From 45c236ad1f1c881281017941a0e7126735a190e8 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Thu, 30 Apr 2020 13:41:05 +1000
Subject: [PATCH] Add RSA SHA512 truncated digest support

Partial Fix for #11648.

Some additional work still needs to be done to support RSA-PSS mode.

RSA legacy digests will be addressed in another PR.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11681)
---
 crypto/rsa/rsa_pmeth.c                    |  2 ++
 include/openssl/core_names.h              |  2 ++
 providers/common/der/der_rsa.c.in         |  2 ++
 providers/implementations/signature/rsa.c |  2 ++
 test/recipes/30-test_evp_data/evppkey.txt | 13 +++++++++++++
 5 files changed, 21 insertions(+)

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 70944c638e..e899fbd605 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -382,6 +382,8 @@ static int check_padding_md(const EVP_MD *md, int padding)
         case NID_sha256:
         case NID_sha384:
         case NID_sha512:
+        case NID_sha512_224:
+        case NID_sha512_256:
         case NID_md5:
         case NID_md5_sha1:
         case NID_md2:
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 4bc151c162..6e93738ae0 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -94,6 +94,8 @@ extern "C" {
 #define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
 #define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
 #define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
 #define OSSL_DIGEST_NAME_MD2            "MD2"
 #define OSSL_DIGEST_NAME_MD4            "MD4"
 #define OSSL_DIGEST_NAME_MDC2           "MDC2"
diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa.c.in
index cdff722818..bc7c0095e9 100644
--- a/providers/common/der/der_rsa.c.in
+++ b/providers/common/der/der_rsa.c.in
@@ -62,6 +62,8 @@ int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
         MD_CASE(sha256);
         MD_CASE(sha384);
         MD_CASE(sha512);
+        MD_CASE(sha512_224);
+        MD_CASE(sha512_256);
         MD_CASE(sha3_224);
         MD_CASE(sha3_256);
         MD_CASE(sha3_384);
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c
index fdcdb56194..0670447480 100644
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@@ -129,6 +129,8 @@ static int rsa_get_md_nid(const EVP_MD *md)
         { NID_sha256,    OSSL_DIGEST_NAME_SHA2_256  },
         { NID_sha384,    OSSL_DIGEST_NAME_SHA2_384  },
         { NID_sha512,    OSSL_DIGEST_NAME_SHA2_512  },
+        { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 },
+        { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 },
         { NID_md5,       OSSL_DIGEST_NAME_MD5       },
         { NID_md5_sha1,  OSSL_DIGEST_NAME_MD5_SHA1  },
         { NID_md2,       OSSL_DIGEST_NAME_MD2       },
diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt
index e4b6497b48..1d5274f103 100644
--- a/test/recipes/30-test_evp_data/evppkey.txt
+++ b/test/recipes/30-test_evp_data/evppkey.txt
@@ -142,6 +142,19 @@ Ctrl = digest:SHA1
 Input = "0123456789ABCDEF1234"
 Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
 
+# Truncated digest
+Sign = RSA-2048
+Availablein = default
+Ctrl = digest:SHA512-224
+Input = "0123456789ABCDEF123456789ABC"
+Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17
+
+Verify = RSA-2048
+Availablein = default
+Ctrl = digest:SHA512-224
+Input = "0123456789ABCDEF123456789ABC"
+Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17
+
 VerifyRecover = RSA-2048
 Availablein = default
 Ctrl = digest:SHA1
-- 
2.25.1