Prohibit the use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3.
This commit is contained in:
parent
37978cf0a2
commit
0c4242dd71
|
@ -64,6 +64,7 @@ static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
|
|||
static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
|
||||
static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
|
||||
PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
|
||||
PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme);
|
||||
|
||||
const PRUint8 ssl_hello_retry_random[] = {
|
||||
0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
|
||||
|
@ -4060,6 +4061,9 @@ ssl_SignatureSchemeValid(SSLSignatureScheme scheme, SECOidTag spkiOid,
|
|||
if (ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
if (ssl_IsRsaPkcs1SignatureScheme(scheme)) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
/* With TLS 1.3, EC keys should have been selected based on calling
|
||||
* ssl_SignatureSchemeFromSpki(), reject them otherwise. */
|
||||
return spkiOid != SEC_OID_ANSIX962_EC_PUBLIC_KEY;
|
||||
|
@ -4309,6 +4313,22 @@ ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme)
|
|||
return PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool
|
||||
ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme)
|
||||
{
|
||||
switch (scheme) {
|
||||
case ssl_sig_rsa_pkcs1_sha256:
|
||||
case ssl_sig_rsa_pkcs1_sha384:
|
||||
case ssl_sig_rsa_pkcs1_sha512:
|
||||
case ssl_sig_rsa_pkcs1_sha1:
|
||||
return PR_TRUE;
|
||||
|
||||
default:
|
||||
return PR_FALSE;
|
||||
}
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
SSLAuthType
|
||||
ssl_SignatureSchemeToAuthType(SSLSignatureScheme scheme)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue