From 5688e631e3e6b21929affbf56d1f5348b3e70cf3 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Thu, 3 Jun 2021 12:24:19 +0200 Subject: [PATCH] openssl: Support SHA-3 based RSA_EMSA_PKCS1 signatures --- src/libstrongswan/plugins/openssl/openssl_plugin.c | 10 ++++++++++ .../plugins/openssl/openssl_rsa_private_key.c | 10 ++++++++++ .../plugins/openssl/openssl_rsa_public_key.c | 10 ++++++++++ 3 files changed, 30 insertions(+) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index edc5ddab15..620a0b690e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -694,6 +694,16 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), #endif +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512), +#endif #ifndef OPENSSL_NO_MD5 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 8a9fdfe25a..88450a67ae 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -279,6 +279,16 @@ METHOD(private_key_t, sign, bool, return build_emsa_pkcs1_signature(this, NID_sha384, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_512: return build_emsa_pkcs1_signature(this, NID_sha512, data, signature); +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) && !defined(OPENSSL_IS_BORINGSSL) + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return build_emsa_pkcs1_signature(this, NID_sha3_224, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + return build_emsa_pkcs1_signature(this, NID_sha3_256, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + return build_emsa_pkcs1_signature(this, NID_sha3_384, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_512: + return build_emsa_pkcs1_signature(this, NID_sha3_512, data, signature); +#endif case SIGN_RSA_EMSA_PKCS1_SHA1: return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index 38b4eda35a..db836f8e49 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -280,6 +280,16 @@ METHOD(public_key_t, verify, bool, return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_512: return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature); +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) && !defined(OPENSSL_IS_BORINGSSL) + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return verify_emsa_pkcs1_signature(this, NID_sha3_224, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + return verify_emsa_pkcs1_signature(this, NID_sha3_256, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + return verify_emsa_pkcs1_signature(this, NID_sha3_384, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_512: + return verify_emsa_pkcs1_signature(this, NID_sha3_512, data, signature); +#endif case SIGN_RSA_EMSA_PKCS1_SHA1: return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: -- 2.47.2