ssl: Be explcit about negotiated params

IngelaAndin · IngelaAndin · commit 4d8b10e305e6 · 2023-11-27T09:52:17.000+01:00
Do not use undocumented OpenSSL "implicit param", rather be explicit about what
PSS params that where negotiated.
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
@@ -388,15 +388,15 @@ certificate_verify(Signature, PublicKeyInfo, Version,
 %% Description: Checks that a public_key signature is valid.
 %%--------------------------------------------------------------------
 verify_signature(_, Msg, {HashAlgo, SignAlgo}, Signature,
-                 {_, PubKey, PubKeyParams}) when  SignAlgo == rsa_pss_rsae;
-                                                  SignAlgo == rsa_pss_pss ->
-    Options = verify_options(SignAlgo, HashAlgo, PubKeyParams),
+                 {_, PubKey, _}) when  SignAlgo == rsa_pss_rsae;
+                                       SignAlgo == rsa_pss_pss ->
+    Options = verify_options(SignAlgo, HashAlgo),
     public_key:verify(Msg, HashAlgo, Signature, PubKey, Options);
-verify_signature(Version, Msg, {HashAlgo, SignAlgo}, Signature, {?rsaEncryption, PubKey, PubKeyParams})
+verify_signature(Version, Msg, {HashAlgo, SignAlgo}, Signature, {?rsaEncryption, PubKey, _})
   when ?TLS_GTE(Version, ?TLS_1_2) ->
-    Options = verify_options(SignAlgo, HashAlgo, PubKeyParams),
+    Options = verify_options(SignAlgo, HashAlgo),
     public_key:verify(Msg, HashAlgo, Signature, PubKey, Options);
-verify_signature(Version, {digest, Digest}, _HashAlgo, Signature, {?rsaEncryption, PubKey, _PubKeyParams})
+verify_signature(Version, {digest, Digest}, _HashAlgo, Signature, {?rsaEncryption, PubKey, _})
   when ?TLS_LTE(Version, ?TLS_1_1) ->
     case public_key:decrypt_public(Signature, PubKey,
 				   [{rsa_pad, rsa_pkcs1_padding}]) of
@@ -2172,25 +2172,32 @@ do_digitally_signed(_, Msg, HashAlgo, Key, SignAlgo) ->
     Options = signature_options(SignAlgo, HashAlgo),
     public_key:sign(Msg, HashAlgo, Key, Options).
     
-signature_options(SignAlgo, HashAlgo) when SignAlgo =:= rsa_pss_rsae orelse
-                                           SignAlgo =:= rsa_pss_pss ->
-    pss_options(HashAlgo);
+signature_options(rsa_pss_rsae, HashAlgo) ->
+    pss_options(HashAlgo, hash_algo_byte_size(HashAlgo));
+signature_options(rsa_pss_pss, HashAlgo) ->
+    pss_options(HashAlgo, hash_algo_byte_size(HashAlgo));
 signature_options(_, _) ->
     [].
 
-verify_options(SignAlgo, HashAlgo, _KeyParams)
-  when SignAlgo =:= rsa_pss_rsae orelse
-       SignAlgo =:= rsa_pss_pss ->
-    pss_options(HashAlgo);
-verify_options(_, _, _) ->
+verify_options(rsa_pss_rsae, HashAlgo) ->
+    pss_options(HashAlgo, hash_algo_byte_size(HashAlgo));
+verify_options(rsa_pss_pss, HashAlgo) ->
+    pss_options(HashAlgo, hash_algo_byte_size(HashAlgo));
+verify_options(_, _) ->
     [].
 
-pss_options(HashAlgo) ->
-    %% of the digest algorithm: rsa_pss_saltlen = -1
+pss_options(HashAlgo, SaltLen) ->
     [{rsa_padding, rsa_pkcs1_pss_padding},
-     {rsa_pss_saltlen, -1},
+     {rsa_pss_saltlen, SaltLen},
      {rsa_mgf1_md, HashAlgo}].
 
+hash_algo_byte_size(sha256) ->
+    32;
+hash_algo_byte_size(sha384) ->
+    48;
+hash_algo_byte_size(sha512) ->
+    64.
+
 bad_key(#'DSAPrivateKey'{}) ->
     unacceptable_dsa_key;
 bad_key(#'RSAPrivateKey'{}) ->
