diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-07-17 01:44:56 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-07-17 01:44:56 +0200 |
commit | 5f7e98fff1ab0dd36a6041d5ae9bef74676a352f (patch) | |
tree | 2575b8c83e421075e1c9171238e9c203f03b0d36 /security/nss/lib | |
parent | 1e560deff8c37164eb7496e7d87aa7b30de80398 (diff) | |
download | UXP-5f7e98fff1ab0dd36a6041d5ae9bef74676a352f.tar UXP-5f7e98fff1ab0dd36a6041d5ae9bef74676a352f.tar.gz UXP-5f7e98fff1ab0dd36a6041d5ae9bef74676a352f.tar.lz UXP-5f7e98fff1ab0dd36a6041d5ae9bef74676a352f.tar.xz UXP-5f7e98fff1ab0dd36a6041d5ae9bef74676a352f.zip |
Prohibit the use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
This is a spec compliance issue.
Diffstat (limited to 'security/nss/lib')
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 3b5c69b11..d98521a52 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -64,6 +64,7 @@ static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType); static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash); PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme); +PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme); const PRUint8 ssl_hello_retry_random[] = { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, @@ -4060,6 +4061,9 @@ ssl_SignatureSchemeValid(SSLSignatureScheme scheme, SECOidTag spkiOid, if (ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) { return PR_FALSE; } + if (ssl_IsRsaPkcs1SignatureScheme(scheme)) { + return PR_FALSE; + } /* With TLS 1.3, EC keys should have been selected based on calling * ssl_SignatureSchemeFromSpki(), reject them otherwise. */ return spkiOid != SEC_OID_ANSIX962_EC_PUBLIC_KEY; @@ -4309,6 +4313,22 @@ ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme) return PR_FALSE; } +PRBool +ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme) +{ + switch (scheme) { + case ssl_sig_rsa_pkcs1_sha256: + case ssl_sig_rsa_pkcs1_sha384: + case ssl_sig_rsa_pkcs1_sha512: + case ssl_sig_rsa_pkcs1_sha1: + return PR_TRUE; + + default: + return PR_FALSE; + } + return PR_FALSE; +} + SSLAuthType ssl_SignatureSchemeToAuthType(SSLSignatureScheme scheme) { |