Rename SSL_SIGN_RSA_PSS_SHA* constants.
This reflects the change to add the key type into the constant. The old
constants are left around for now as legacy aliases and will be removed
later.
Change-Id: I67f1b50c01fbe0ebf4a2e9e89d3e7d5ed5f5a9d7
Reviewed-on: https://boringssl-review.googlesource.com/27486
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 31da0fd..1ad8fbf 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -970,9 +970,9 @@
#define SSL_SIGN_ECDSA_SECP256R1_SHA256 0x0403
#define SSL_SIGN_ECDSA_SECP384R1_SHA384 0x0503
#define SSL_SIGN_ECDSA_SECP521R1_SHA512 0x0603
-#define SSL_SIGN_RSA_PSS_SHA256 0x0804
-#define SSL_SIGN_RSA_PSS_SHA384 0x0805
-#define SSL_SIGN_RSA_PSS_SHA512 0x0806
+#define SSL_SIGN_RSA_PSS_RSAE_SHA256 0x0804
+#define SSL_SIGN_RSA_PSS_RSAE_SHA384 0x0805
+#define SSL_SIGN_RSA_PSS_RSAE_SHA512 0x0806
#define SSL_SIGN_ED25519 0x0807
// SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal signature algorithm used to
@@ -4116,6 +4116,12 @@
OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts,
const OPENSSL_INIT_SETTINGS *settings);
+// The following constants are legacy aliases for RSA-PSS with rsaEncryption
+// keys. Use the new names instead.
+#define SSL_SIGN_RSA_PSS_SHA256 SSL_SIGN_RSA_PSS_RSAE_SHA256
+#define SSL_SIGN_RSA_PSS_SHA384 SSL_SIGN_RSA_PSS_RSAE_SHA384
+#define SSL_SIGN_RSA_PSS_SHA512 SSL_SIGN_RSA_PSS_RSAE_SHA512
+
// Private structures.
//
diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc
index 33cc720..eb0b2aa 100644
--- a/ssl/ssl_privkey.cc
+++ b/ssl/ssl_privkey.cc
@@ -111,9 +111,9 @@
{SSL_SIGN_RSA_PKCS1_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 0},
{SSL_SIGN_RSA_PKCS1_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 0},
- {SSL_SIGN_RSA_PSS_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, 1},
- {SSL_SIGN_RSA_PSS_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 1},
- {SSL_SIGN_RSA_PSS_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 1},
+ {SSL_SIGN_RSA_PSS_RSAE_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, 1},
+ {SSL_SIGN_RSA_PSS_RSAE_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 1},
+ {SSL_SIGN_RSA_PSS_RSAE_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 1},
{SSL_SIGN_ECDSA_SHA1, EVP_PKEY_EC, NID_undef, &EVP_sha1, 0},
{SSL_SIGN_ECDSA_SECP256R1_SHA256, EVP_PKEY_EC, NID_X9_62_prime256v1,
@@ -429,12 +429,12 @@
return include_curve ? "ecdsa_secp384r1_sha384" : "ecdsa_sha384";
case SSL_SIGN_ECDSA_SECP521R1_SHA512:
return include_curve ? "ecdsa_secp521r1_sha512" : "ecdsa_sha512";
- case SSL_SIGN_RSA_PSS_SHA256:
- return "rsa_pss_sha256";
- case SSL_SIGN_RSA_PSS_SHA384:
- return "rsa_pss_sha384";
- case SSL_SIGN_RSA_PSS_SHA512:
- return "rsa_pss_sha512";
+ case SSL_SIGN_RSA_PSS_RSAE_SHA256:
+ return "rsa_pss_rsae_sha256";
+ case SSL_SIGN_RSA_PSS_RSAE_SHA384:
+ return "rsa_pss_rsae_sha384";
+ case SSL_SIGN_RSA_PSS_RSAE_SHA512:
+ return "rsa_pss_rsae_sha512";
case SSL_SIGN_ED25519:
return "ed25519";
default:
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 12f044c..c5456e1 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -3884,10 +3884,10 @@
SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_ECDSA_SECP256R1_SHA256));
EXPECT_EQ(EVP_PKEY_RSA,
- SSL_get_signature_algorithm_key_type(SSL_SIGN_RSA_PSS_SHA384));
+ SSL_get_signature_algorithm_key_type(SSL_SIGN_RSA_PSS_RSAE_SHA384));
EXPECT_EQ(EVP_sha384(),
- SSL_get_signature_algorithm_digest(SSL_SIGN_RSA_PSS_SHA384));
- EXPECT_TRUE(SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_RSA_PSS_SHA384));
+ SSL_get_signature_algorithm_digest(SSL_SIGN_RSA_PSS_RSAE_SHA384));
+ EXPECT_TRUE(SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_RSA_PSS_RSAE_SHA384));
}
void MoveBIOs(SSL *dest, SSL *src) {
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 2d3a664..f862ab4 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -419,15 +419,15 @@
// List our preferred algorithms first.
