openssl: Support SHA-3 based RSA_EMSA_PKCS1 signatures

author Andreas Steffen <andreas.steffen@strongswan.org>

Thu, 3 Jun 2021 10:24:19 +0000 (12:24 +0200)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Thu, 3 Jun 2021 12:20:06 +0000 (14:20 +0200)
author Andreas Steffen <andreas.steffen@strongswan.org>
Thu, 3 Jun 2021 10:24:19 +0000 (12:24 +0200)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Thu, 3 Jun 2021 12:20:06 +0000 (14:20 +0200)
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c

index edc5ddab15cd2d6ba51608539eff4f6869aab456..620a0b690efcc02737e545f3fd3ed9f5209a5cee 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -694,6 +694,16 @@ METHOD(plugin_t, get_features, int,
                 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
                 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
  #endif
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3)
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+#endif
  #ifndef OPENSSL_NO_MD5
                 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
                 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c

index 8a9fdfe25a833fba36a08e1f73bc227df5e86ef5..88450a67ae30de4f10ab2135a6977491324cd616 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -279,6 +279,16 @@ METHOD(private_key_t, sign, bool,
                         return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
                 case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                         return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) && !defined(OPENSSL_IS_BORINGSSL)
+               case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+                       return build_emsa_pkcs1_signature(this, NID_sha3_224, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+                       return build_emsa_pkcs1_signature(this, NID_sha3_256, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+                       return build_emsa_pkcs1_signature(this, NID_sha3_384, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+                       return build_emsa_pkcs1_signature(this, NID_sha3_512, data, signature);
+#endif
                 case SIGN_RSA_EMSA_PKCS1_SHA1:
                         return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
                 case SIGN_RSA_EMSA_PKCS1_MD5:
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c

index 38b4eda35ac27cd367a03cb33baa3cd69e963f3c..db836f8e49f82e81d7be872acf42503d534dad3b 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -280,6 +280,16 @@ METHOD(public_key_t, verify, bool,
                         return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature);
                 case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                         return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature);
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) && !defined(OPENSSL_IS_BORINGSSL)
+               case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+                       return verify_emsa_pkcs1_signature(this, NID_sha3_224, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+                       return verify_emsa_pkcs1_signature(this, NID_sha3_256, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+                       return verify_emsa_pkcs1_signature(this, NID_sha3_384, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+                       return verify_emsa_pkcs1_signature(this, NID_sha3_512, data, signature);
+#endif
                 case SIGN_RSA_EMSA_PKCS1_SHA1:
                         return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
                 case SIGN_RSA_EMSA_PKCS1_MD5:
author	Andreas Steffen <andreas.steffen@strongswan.org>
	Thu, 3 Jun 2021 10:24:19 +0000 (12:24 +0200)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Thu, 3 Jun 2021 12:20:06 +0000 (14:20 +0200)
src/libstrongswan/plugins/openssl/openssl_plugin.c		patch \| blob \| blame \| history
src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c		patch \| blob \| blame \| history
src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c		patch \| blob \| blame \| history