[PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3
Sergey Kandaurov
pluknet at nginx.com
Tue May 23 12:23:05 UTC 2023
> On 23 May 2023, at 05:07, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> Hello!
>
> On Mon, May 22, 2023 at 11:52:16PM +0400, Sergey Kandaurov wrote:
>
>> # HG changeset patch
>> # User Sergey Kandaurov <pluknet at nginx.com>
>> # Date 1684774417 -14400
>> # Mon May 22 20:53:37 2023 +0400
>> # Node ID 42066e126d2ca0f6d5095d818910559adf5d4bdc
>> # Parent e60c76cbf2a5b0d9e1d235770d68f260cf1a4e3e
>> Tests: avoid specifying PSS in sigalgs unless in TLSv1.3.
>>
>> It might happen that TLSv1.3 is disabled and PSS isn't supported as seen
>> on Amazon Linux (LTS). The change restores old logic before 0e1865aa9b33.
>>
>> diff --git a/ssl_certificates.t b/ssl_certificates.t
>> --- a/ssl_certificates.t
>> +++ b/ssl_certificates.t
>> @@ -120,8 +120,8 @@ sub get_socket {
>> return unless defined $type;
>> my $ssleay = Net::SSLeay::SSLeay();
>> return if ($ssleay < 0x1000200f || $ssleay == 0x20000000);
>> - my $sigalgs = 'RSA+SHA256:PSS+SHA256';
>> - $sigalgs = $type . '+SHA256' unless $type eq 'RSA';
>> + my $sigalgs = $type eq 'RSA' && test_tls13()
>> + ? 'RSA+SHA256:PSS+SHA256' : $type . '+SHA256';
>> # SSL_CTRL_SET_SIGALGS_LIST
>> Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs)
>> or die("Failed to set sigalgs");
>> diff --git a/ssl_stapling.t b/ssl_stapling.t
>> --- a/ssl_stapling.t
>> +++ b/ssl_stapling.t
>> @@ -321,8 +321,8 @@ sub staple {
>> return unless defined $ciphers;
>> my $ssleay = Net::SSLeay::SSLeay();
>> return if ($ssleay < 0x1000200f || $ssleay == 0x20000000);
>> - my $sigalgs = 'RSA+SHA256:PSS+SHA256';
>> - $sigalgs = $ciphers . '+SHA256' unless $ciphers eq 'RSA';
>> + my $sigalgs = $ciphers eq 'RSA' && test_tls13()
>> + ? 'RSA+SHA256:PSS+SHA256' : $ciphers . '+SHA256';
>> # SSL_CTRL_SET_SIGALGS_LIST
>> Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs)
>> or die("Failed to set sigalgs");
>
> I would rather refrain from SSL connections as in test_tls13()
> when creating an SSL context, hence the change.
I don't like this as well and prefer to avoid if possible.
>
> But it looks like I was wrong assuming OpenSSL handles sigalgs
> similarly to ciphers, and ignores unknown ones. Looking through
> the code suggests it instead returns an error if it sees an
> unknown signature algorithm, so trying to set
> 'RSA+SHA256:PSS+SHA256' fails if OpenSSL does not support TLSv1.3.
>
> Something like this should be enough to address this without
> introducing additional TLSv1.3 tests:
>
Applied, tnx.
> diff -r a797d7428fa5 ssl_certificates.t
> --- a/ssl_certificates.t Thu May 18 18:07:19 2023 +0300
> +++ b/ssl_certificates.t Tue May 23 01:03:42 2023 +0000
> @@ -120,10 +120,11 @@
> return unless defined $type;
> my $ssleay = Net::SSLeay::SSLeay();
> return if ($ssleay < 0x1000200f || $ssleay == 0x20000000);
> - my $sigalgs = 'RSA+SHA256:PSS+SHA256';
> - $sigalgs = $type . '+SHA256' unless $type eq 'RSA';
> + my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256');
> + @sigalgs = ($type . '+SHA256') unless $type eq 'RSA';
> # SSL_CTRL_SET_SIGALGS_LIST
> - Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs)
> + Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0])
> + or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1])
> or die("Failed to set sigalgs");
> };
>
> diff -r a797d7428fa5 ssl_stapling.t
> --- a/ssl_stapling.t Thu May 18 18:07:19 2023 +0300
> +++ b/ssl_stapling.t Tue May 23 01:03:42 2023 +0000
> @@ -319,10 +319,11 @@
> return unless defined $ciphers;
> my $ssleay = Net::SSLeay::SSLeay();
> return if ($ssleay < 0x1000200f || $ssleay == 0x20000000);
> - my $sigalgs = 'RSA+SHA256:PSS+SHA256';
> - $sigalgs = $ciphers . '+SHA256' unless $ciphers eq 'RSA';
> + my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256');
> + @sigalgs = ($ciphers . '+SHA256') unless $ciphers eq 'RSA';
> # SSL_CTRL_SET_SIGALGS_LIST
> - Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs)
> + Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0])
> + or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1])
> or die("Failed to set sigalgs");
> };
>
>
> (The code basically retries with 'RSA+SHA256' if setting sigalgs
> to 'RSA+SHA256:PSS+SHA256'. If an error happens with ECDSA, it
> also retries with undefined, and then reports the error.)
--
Sergey Kandaurov
More information about the nginx-devel
mailing list