File 0719-ssl-Fix-typo-of-ECC-signature-name.patch of Package erlang
From 76d3c7ccc4f2fda95cab00f09f4090e3d50d2838 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 16 Nov 2021 18:23:05 +0100
Subject: [PATCH] ssl: Fix typo of ECC signature name
Closes #5383
---
lib/ssl/src/ssl_cipher.erl | 2 +-
.../property_test/ssl_eqc_cipher_format.erl | 59 +++++++++++++++++++
lib/ssl/test/ssl_eqc_SUITE.erl | 7 +++
3 files changed, 67 insertions(+), 1 deletion(-)
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index f2e9511553..52d37d9093 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -892,7 +892,7 @@ signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA
signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA384'}) ->
ecdsa_secp384r1_sha384;
signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA512'}) ->
- ecdsa_secp512r1_sha512;
+ ecdsa_secp521r1_sha512;
signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'sha-1WithRSAEncryption'}) ->
rsa_pkcs1_sha1;
signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha1WithRSAEncryption}) ->
diff --git a/lib/ssl/test/property_test/ssl_eqc_cipher_format.erl b/lib/ssl/test/property_test/ssl_eqc_cipher_format.erl
index cf6ed755f7..11330b111b 100644
--- a/lib/ssl/test/property_test/ssl_eqc_cipher_format.erl
+++ b/lib/ssl/test/property_test/ssl_eqc_cipher_format.erl
@@ -51,6 +51,8 @@
-endif.
-endif.
+-include_lib("public_key/include/public_key.hrl").
+
-define('TLS_v1.3', 'tlsv1.3').
-define('TLS_v1.2', 'tlsv1.2').
-define('TLS_v1.1', 'tlsv1.1').
@@ -105,6 +107,11 @@ prop_tls_anon_cipher_suite_openssl_name() ->
end
).
+prop_tls_signature_algs() ->
+ ?FORALL(SigAlg, ?LET(SigAlg, sig_alg(), SigAlg),
+ true = lists:member(ssl_cipher:signature_algorithm_to_scheme(SigAlg), sig_schemes())
+ ).
+
%%--------------------------------------------------------------------
%% Generators -----------------------------------------------
%%--------------------------------------------------------------------
@@ -272,3 +279,55 @@ openssl_legacy_names() ->
"SRP-AES-128-CBC-SHA",
"SRP-AES-256-CBC-SHA"
].
+
+
+sig_alg() ->
+ oneof([#'SignatureAlgorithm'{algorithm = ?'id-RSASSA-PSS',
+ parameters = #'RSASSA-PSS-params'{
+ maskGenAlgorithm =
+ #'MaskGenAlgorithm'{algorithm = ?'id-mgf1',
+ parameters = #'HashAlgorithm'{algorithm = ?'id-sha256'}}}},
+ #'SignatureAlgorithm'{algorithm = ?'id-RSASSA-PSS',
+ parameters = #'RSASSA-PSS-params'{
+ maskGenAlgorithm =
+ #'MaskGenAlgorithm'{algorithm = ?'id-mgf1',
+ parameters = #'HashAlgorithm'{algorithm = ?'id-sha384'}}}},
+
+ #'SignatureAlgorithm'{algorithm = ?'id-RSASSA-PSS',
+ parameters = #'RSASSA-PSS-params'{
+ maskGenAlgorithm =
+ #'MaskGenAlgorithm'{algorithm = ?'id-mgf1',
+ parameters = #'HashAlgorithm'{algorithm = ?'id-sha512'}}}},
+ #'SignatureAlgorithm'{algorithm = ?sha256WithRSAEncryption},
+ #'SignatureAlgorithm'{algorithm = ?sha384WithRSAEncryption},
+ #'SignatureAlgorithm'{algorithm = ?sha512WithRSAEncryption},
+ #'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA256'},
+ #'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA384'},
+ #'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA512'},
+ #'SignatureAlgorithm'{algorithm = ?'sha-1WithRSAEncryption'},
+ #'SignatureAlgorithm'{algorithm = ?'ecdsa-with-SHA1'},
+ #'SignatureAlgorithm'{algorithm = ?'id-Ed25519'},
+ #'SignatureAlgorithm'{algorithm = ?'id-Ed448'},
+ #'SignatureAlgorithm'{algorithm = ?'rsaEncryption',
+ parameters = 'NULL'},
+ #'SignatureAlgorithm'{algorithm = ?'rsaEncryption'},
+ #'SignatureAlgorithm'{algorithm = ?'id-RSASSA-PSS'}]).
+
+sig_schemes() ->
+ [rsa_pss_pss_sha256,
+ rsa_pss_pss_sha384,
+ rsa_pss_pss_sha512,
+ rsa_pkcs1_sha256,
+ rsa_pkcs1_sha384,
+ rsa_pkcs1_sha512,
+ ecdsa_secp256r1_sha256,
+ ecdsa_secp384r1_sha384,
+ ecdsa_secp521r1_sha512,
+ rsa_pkcs1_sha1,
+ rsa_pkcs1_sha1,
+ ecdsa_sha1,
+ eddsa_ed25519,
+ eddsa_ed448,
+ rsa_pkcs1_sha1,
+ rsa_pss_rsae,
+ rsa_pss_pss].
diff --git a/lib/ssl/test/ssl_eqc_SUITE.erl b/lib/ssl/test/ssl_eqc_SUITE.erl
index 4bfff1585e..cf6185e591 100644
--- a/lib/ssl/test/ssl_eqc_SUITE.erl
+++ b/lib/ssl/test/ssl_eqc_SUITE.erl
@@ -36,6 +36,7 @@
tls_cipher_openssl_suite_names/1,
tls_anon_cipher_suite_names/1,
tls_anon_cipher_openssl_suite_names/1,
+ tls_signature_algs/1,
tls_unorded_chains/1,
tls_extraneous_chain/1,
tls_extraneous_chains/1,
@@ -54,6 +55,7 @@ all() ->
tls_cipher_openssl_suite_names,
tls_anon_cipher_suite_names,
tls_anon_cipher_openssl_suite_names,
+ tls_signature_algs,
tls_unorded_chains,
tls_extraneous_chain,
tls_extraneous_chains,
@@ -101,6 +103,11 @@ tls_anon_cipher_openssl_suite_names(Config) when is_list(Config) ->
true = ct_property_test:quickcheck(ssl_eqc_cipher_format:prop_tls_anon_cipher_suite_openssl_name(),
Config).
+tls_signature_algs(Config) when is_list(Config) ->
+ %% manual test: proper:quickcheck(ssl_eqc_handshake:prop_tls_signature_algs()).
+ true = ct_property_test:quickcheck(ssl_eqc_cipher_format:prop_tls_signature_algs(),
+ Config).
+
tls_unorded_chains(Config) when is_list(Config) ->
%% manual test: proper:quickcheck(ssl_eqc_chain:prop_tls_ordered_path("/tmp")
ssl:start(),
--
2.31.1
