Offer P521 for signature_algorithms in client Hello (#2572)

Author: WillChilds-Klein

ssl/extensions.cc

@@ -392,6 +392,7 @@ static const uint16_t kVerifySignatureAlgorithms[] = {
     SSL_SIGN_RSA_PSS_RSAE_SHA384,
     SSL_SIGN_RSA_PKCS1_SHA384,
 
+    SSL_SIGN_ECDSA_SECP521R1_SHA512,
     SSL_SIGN_RSA_PSS_RSAE_SHA512,
     SSL_SIGN_RSA_PKCS1_SHA512,
 

ssl/ssl_test.cc

@@ -602,20 +602,20 @@ TEST(SSLTest, ClientHello) {
         0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
         0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00}},
       {TLS1_2_VERSION,
-       {0x16, 0x03, 0x01, 0x00, 0x86, 0x01, 0x00, 0x00, 0x82, 0x03, 0x03, 0x00,
+       {0x16, 0x03, 0x01, 0x00, 0x88, 0x01, 0x00, 0x00, 0x84, 0x03, 0x03, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x22, 0xcc, 0xa9,
         0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xc0, 0x09,
         0xc0, 0x13, 0xc0, 0x27, 0xc0, 0x0a, 0xc0, 0x14, 0xc0, 0x28, 0x00, 0x9c,
-        0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35, 0x01, 0x00, 0x00, 0x37,
+        0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35, 0x01, 0x00, 0x00, 0x39,
         0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00,
         0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x0b, 0x00,
-        0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00,
-        0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05,
-        0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01}},
+        0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
+        0x14, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05,
+        0x01, 0x06, 0x03, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01}},
       {TLS1_3_VERSION,
-       {0x16, 0x03, 0x01, 0x00, 0xe9, 0x01, 0x00, 0x00, 0xe5, 0x03, 0x03, 0x00,
+       {0x16, 0x03, 0x01, 0x00, 0xeb, 0x01, 0x00, 0x00, 0xe7, 0x03, 0x03, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -625,16 +625,17 @@ TEST(SSLTest, ClientHello) {
         0xcc, 0xa9, 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30,
         0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x27, 0xc0, 0x0a, 0xc0, 0x14, 0xc0, 0x28,
         0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35, 0x01, 0x00,
-        0x00, 0x74, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
+        0x00, 0x76, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
         0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
         0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
-        0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
-        0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x33, 0x00,
-        0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x16, 0x00, 0x14, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
+        0x05, 0x05, 0x01, 0x06, 0x03, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00,
+        0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x2d, 0x00, 0x02, 0x01, 0x01, 0x00, 0x2b, 0x00,
-        0x09, 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, 0x02, 0x03, 0x01}}};
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2d, 0x00, 0x02, 0x01, 0x01, 0x00,
+        0x2b, 0x00, 0x09, 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, 0x02, 0x03, 0x01}},
+  };
 
   for (const auto &t : kTests) {
     SCOPED_TRACE(t.max_version);
@@ -669,7 +670,7 @@ TEST(SSLTest, ClientHello) {
       OPENSSL_memset(client_hello.data() + kRandomOffset, 0,
                      SSL3_RANDOM_SIZE + 1 + SSL3_SESSION_ID_SIZE);
       // Jump to key share extension and zero out the key
-      OPENSSL_memset(client_hello.data() + 187, 0, 32);
+      OPENSSL_memset(client_hello.data() + 189, 0, 32);
     } else {
       ASSERT_GE(client_hello.size(), kRandomOffset + SSL3_RANDOM_SIZE);
       OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
@@ -681,7 +682,7 @@ TEST(SSLTest, ClientHello) {
       ADD_FAILURE() << "ClientHellos did not match.";
       // Print the value manually so it is easier to update the test vector.
       for (size_t i = 0; i < client_hello.size(); i += 12) {
-        printf("     %c", i == 0 ? '{' : ' ');
+        printf("       %c", i == 0 ? '{' : ' ');
         for (size_t j = i; j < client_hello.size() && j < i + 12; j++) {
           if (j > i) {
             printf(" ");

ssl/test/runner/runner.go

@@ -10105,8 +10105,8 @@ func addSignatureAlgorithmTests() {
 				shouldFail = true
 			}
 
-			// By default, BoringSSL does not enable ecdsa_sha1, ecdsa_secp521_sha512, and ed25519.
-			if alg.id == signatureECDSAWithSHA1 || alg.id == signatureECDSAWithP521AndSHA512 || alg.id == signatureEd25519 {
+			// By default, AWS-LC does not enable ecdsa_sha1 and ed25519.
+			if alg.id == signatureECDSAWithSHA1 || alg.id == signatureEd25519 {
 				rejectByDefault = true
 			}
 

ssl/test/runner/ssl_transfer/test_case_names.txt

@@ -639,6 +639,8 @@ Server-VerifyDefault-ECDSA_P256_SHA256-TLS12
 Server-VerifyDefault-ECDSA_P256_SHA256-TLS13
 Server-VerifyDefault-ECDSA_P384_SHA384-TLS12
 Server-VerifyDefault-ECDSA_P384_SHA384-TLS13
+Server-VerifyDefault-ECDSA_P521_SHA512-TLS12
+Server-VerifyDefault-ECDSA_P521_SHA512-TLS13
 Server-VerifyDefault-RSA_PKCS1_SHA1-TLS12
 Server-VerifyDefault-RSA_PKCS1_SHA256-TLS12
 Server-VerifyDefault-RSA_PKCS1_SHA384-TLS12