From: Shane Lontis Date: Thu, 30 Apr 2020 03:41:05 +0000 (+1000) Subject: Add RSA SHA512 truncated digest support X-Git-Tag: openssl-3.0.0-alpha2~65 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=45c236ad1f1c881281017941a0e7126735a190e8;p=oweals%2Fopenssl.git Add RSA SHA512 truncated digest support Partial Fix for #11648. Some additional work still needs to be done to support RSA-PSS mode. RSA legacy digests will be addressed in another PR. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11681) --- diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 70944c638e..e899fbd605 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -382,6 +382,8 @@ static int check_padding_md(const EVP_MD *md, int padding) case NID_sha256: case NID_sha384: case NID_sha512: + case NID_sha512_224: + case NID_sha512_256: case NID_md5: case NID_md5_sha1: case NID_md2: diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 4bc151c162..6e93738ae0 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -94,6 +94,8 @@ extern "C" { #define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" #define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" #define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +#define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" +#define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" #define OSSL_DIGEST_NAME_MD2 "MD2" #define OSSL_DIGEST_NAME_MD4 "MD4" #define OSSL_DIGEST_NAME_MDC2 "MDC2" diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa.c.in index cdff722818..bc7c0095e9 100644 --- a/providers/common/der/der_rsa.c.in +++ b/providers/common/der/der_rsa.c.in @@ -62,6 +62,8 @@ int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, MD_CASE(sha256); MD_CASE(sha384); MD_CASE(sha512); + MD_CASE(sha512_224); + MD_CASE(sha512_256); MD_CASE(sha3_224); MD_CASE(sha3_256); MD_CASE(sha3_384); diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index fdcdb56194..0670447480 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -129,6 +129,8 @@ static int rsa_get_md_nid(const EVP_MD *md) { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 }, { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 }, { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 }, + { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 }, + { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 }, { NID_md5, OSSL_DIGEST_NAME_MD5 }, { NID_md5_sha1, OSSL_DIGEST_NAME_MD5_SHA1 }, { NID_md2, OSSL_DIGEST_NAME_MD2 }, diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index e4b6497b48..1d5274f103 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -142,6 +142,19 @@ Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad +# Truncated digest +Sign = RSA-2048 +Availablein = default +Ctrl = digest:SHA512-224 +Input = "0123456789ABCDEF123456789ABC" +Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 + +Verify = RSA-2048 +Availablein = default +Ctrl = digest:SHA512-224 +Input = "0123456789ABCDEF123456789ABC" +Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 + VerifyRecover = RSA-2048 Availablein = default Ctrl = digest:SHA1