS_RSAE_SHA512,
SSL_SIGN_RSA_PKCS1_SHA512, SSL_SIGN_RSA_PKCS1_SHA512,
// If the peer supports nothing else, sign with SHA-1. // If the peer supports nothing else, sign with SHA-1.

View File

@ -333,40 +333,14 @@ static ssl_private_key_result_t AsyncPrivateKeySign(
abort(); abort();
} }
// Determine the hash. if (EVP_PKEY_id(test_state->private_key.get()) !=
const EVP_MD *md; SSL_get_signature_algorithm_key_type(signature_algorithm)) {
switch (signature_algorithm) { fprintf(stderr, "Key type does not match signature algorithm.\n");
case SSL_SIGN_RSA_PKCS1_SHA1: abort();
case SSL_SIGN_ECDSA_SHA1:
md = EVP_sha1();
break;
case SSL_SIGN_RSA_PKCS1_SHA256:
case SSL_SIGN_ECDSA_SECP256R1_SHA256:
case SSL_SIGN_RSA_PSS_SHA256:
md = EVP_sha256();
break;
case SSL_SIGN_RSA_PKCS1_SHA384:
case SSL_SIGN_ECDSA_SECP384R1_SHA384:
case SSL_SIGN_RSA_PSS_SHA384:
md = EVP_sha384();
break;
case SSL_SIGN_RSA_PKCS1_SHA512:
case SSL_SIGN_ECDSA_SECP521R1_SHA512:
case SSL_SIGN_RSA_PSS_SHA512:
md = EVP_sha512();
break;
case SSL_SIGN_RSA_PKCS1_MD5_SHA1:
md = EVP_md5_sha1();
break;
case SSL_SIGN_ED25519:
md = nullptr;
break;
default:
fprintf(stderr, "Unknown signature algorithm %04x.\n",
signature_algorithm);
return ssl_private_key_failure;
} }
// Determine the hash.
const EVP_MD *md = SSL_get_signature_algorithm_digest(signature_algorithm);
bssl::ScopedEVP_MD_CTX ctx; bssl::ScopedEVP_MD_CTX ctx;
EVP_PKEY_CTX *pctx; EVP_PKEY_CTX *pctx;
if (!EVP_DigestSignInit(ctx.get(), &pctx, md, nullptr, if (!EVP_DigestSignInit(ctx.get(), &pctx, md, nullptr,
@ -375,15 +349,11 @@ static ssl_private_key_result_t AsyncPrivateKeySign(
} }
// Configure additional signature parameters. // Configure additional signature parameters.
switch (signature_algorithm) { if (SSL_is_signature_algorithm_rsa_pss(signature_algorithm)) {
case SSL_SIGN_RSA_PSS_SHA256: if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
case SSL_SIGN_RSA_PSS_SHA384: !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1 /* salt len = hash len */)) {
case SSL_SIGN_RSA_PSS_SHA512: return ssl_private_key_failure;
if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || }
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
-1 /* salt len = hash len */)) {
return ssl_private_key_failure;
}
} }
// Write the signature into |test_state|. // Write the signature into |test_state|.