File 0719-ssl-Fix-typo-of-ECC-signature-name.patch of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 0719-ssl-Fix-typo-of-ECC-signature-name.patch of Package erlang

From 76d3c7ccc4f2fda95cab00f09f4090e3d50d2838 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 16 Nov 2021 18:23:05 +0100
Subject: [PATCH] ssl: Fix typo of ECC signature name

Closes #5383
---
 lib/ssl/src/ssl_cipher.erl                    |  2 +-
 .../property_test/ssl_eqc_cipher_format.erl   | 59 +++++++++++++++++++
 lib/ssl/test/ssl_eqc_SUITE.erl                |  7 +++
 3 files changed, 67 insertions(+), 1 deletion(-)

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index f2e9511553..52d37d9093 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -892,7 +892,7 @@ signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA
 signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA384'}) ->
     ecdsa_secp384r1_sha384;
 signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA512'}) ->
-    ecdsa_secp512r1_sha512;
+    ecdsa_secp521r1_sha512;
 signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'sha-1WithRSAEncryption'}) ->
     rsa_pkcs1_sha1;
 signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha1WithRSAEncryption}) ->
diff --git a/lib/ssl/test/property_test/ssl_eqc_cipher_format.erl b/lib/ssl/test/property_test/ssl_eqc_cipher_format.erl
index cf6ed755f7..11330b111b 100644
--- a/lib/ssl/test/property_test/ssl_eqc_cipher_format.erl
+++ b/lib/ssl/test/property_test/ssl_eqc_cipher_format.erl
@@ -51,6 +51,8 @@
 -endif.
 -endif.
 
+-include_lib("public_key/include/public_key.hrl").
+
 -define('TLS_v1.3', 'tlsv1.3').
 -define('TLS_v1.2', 'tlsv1.2').
 -define('TLS_v1.1', 'tlsv1.1').
@@ -105,6 +107,11 @@ prop_tls_anon_cipher_suite_openssl_name() ->
 	    end
 	   ).
 
+prop_tls_signature_algs() ->
+    ?FORALL(SigAlg, ?LET(SigAlg, sig_alg(), SigAlg),
+            true = lists:member(ssl_cipher:signature_algorithm_to_scheme(SigAlg), sig_schemes())
+	   ).
+
 %%--------------------------------------------------------------------
 %% Generators  -----------------------------------------------
 %%--------------------------------------------------------------------
@@ -272,3 +279,55 @@ openssl_legacy_names() ->
      "SRP-AES-128-CBC-SHA",
      "SRP-AES-256-CBC-SHA"
     ]. 
+
+
+sig_alg() ->
+    oneof([#'SignatureAlgorithm'{algorithm = ?'id-RSASSA-PSS',
+                                 parameters =  #'RSASSA-PSS-params'{
+                                                  maskGenAlgorithm =
+                                                      #'MaskGenAlgorithm'{algorithm = ?'id-mgf1',
+                                                                          parameters =  #'HashAlgorithm'{algorithm = ?'id-sha256'}}}},
+           #'SignatureAlgorithm'{algorithm = ?'id-RSASSA-PSS',
+                                 parameters =  #'RSASSA-PSS-params'{
+                                                  maskGenAlgorithm =
+                                                      #'MaskGenAlgorithm'{algorithm = ?'id-mgf1',
+                                                                          parameters = #'HashAlgorithm'{algorithm = ?'id-sha384'}}}},
+
+           #'SignatureAlgorithm'{algorithm = ?'id-RSASSA-PSS',
+                                 parameters =  #'RSASSA-PSS-params'{
+                                                  maskGenAlgorithm =
+                                                      #'MaskGenAlgorithm'{algorithm = ?'id-mgf1',
+                                                                          parameters = #'HashAlgorithm'{algorithm = ?'id-sha512'}}}},
+           #'SignatureAlgorithm'{algorithm = ?sha256WithRSAEncryption},
+           #'SignatureAlgorithm'{algorithm = ?sha384WithRSAEncryption},
+           #'SignatureAlgorithm'{algorithm = ?sha512WithRSAEncryption},
+           #'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA256'},
+           #'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA384'},
+           #'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA512'},
+           #'SignatureAlgorithm'{algorithm = ?'sha-1WithRSAEncryption'},
+           #'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA1'},
+           #'SignatureAlgorithm'{algorithm = ?'id-Ed25519'},
+           #'SignatureAlgorithm'{algorithm = ?'id-Ed448'},
+           #'SignatureAlgorithm'{algorithm = ?'rsaEncryption',
+                                 parameters = 'NULL'},
+           #'SignatureAlgorithm'{algorithm = ?'rsaEncryption'},
+           #'SignatureAlgorithm'{algorithm = ?'id-RSASSA-PSS'}]).
+
+sig_schemes() ->
+    [rsa_pss_pss_sha256,
+     rsa_pss_pss_sha384,
+     rsa_pss_pss_sha512,
+     rsa_pkcs1_sha256,
+     rsa_pkcs1_sha384,
+     rsa_pkcs1_sha512,
+     ecdsa_secp256r1_sha256,
+     ecdsa_secp384r1_sha384,
+     ecdsa_secp521r1_sha512,
+     rsa_pkcs1_sha1,
+     rsa_pkcs1_sha1,
+     ecdsa_sha1,
+     eddsa_ed25519,
+     eddsa_ed448,
+     rsa_pkcs1_sha1,
+     rsa_pss_rsae,
+     rsa_pss_pss].
diff --git a/lib/ssl/test/ssl_eqc_SUITE.erl b/lib/ssl/test/ssl_eqc_SUITE.erl
index 4bfff1585e..cf6185e591 100644
--- a/lib/ssl/test/ssl_eqc_SUITE.erl
+++ b/lib/ssl/test/ssl_eqc_SUITE.erl
@@ -36,6 +36,7 @@
          tls_cipher_openssl_suite_names/1,
          tls_anon_cipher_suite_names/1,
          tls_anon_cipher_openssl_suite_names/1,
+         tls_signature_algs/1,
          tls_unorded_chains/1,
          tls_extraneous_chain/1,
          tls_extraneous_chains/1,
@@ -54,6 +55,7 @@ all() ->
      tls_cipher_openssl_suite_names,
      tls_anon_cipher_suite_names,
      tls_anon_cipher_openssl_suite_names,
+     tls_signature_algs,
      tls_unorded_chains,
      tls_extraneous_chain,
      tls_extraneous_chains,
@@ -101,6 +103,11 @@ tls_anon_cipher_openssl_suite_names(Config) when is_list(Config) ->
     true =  ct_property_test:quickcheck(ssl_eqc_cipher_format:prop_tls_anon_cipher_suite_openssl_name(),
                                         Config).
 
+tls_signature_algs(Config) when is_list(Config) ->
+    %% manual test:  proper:quickcheck(ssl_eqc_handshake:prop_tls_signature_algs()).
+    true =  ct_property_test:quickcheck(ssl_eqc_cipher_format:prop_tls_signature_algs(),
+                                        Config).
+
 tls_unorded_chains(Config) when is_list(Config) ->
     %% manual test:  proper:quickcheck(ssl_eqc_chain:prop_tls_ordered_path("/tmp")
     ssl:start(),
-- 
2.31.1

Places

File 0719-ssl-Fix-typo-of-ECC-signature-name.patch of Package erlang

Places