SSL_SIGN_ED25519,
SSL_SIGN_ECDSA_SECP256R1_SHA256,
- SSL_SIGN_RSA_PSS_SHA256,
+ SSL_SIGN_RSA_PSS_RSAE_SHA256,
SSL_SIGN_RSA_PKCS1_SHA256,
// Larger hashes are acceptable.
SSL_SIGN_ECDSA_SECP384R1_SHA384,
- SSL_SIGN_RSA_PSS_SHA384,
+ SSL_SIGN_RSA_PSS_RSAE_SHA384,
SSL_SIGN_RSA_PKCS1_SHA384,
- SSL_SIGN_RSA_PSS_SHA512,
+ SSL_SIGN_RSA_PSS_RSAE_SHA512,
SSL_SIGN_RSA_PKCS1_SHA512,
// For now, SHA-1 is still accepted but least preferable.
@@ -445,18 +445,18 @@
// List our preferred algorithms first.
SSL_SIGN_ED25519,
SSL_SIGN_ECDSA_SECP256R1_SHA256,
- SSL_SIGN_RSA_PSS_SHA256,
+ SSL_SIGN_RSA_PSS_RSAE_SHA256,
SSL_SIGN_RSA_PKCS1_SHA256,
// If needed, sign larger hashes.
//
// TODO(davidben): Determine which of these may be pruned.
SSL_SIGN_ECDSA_SECP384R1_SHA384,
- SSL_SIGN_RSA_PSS_SHA384,
+ SSL_SIGN_RSA_PSS_RSAE_SHA384,
SSL_SIGN_RSA_PKCS1_SHA384,
SSL_SIGN_ECDSA_SECP521R1_SHA512,
- SSL_SIGN_RSA_PSS_SHA512,
+ SSL_SIGN_RSA_PSS_RSAE_SHA512,
SSL_SIGN_RSA_PKCS1_SHA512,
// If the peer supports nothing else, sign with SHA-1.
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 107de52..ccd221f 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -333,40 +333,14 @@
abort();
}
- // Determine the hash.
- const EVP_MD *md;
- switch (signature_algorithm) {
- case SSL_SIGN_RSA_PKCS1_SHA1:
- case SSL_SIGN_ECDSA_SHA1:
- md = EVP_sha1();
- break;
- case SSL_SIGN_RSA_PKCS1_SHA256:
- case SSL_SIGN_ECDSA_SECP256R1_SHA256:
- case SSL_SIGN_RSA_PSS_SHA256:
- md = EVP_sha256();
- break;
- case SSL_SIGN_RSA_PKCS1_SHA384:
- case SSL_SIGN_ECDSA_SECP384R1_SHA384:
- case SSL_SIGN_RSA_PSS_SHA384:
- md = EVP_sha384();
- break;
- case SSL_SIGN_RSA_PKCS1_SHA512:
- case SSL_SIGN_ECDSA_SECP521R1_SHA512:
- case SSL_SIGN_RSA_PSS_SHA512:
- md = EVP_sha512();
- break;
- case SSL_SIGN_RSA_PKCS1_MD5_SHA1:
- md = EVP_md5_sha1();
- break;
- case SSL_SIGN_ED25519:
- md = nullptr;
- break;
- default:
- fprintf(stderr, "Unknown signature algorithm %04x.\n",
- signature_algorithm);
- return ssl_private_key_failure;
+ if (EVP_PKEY_id(test_state->private_key.get()) !=
+ SSL_get_signature_algorithm_key_type(signature_algorithm)) {
+ fprintf(stderr, "Key type does not match signature algorithm.\n");
+ abort();
}
+ // Determine the hash.
+ const EVP_MD *md = SSL_get_signature_algorithm_digest(signature_algorithm);
bssl::ScopedEVP_MD_CTX ctx;
EVP_PKEY_CTX *pctx;
if (!EVP_DigestSignInit(ctx.get(), &pctx, md, nullptr,
@@ -375,15 +349,11 @@
}
// Configure additional signature parameters.
- switch (signature_algorithm) {
- case SSL_SIGN_RSA_PSS_SHA256:
- case SSL_SIGN_RSA_PSS_SHA384:
- case SSL_SIGN_RSA_PSS_SHA512:
- if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
- !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
- -1 /* salt len = hash len */)) {
- return ssl_private_key_failure;
- }
+ if (SSL_is_signature_algorithm_rsa_pss(signature_algorithm)) {
+ if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
+ !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1 /* salt len = hash len */)) {
+ return ssl_private_key_failure;
+ }
}
// Write the signature into |test_state|.
