diff options
| author | Robert Relyea <rrelyea@redhat.com> | 2020-10-14 11:37:52 -0700 |
|---|---|---|
| committer | Robert Relyea <rrelyea@redhat.com> | 2020-10-14 11:37:52 -0700 |
| commit | 912b5170fc52869710c2ae8fb94f0ade7bb71353 (patch) | |
| tree | 5093362bba68d0531e0ea6499d4756e3f8fd21cd /lib | |
| parent | a775e526d5b24fa118ffd2668983b66ca057fa76 (diff) | |
| download | nss-hg-912b5170fc52869710c2ae8fb94f0ade7bb71353.tar.gz | |
Bug 1670835 Crypto Policy Support needs to be updated with disable/enable support
Policy update
Current state of the nss policy system:
The initial policy patch focused on getting policy working well in handling ssl. The policy infrastructure used two existing NSS infrastructure:
1) Algorithm policies tied the OIDS and
2) the ssl policy constraints first created to handle export policy restrictions.
To make loadable policies work, we added a couple of new things:
1) a policy parser to the secmod infrastructure which allows us to set algorithm policies based on a config file. This file had two sections: disallow= and allow=. Disallow turned off policy bits, and allow turned them on. Disallow was always parsed first, so you could very strictly control your policy map by saying disallow=all allow={exclusive list of allowed algorithms}
2) a new NSS_Option() value that allowed the policy parser to set integer values (like minimum tls version) based on the data in the policy parser.
3) SSL code which is run at ssl_init time that reads the algorithm policies and maps the results to SSL policies.
The resulting loaded policy code, in general, sets the boundaries of what it possible, actually enable/disable of ssl cipher suites are still under program control, and the builtin NSS default values. The only consession to configuration is if a cipher is disallowed by policy, it is also disabled. Allowing a cipher suite by policy that wasn't already enabled, however, doesn't enable that policy by default. Inside the policy restrictions, applications can still make their own decisions on configuration and preference.
At the time the policy system was designed, there were 3 additional features, which were designed, but not specified: disable, enable, and lock.
disable and enable work just like disallow and allow, except the specify what the default settings are. This would allow the policy file to change the underlying default in the case where the application doesn't try to configure ssl on it's own.
lock would make either the policy or configuration 'locked' meaning once the lock has been executed, no further changes to those configurations would be allowed.
What is needed:
We have a need for the following additional features:
1) we want to turn more of the sha-1 hash function off by default. We still need sha-1 digest because it's used in many non-secure cases, but we do want to disable more sha-1 signature usage. Currently only CERT-SIGNATURE and various hmac usages in SSL ciphers can be controlled by policy. We want to disallow a greater range of signature (that is signature use in general).
2) we want to disable more ciphers by default, but need a way to have certain policies (like LEGACY) turn them back on, so that our shipped system is more secure by default.
What this patch provides:
1) A new policy flag NSS_USE_ALG_IN_ANY_SIGNATURE was added. The cryptohi code which exports the NSS sign/verify high level code now checks the hash and signing algorithm against this new policy flag and fails if the policy isn't available.
New key words were added to the policy parser for 'all-signature', which implies all signature flags at once, and 'signature', which maps to NSS_USE_ANY_SIGNATURE. NOTE: disable=all/signature and disable=all/all-signature are effective equivalent because cert-signatures eventually call the low level signature functions, but disable=all allow=rsa-pss/all-signature and disable=all allow=rsa-pss/signature are different in that the latter allows all rsa-pss signature and the latter allows rsa-pss signatures, but no on certificates (or on smime in the future)
Also new keywords were added for rsa-pkcs, rsa-pss, and ecdsa for signature algorithms (along with dsa).
2) This patch implements disable and enable. These functions only work on SSL configuration. In the future SMIME/CMS configuration could also be added. Because the policy system is parsed and handled by NSS, and SSL configuration is handled in SSL, we use the same Apply code we used to apply ssl policy to set the inital configuration. The configured enable/disable state is configured in the ALGORTHIM policy system, where one bit says the enable/disable value is active and another bit which gives it's state.
3) two locks have been implented, policy-lock and ssl-lock. These are specified in the parser as flags (flags=policy-lock,ssl-lock). The policy locks all the policy changes: ssl_policy, algorithm policy, and options. It is implemented by two new exported functions: NSS_IsPolicyLocked() and NSS_LockPolicy(). The first allows applications to test if the policy is locked without having to try changing the policy. The various policy set functions check the NSS_IsPolicyLocked() function and returns SEC_ERROR_POLICY_LOCK if it's true.
