diff options
author | Wan-Teh Chang <wtc@google.com> | 2013-06-07 12:33:25 -0700 |
---|---|---|
committer | Wan-Teh Chang <wtc@google.com> | 2013-06-07 12:33:25 -0700 |
commit | 29ec2f5e5f7acafda74eaf7c4a37f6ab815e2290 (patch) | |
tree | dfc97bf377489db630a86a0a5704db8cbad9f025 | |
parent | 86f6206a932f3dcc45d77327d2bc3fddd58bd339 (diff) | |
download | nss-hg-29ec2f5e5f7acafda74eaf7c4a37f6ab815e2290.tar.gz |
Bug 480514: Prune the supported_signature_algorithms field of our
TLS 1.2 CertificateRequest message to reflect the limitation that
we only support TLS 1.2 CertificateVerify messages that use the
handshake hash (which is always SHA256). r=agl.
-rw-r--r-- | lib/ssl/ssl3con.c | 38 | ||||
-rw-r--r-- | lib/ssl/ssl3ext.c | 20 | ||||
-rw-r--r-- | lib/ssl/sslimpl.h | 2 |
3 files changed, 30 insertions, 30 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 844fc6bf9..3c798ac5d 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -198,19 +198,18 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { ct_DSS_sign, }; -/* This block is our supported_signature_algorithms value, in wire format. - * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ +/* This block is the contents of the supported_signature_algorithms field of + * our TLS 1.2 CertificateRequest message, in wire format. See + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + * + * This block contains only sha256 entries because we only support TLS 1.2 + * CertificateVerify messages that use the handshake hash. */ static const PRUint8 supported_signature_algorithms[] = { tls_hash_sha256, tls_sig_rsa, - tls_hash_sha384, tls_sig_rsa, - tls_hash_sha1, tls_sig_rsa, #ifdef NSS_ENABLE_ECC tls_hash_sha256, tls_sig_ecdsa, - tls_hash_sha384, tls_sig_ecdsa, - tls_hash_sha1, tls_sig_ecdsa, #endif tls_hash_sha256, tls_sig_dsa, - tls_hash_sha1, tls_sig_dsa, }; #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ @@ -3960,23 +3959,6 @@ ssl3_AppendSignatureAndHashAlgorithm( return ssl3_AppendHandshake(ss, serialized, sizeof(serialized)); } -/* Appends our supported_signature_algorithms value to the current handshake - * message. */ -SECStatus -ssl3_AppendSupportedSignatureAlgorithms(sslSocket *ss) -{ - return ssl3_AppendHandshakeVariable(ss, supported_signature_algorithms, - sizeof(supported_signature_algorithms), - 2); -} - -/* Returns the size in bytes of our supported_signature_algorithms value. */ -unsigned int -ssl3_SizeOfSupportedSignatureAlgorithms(void) -{ - return sizeof(supported_signature_algorithms); -} - /************************************************************************** * Consume Handshake functions. * @@ -8358,6 +8340,7 @@ ssl3_SendCertificateRequest(sslSocket *ss) SECItem * name; CERTDistNames *ca_list; const PRUint8 *certTypes; + const PRUint8 *sigAlgs; SECItem * names = NULL; SECStatus rv; int length; @@ -8365,6 +8348,7 @@ ssl3_SendCertificateRequest(sslSocket *ss) int calen = 0; int nnames = 0; int certTypesLength; + int sigAlgsLength; SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", SSL_GETPID(), ss->fd)); @@ -8391,10 +8375,12 @@ ssl3_SendCertificateRequest(sslSocket *ss) certTypes = certificate_types; certTypesLength = sizeof certificate_types; + sigAlgs = supported_signature_algorithms; + sigAlgsLength = sizeof supported_signature_algorithms; length = 1 + certTypesLength + 2 + calen; if (isTLS12) { - length += 2 + ssl3_SizeOfSupportedSignatureAlgorithms(); + length += 2 + sigAlgsLength; } rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length); @@ -8406,7 +8392,7 @@ ssl3_SendCertificateRequest(sslSocket *ss) return rv; /* err set by AppendHandshake. */ } if (isTLS12) { - rv = ssl3_AppendSupportedSignatureAlgorithms(ss); + rv = ssl3_AppendHandshakeVariable(ss, sigAlgs, sigAlgsLength, 2); if (rv != SECSuccess) { return rv; /* err set by AppendHandshake. */ } diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c index 741643975..f6e9e2b78 100644 --- a/lib/ssl/ssl3ext.c +++ b/lib/ssl/ssl3ext.c @@ -2081,6 +2081,21 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) { + static const unsigned char signatureAlgorithms[] = { + /* This block is the contents of our signature_algorithms extension, in + * wire format. See + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ + tls_hash_sha256, tls_sig_rsa, + tls_hash_sha384, tls_sig_rsa, + tls_hash_sha1, tls_sig_rsa, +#ifdef NSS_ENABLE_ECC + tls_hash_sha256, tls_sig_ecdsa, + tls_hash_sha384, tls_sig_ecdsa, + tls_hash_sha1, tls_sig_ecdsa, +#endif + tls_hash_sha256, tls_sig_dsa, + tls_hash_sha1, tls_sig_dsa, + }; PRInt32 extension_length; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { @@ -2091,7 +2106,7 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* extension type */ + 2 /* extension length */ + 2 /* supported_signature_algorithms length */ + - ssl3_SizeOfSupportedSignatureAlgorithms(); + sizeof(signatureAlgorithms); if (append && maxBytes >= extension_length) { SECStatus rv; @@ -2101,7 +2116,8 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); if (rv != SECSuccess) goto loser; - rv = ssl3_AppendSupportedSignatureAlgorithms(ss); + rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, + sizeof(signatureAlgorithms), 2); if (rv != SECSuccess) goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h index 15aa6a7cf..4818b47d3 100644 --- a/lib/ssl/sslimpl.h +++ b/lib/ssl/sslimpl.h @@ -1614,8 +1614,6 @@ extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss, const SSL3SignatureAndHashAlgorithm* sigAndHash); -extern SECStatus ssl3_AppendSupportedSignatureAlgorithms(sslSocket *ss); -extern unsigned int ssl3_SizeOfSupportedSignatureAlgorithms(void); extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, |