137 lines
5.0 KiB
Diff
137 lines
5.0 KiB
Diff
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
--- a/lib/ssl/ssl3con.c
|
|
+++ b/lib/ssl/ssl3con.c
|
|
@@ -209,19 +209,25 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
|
* order of signature types is based on the same rules for ordering we use for
|
|
* cipher suites just for consistency.
|
|
*/
|
|
static const SignatureScheme defaultSignatureSchemes[] = {
|
|
ssl_sig_ecdsa_secp256r1_sha256,
|
|
ssl_sig_ecdsa_secp384r1_sha384,
|
|
ssl_sig_ecdsa_secp521r1_sha512,
|
|
ssl_sig_ecdsa_sha1,
|
|
+#if 0
|
|
+ /* Disable, while we are waiting for an upstream fix to
|
|
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=1311950
|
|
+ * (NSS does not check if token supports RSA-PSS before using it to sign)
|
|
+ **/
|
|
ssl_sig_rsa_pss_sha256,
|
|
ssl_sig_rsa_pss_sha384,
|
|
ssl_sig_rsa_pss_sha512,
|
|
+#endif
|
|
ssl_sig_rsa_pkcs1_sha256,
|
|
ssl_sig_rsa_pkcs1_sha384,
|
|
ssl_sig_rsa_pkcs1_sha512,
|
|
ssl_sig_rsa_pkcs1_sha1,
|
|
ssl_sig_dsa_sha256,
|
|
ssl_sig_dsa_sha384,
|
|
ssl_sig_dsa_sha512,
|
|
ssl_sig_dsa_sha1
|
|
@@ -5193,19 +5199,26 @@ ssl_CheckSignatureSchemeConsistency(
|
|
PRBool
|
|
ssl_IsSupportedSignatureScheme(SignatureScheme scheme)
|
|
{
|
|
switch (scheme) {
|
|
case ssl_sig_rsa_pkcs1_sha1:
|
|
case ssl_sig_rsa_pkcs1_sha256:
|
|
case ssl_sig_rsa_pkcs1_sha384:
|
|
case ssl_sig_rsa_pkcs1_sha512:
|
|
+ return PR_TRUE;
|
|
+ /* Disable, while we are waiting for an upstream fix to
|
|
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=1311950
|
|
+ * (NSS does not check if token supports RSA-PSS before using it to sign)
|
|
+ **/
|
|
case ssl_sig_rsa_pss_sha256:
|
|
case ssl_sig_rsa_pss_sha384:
|
|
case ssl_sig_rsa_pss_sha512:
|
|
+ return PR_FALSE;
|
|
+
|
|
case ssl_sig_ecdsa_secp256r1_sha256:
|
|
case ssl_sig_ecdsa_secp384r1_sha384:
|
|
case ssl_sig_ecdsa_secp521r1_sha512:
|
|
case ssl_sig_dsa_sha1:
|
|
case ssl_sig_dsa_sha256:
|
|
case ssl_sig_dsa_sha384:
|
|
case ssl_sig_dsa_sha512:
|
|
case ssl_sig_ecdsa_sha1:
|
|
@@ -7094,16 +7107,24 @@ ssl_PickSignatureScheme(sslSocket *ss, S
|
|
SignatureScheme preferred = ss->ssl3.signatureSchemes[i];
|
|
PRUint32 policy;
|
|
|
|
if (!ssl_SignatureSchemeValidForKey(isTLS13, keyType, group,
|
|
preferred)) {
|
|
continue;
|
|
}
|
|
|
|
+ if (ssl_IsRsaPssSignatureScheme(preferred)) {
|
|
+ /* Disable, while we are waiting for an upstream fix to
|
|
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=1311950
|
|
+ * (NSS does not check if token supports RSA-PSS before using it to sign)
|
|
+ **/
|
|
+ continue;
|
|
+ }
|
|
+
|
|
hashType = ssl_SignatureSchemeToHashType(preferred);
|
|
hashOID = ssl3_HashTypeToOID(hashType);
|
|
if (requireSha1 && hashOID != SEC_OID_SHA1) {
|
|
continue;
|
|
}
|
|
if ((NSS_GetAlgorithmPolicy(hashOID, &policy) == SECSuccess) &&
|
|
!(policy & NSS_USE_ALG_IN_SSL_KX)) {
|
|
/* we ignore hashes we don't support */
|
|
diff --git a/lib/ssl/sslcert.c b/lib/ssl/sslcert.c
|
|
--- a/lib/ssl/sslcert.c
|
|
+++ b/lib/ssl/sslcert.c
|
|
@@ -403,39 +403,51 @@ ssl_ConfigRsaPkcs1CertByUsage(sslSocket
|
|
SSLExtraServerCertData *data)
|
|
{
|
|
SECStatus rv = SECFailure;
|
|
|
|
PRBool ku_sig = (PRBool)(cert->keyUsage & KU_DIGITAL_SIGNATURE);
|
|
PRBool ku_enc = (PRBool)(cert->keyUsage & KU_KEY_ENCIPHERMENT);
|
|
|
|
if ((data->authType == ssl_auth_rsa_sign && ku_sig) ||
|
|
+#if 0
|
|
+ /* Disable, while we are waiting for an upstream fix to
|
|
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=1311950
|
|
+ * (NSS does not check if token supports RSA-PSS before using it to sign)
|
|
+ **/
|
|
(data->authType == ssl_auth_rsa_pss && ku_sig) ||
|
|
+#endif
|
|
(data->authType == ssl_auth_rsa_decrypt && ku_enc)) {
|
|
return ssl_ConfigCert(ss, cert, keyPair, data);
|
|
}
|
|
|
|
if (data->authType != ssl_auth_null || !(ku_sig || ku_enc)) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
if (ku_sig) {
|
|
data->authType = ssl_auth_rsa_sign;
|
|
rv = ssl_ConfigCert(ss, cert, keyPair, data);
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|
|
|
|
+#if 0
|
|
+ /* Disable, while we are waiting for an upstream fix to
|
|
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=1311950
|
|
+ * (NSS does not check if token supports RSA-PSS before using it to sign)
|
|
+ **/
|
|
/* This certificate is RSA, assume that it's also PSS. */
|
|
data->authType = ssl_auth_rsa_pss;
|
|
rv = ssl_ConfigCert(ss, cert, keyPair, data);
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|
|
+#endif
|
|
}
|
|
|
|
if (ku_enc) {
|
|
/* If ku_sig=true we configure signature and encryption slots with the
|
|
* same cert. This is bad form, but there are enough dual-usage RSA
|
|
* certs that we can't really break by limiting this to one type. */
|
|
data->authType = ssl_auth_rsa_decrypt;
|
|
rv = ssl_ConfigCert(ss, cert, keyPair, data);
|