diff options
author | Adam Langley <agl@google.com> | 2016-11-22 09:24:27 -0800 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2016-11-22 22:03:32 +0000 |
commit | 78684e5b222645828ca302e56b40b9daff2b2d27 (patch) | |
tree | 3d8630eed64299512fee1f421e713fcf7f9b67d5 /ssl | |
parent | 0d81373f9169637ff935449227be924c08bf1ec5 (diff) | |
download | boringssl-version_for_cocoapods_8.0.zip boringssl-version_for_cocoapods_8.0.tar.gz boringssl-version_for_cocoapods_8.0.tar.bz2 |
Disable RSA-PSS by default.version_for_cocoapods_8.0chromium-2883
This change reverts 57e929f3c8c3d412639eb123382c79ff3bdc3ed3, although
it was done by hand due to conflicts.
BUG=chromium:667806
Change-Id: I17ddf2e5aa7d5129fe09cdeaf63c675091b445b0
Reviewed-on: https://boringssl-review.googlesource.com/12420
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_test.cc | 61 | ||||
-rw-r--r-- | ssl/t1_lib.c | 38 | ||||
-rw-r--r-- | ssl/test/runner/runner.go | 45 |
3 files changed, 100 insertions, 44 deletions
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 4ad513e..905aa3f 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -1774,20 +1774,53 @@ static bool TestClientHello() { } static const uint8_t kTLS12ClientHello[] = { - 0x16, 0x03, 0x01, 0x00, 0xa2, 0x01, 0x00, 0x00, 0x9e, 0x03, 0x03, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0xcc, 0xa9, - 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, - 0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13, - 0xc0, 0x27, 0x00, 0x33, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14, - 0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, - 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x3b, - 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, - 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, - 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, - 0x03, 0x02, 0x01, 0x02, 0x03, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, - 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, + 0x16, + 0x03, 0x01, + 0x00, 0x9c, + 0x01, + 0x00, 0x00, 0x98, + 0x03, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, + 0x00, 0x3a, + 0xcc, 0xa9, + 0xcc, 0xa8, + 0xcc, 0x14, + 0xcc, 0x13, + 0xc0, 0x2b, + 0xc0, 0x2f, + 0x00, 0x9e, + 0xc0, 0x2c, + 0xc0, 0x30, + 0x00, 0x9f, + 0xc0, 0x09, + 0xc0, 0x23, + 0xc0, 0x13, + 0xc0, 0x27, + 0x00, 0x33, + 0x00, 0x67, + 0xc0, 0x0a, + 0xc0, 0x24, + 0xc0, 0x14, + 0xc0, 0x28, + 0x00, 0x39, + 0x00, 0x6b, + 0x00, 0x9c, + 0x00, 0x9d, + 0x00, 0x2f, + 0x00, 0x3c, + 0x00, 0x35, + 0x00, 0x3d, + 0x00, 0x0a, + 0x01, 0x00, 0x00, 0x35, 0xff, 0x01, 0x00, 0x01, + 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, + 0x12, 0x00, 0x10, 0x06, 0x01, 0x06, 0x03, 0x05, 0x01, 0x05, 0x03, 0x04, + 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 0x00, 0x0b, 0x00, 0x02, 0x01, + 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, + 0x18, }; if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello, sizeof(kTLS12ClientHello))) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index da446e0..d1cf3b5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -512,24 +512,29 @@ done: * customisable at some point, for now include everything we support. */ static const uint16_t kDefaultSignatureAlgorithms[] = { - /* For now, do not ship RSA-PSS signature algorithms on Android's system - * BoringSSL. Once TLS 1.3 is finalized and the change in Chrome has stuck, - * restore them. */ -#if !defined(BORINGSSL_ANDROID_SYSTEM) + SSL_SIGN_RSA_PKCS1_SHA512, + SSL_SIGN_ECDSA_SECP521R1_SHA512, + + SSL_SIGN_RSA_PKCS1_SHA384, + SSL_SIGN_ECDSA_SECP384R1_SHA384, + + SSL_SIGN_RSA_PKCS1_SHA256, + SSL_SIGN_ECDSA_SECP256R1_SHA256, + + SSL_SIGN_RSA_PKCS1_SHA1, + SSL_SIGN_ECDSA_SHA1, +}; + +static const uint16_t kDefaultTLS13SignatureAlgorithms[] = { SSL_SIGN_RSA_PSS_SHA512, -#endif SSL_SIGN_RSA_PKCS1_SHA512, SSL_SIGN_ECDSA_SECP521R1_SHA512, -#if !defined(BORINGSSL_ANDROID_SYSTEM) SSL_SIGN_RSA_PSS_SHA384, -#endif SSL_SIGN_RSA_PKCS1_SHA384, SSL_SIGN_ECDSA_SECP384R1_SHA384, -#if !defined(BORINGSSL_ANDROID_SYSTEM) SSL_SIGN_RSA_PSS_SHA256, -#endif SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_ECDSA_SECP256R1_SHA256, @@ -538,6 +543,21 @@ static const uint16_t kDefaultSignatureAlgorithms[] = { }; size_t tls12_get_psigalgs(SSL *ssl, const uint16_t **psigs) { + uint16_t min_version, max_version; + if (!ssl_get_version_range(ssl, &min_version, &max_version)) { + assert(0); /* This should never happen. */ + + /* Return an empty list. */ + ERR_clear_error(); + *psigs = NULL; + return 0; + } + + if (max_version >= TLS1_3_VERSION) { + *psigs = kDefaultTLS13SignatureAlgorithms; + return OPENSSL_ARRAY_SIZE(kDefaultTLS13SignatureAlgorithms); + } + *psigs = kDefaultSignatureAlgorithms; return OPENSSL_ARRAY_SIZE(kDefaultSignatureAlgorithms); } diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index ec20947..ac11b8e 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -6484,30 +6484,33 @@ func addSignatureAlgorithmTests() { expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:", }) - // Test that RSA-PSS is enabled by default for TLS 1.2. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "RSA-PSS-Default-Verify", - config: Config{ - MaxVersion: VersionTLS12, - SignSignatureAlgorithms: []signatureAlgorithm{ - signatureRSAPSSWithSHA256, + // Disabled because RSA-PSS support was removed in this branch. + if false { + // Test that RSA-PSS is enabled by default for TLS 1.2. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "RSA-PSS-Default-Verify", + config: Config{ + MaxVersion: VersionTLS12, + SignSignatureAlgorithms: []signatureAlgorithm{ + signatureRSAPSSWithSHA256, + }, }, - }, - flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, - }) + flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "RSA-PSS-Default-Sign", - config: Config{ - MaxVersion: VersionTLS12, - VerifySignatureAlgorithms: []signatureAlgorithm{ - signatureRSAPSSWithSHA256, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "RSA-PSS-Default-Sign", + config: Config{ + MaxVersion: VersionTLS12, + VerifySignatureAlgorithms: []signatureAlgorithm{ + signatureRSAPSSWithSHA256, + }, }, - }, - flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, - }) + flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, + }) + } } // timeouts is the retransmit schedule for BoringSSL. It doubles and |