summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-07-17 01:44:56 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-07-17 01:44:56 +0200
commit5f7e98fff1ab0dd36a6041d5ae9bef74676a352f (patch)
tree2575b8c83e421075e1c9171238e9c203f03b0d36
parent1e560deff8c37164eb7496e7d87aa7b30de80398 (diff)
downloadUXP-5f7e98fff1ab0dd36a6041d5ae9bef74676a352f.tar
UXP-5f7e98fff1ab0dd36a6041d5ae9bef74676a352f.tar.gz
UXP-5f7e98fff1ab0dd36a6041d5ae9bef74676a352f.tar.lz
UXP-5f7e98fff1ab0dd36a6041d5ae9bef74676a352f.tar.xz
UXP-5f7e98fff1ab0dd36a6041d5ae9bef74676a352f.zip
Prohibit the use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
This is a spec compliance issue.
-rw-r--r--security/nss/lib/ssl/ssl3con.c20
1 files changed, 20 insertions, 0 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index 3b5c69b11..d98521a52 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -64,6 +64,7 @@ static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
+PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme);
const PRUint8 ssl_hello_retry_random[] = {
0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
@@ -4060,6 +4061,9 @@ ssl_SignatureSchemeValid(SSLSignatureScheme scheme, SECOidTag spkiOid,
if (ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) {
return PR_FALSE;
}
+ if (ssl_IsRsaPkcs1SignatureScheme(scheme)) {
+ return PR_FALSE;
+ }
/* With TLS 1.3, EC keys should have been selected based on calling
* ssl_SignatureSchemeFromSpki(), reject them otherwise. */
return spkiOid != SEC_OID_ANSIX962_EC_PUBLIC_KEY;
@@ -4309,6 +4313,22 @@ ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme)
return PR_FALSE;
}
+PRBool
+ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme)
+{
+ switch (scheme) {
+ case ssl_sig_rsa_pkcs1_sha256:
+ case ssl_sig_rsa_pkcs1_sha384:
+ case ssl_sig_rsa_pkcs1_sha512:
+ case ssl_sig_rsa_pkcs1_sha1:
+ return PR_TRUE;
+
+ default:
+ return PR_FALSE;
+ }
+ return PR_FALSE;
+}
+
SSLAuthType
ssl_SignatureSchemeToAuthType(SSLSignatureScheme scheme)
{