The ssl-lock changes the state of the policy to locked, and the state cannot be changed back without shutting down NSS. The second is implemented by setting a new Option called NSS_DEFAULT_LOCKS and the NSS_DEFAULT_SSL_LOCK flag. The idea is we can add an SMIME lock in the future. SSL checks the NSS_DEFAULT_SSL_LOCK flag before trying to set the cipher suite value, and blocks the change if it's set.
4) sslpolicy tests were updated to test the enable, disable, flags=policy-lock, flags=ssl-lock and the new signature primitives.
5) policy tests were updated to be able to run standalone (like all the other all.sh tests), as well as new tests to detect when no signing algorithms have been enabled.
What is not in the patch
1) S/MIME signature policy has been defined for a while, but never hooked up.
2) S/MIME export policy needs to be connected back to the algorithm policy system just like the ssl cipher suites already are.
3) S/MIME default configuration needs to be connected back to the policy system.
4) ECC Curve policy needs to be hooked up with the signature policy (probably should create a generic 'key meets policy' function and have every call it).
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/cryptohi/keyi.h | 3 | ||||
| -rw-r--r-- | lib/cryptohi/secsign.c | 35 | ||||
| -rw-r--r-- | lib/cryptohi/secvfy.c | 120 | ||||
| -rw-r--r-- | lib/nss/nss.h | 2 | ||||
| -rw-r--r-- | lib/nss/nssoptions.c | 17 | ||||
| -rw-r--r-- | lib/pk11wrap/pk11pars.c | 205 | ||||
| -rw-r--r-- | lib/ssl/ssl3con.c | 81 | ||||
| -rw-r--r-- | lib/ssl/sslsock.c | 15 | ||||
| -rw-r--r-- | lib/util/SECerrs.h | 6 | ||||
| -rw-r--r-- | lib/util/nssutil.def | 7 | ||||
| -rw-r--r-- | lib/util/secerr.h | 3 | ||||
| -rw-r--r-- | lib/util/secoid.c | 24 | ||||
| -rw-r--r-- | lib/util/secoid.h | 9 | ||||
| -rw-r--r-- | lib/util/secoidt.h | 19 |
14 files changed, 431 insertions, 115 deletions
diff --git a/lib/cryptohi/keyi.h b/lib/cryptohi/keyi.h index b746d3c8d..707e11ade 100644 --- a/lib/cryptohi/keyi.h +++ b/lib/cryptohi/keyi.h @@ -17,6 +17,9 @@ KeyType seckey_GetKeyType(SECOidTag pubKeyOid); SECStatus sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg); +/* just get the 'encryption' oid from the combined signature oid */ +SECOidTag sec_GetEncAlgFromSigAlg(SECOidTag sigAlg); + /* extract the RSA-PSS hash algorithms and salt length from * parameters, taking into account of the default implications. * diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c index 125dfd913..c46b2b1e4 100644 --- a/lib/cryptohi/secsign.c +++ b/lib/cryptohi/secsign.c @@ -31,6 +31,7 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key) SGNContext *cx; SECOidTag hashalg, signalg; KeyType keyType; + PRUint32 policyFlags; SECStatus rv; /* OK, map a PKCS #7 hash and encrypt algorithm into @@ -44,7 +45,7 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key) rv = sec_DecodeSigAlg(NULL, alg, params, &signalg, &hashalg); if (rv != SECSuccess) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return 0; + return NULL; } keyType = seckey_GetKeyType(signalg); @@ -53,7 +54,19 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key) !((key->keyType == dsaKey) && (keyType == fortezzaKey)) && !((key->keyType == rsaKey) && (keyType == rsaPssKey))) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return 0; + return NULL; + } + /* check the policy on the hash algorithm */ + if ((NSS_GetAlgorithmPolicy(hashalg, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + return NULL; + } + /* check the policy on the encryption algorithm */ + if ((NSS_GetAlgorithmPolicy(signalg, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + return NULL; } cx = (SGNContext *)PORT_ZAlloc(sizeof(SGNContext)); @@ -452,9 +465,27 @@ SGN_Digest(SECKEYPrivateKey *privKey, SECItem digder; PLArenaPool *arena = 0; SGNDigestInfo *di = 0; + SECOidTag enctag; + PRUint32 policyFlags; result->data = 0; + /* check the policy on the hash algorithm */ + if ((NSS_GetAlgorithmPolicy(algtag, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + return SECFailure; + } + /* check the policy on the encryption algorithm */ + enctag = sec_GetEncAlgFromSigAlg( + SEC_GetSignatureAlgorithmOidTag(privKey->keyType, algtag)); + if ((enctag == SEC_OID_UNKNOWN) || + (NSS_GetAlgorithmPolicy(enctag, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + return SECFailure; + } + if (privKey->keyType == rsaKey) { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c index fc0a0c12b..2540a544c 100644 --- a/lib/cryptohi/secvfy.c +++ b/lib/cryptohi/secvfy.c @@ -217,6 +217,56 @@ const SEC_ASN1Template hashParameterTemplate[] = }; /* + * Get just the encryption algorithm from the signature algorithm + */ +SECOidTag +sec_GetEncAlgFromSigAlg(SECOidTag sigAlg) +{ + /* get the "encryption" algorithm */ + switch (sigAlg) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: + case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: + case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: + return SEC_OID_PKCS1_RSA_ENCRYPTION; + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: + return SEC_OID_PKCS1_RSA_PSS_SIGNATURE; + + /* what about normal DSA? */ + case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: + return SEC_OID_ANSIX9_DSA_SIGNATURE; + case SEC_OID_MISSI_DSS: + case SEC_OID_MISSI_KEA_DSS: + case SEC_OID_MISSI_KEA_DSS_OLD: + case SEC_OID_MISSI_DSS_OLD: + return SEC_OID_MISSI_DSS; + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: + return SEC_OID_ANSIX962_EC_PUBLIC_KEY; + /* we don't implement MD4 hashes */ + case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: + default: + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + break; + } + return SEC_OID_UNKNOWN; +} + +/* * Pulls the hash algorithm, signing algorithm, and key type out of a * composite algorithm. * @@ -229,15 +279,16 @@ const SEC_ASN1Template hashParameterTemplate[] = */ SECStatus sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, - const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg) + const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg) { int len; PLArenaPool *arena; SECStatus rv; SECItem oid; + SECOidTag encalg; PR_ASSERT(hashalg != NULL); - PR_ASSERT(encalg != NULL); + PR_ASSERT(encalgp != NULL); switch (sigAlg) { /* We probably shouldn't be generating MD2 signatures either */ @@ -354,52 +405,13 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return SECFailure; } - /* get the "encryption" algorithm */ - switch (sigAlg) { - case SEC_OID_PKCS1_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: - case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: - case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: - *encalg = SEC_OID_PKCS1_RSA_ENCRYPTION; - break; - case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: - *encalg = SEC_OID_PKCS1_RSA_PSS_SIGNATURE; - break; - /* what about normal DSA? */ - case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: - case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: - case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST: - case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: - *encalg = SEC_OID_ANSIX9_DSA_SIGNATURE; - break; - case SEC_OID_MISSI_DSS: - case SEC_OID_MISSI_KEA_DSS: - case SEC_OID_MISSI_KEA_DSS_OLD: - case SEC_OID_MISSI_DSS_OLD: - *encalg = SEC_OID_MISSI_DSS; - break; - case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: - case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: - *encalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; - break; - /* we don't implement MD4 hashes */ - case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: - default: - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; + encalg = sec_GetEncAlgFromSigAlg(sigAlg); + if (encalg == SEC_OID_UNKNOWN) { + return SECFailure; } + *encalgp = encalg; + return SECSuccess; } @@ -423,6 +435,7 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, SECStatus rv; unsigned int sigLen; KeyType type; + PRUint32 policyFlags; /* make sure the encryption algorithm matches the key type */ /* RSA-PSS algorithm can be used with both rsaKey and rsaPssKey */ @@ -433,6 +446,13 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, return NULL; } + /* check the policy on the encryption algorithm */ + if ((NSS_GetAlgorithmPolicy(encAlg, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + return NULL; + } + cx = (VFYContext *)PORT_ZAlloc(sizeof(VFYContext)); if (cx == NULL) { goto loser; @@ -493,6 +513,14 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, /* error set by HASH_GetHashTypeByOidTag */ goto loser; } + /* check the policy on the hash algorithm. Do this after + * the rsa decode because some uses of this function get hash implicitly + * from the RSA signature itself. */ + if ((NSS_GetAlgorithmPolicy(cx->hashAlg, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + goto loser; + } if (hash) { *hash = cx->hashAlg; diff --git a/lib/nss/nss.h b/lib/nss/nss.h index c1ce11401..8d9722679 100644 --- a/lib/nss/nss.h +++ b/lib/nss/nss.h @@ -299,6 +299,8 @@ SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); * old NSS versions. This option might be removed in the future NSS * releases; don't rely on it. */ #define __NSS_PKCS12_DECODE_FORCE_UNICODE 0x00c +#define NSS_DEFAULT_LOCKS 0x00d /* lock default values */ +#define NSS_DEFAULT_SSL_LOCK 1 /* lock the ssl default values */ /* * Set and get global options for the NSS library. diff --git a/lib/nss/nssoptions.c b/lib/nss/nssoptions.c index 1339cede8..f7225c414 100644 --- a/lib/nss/nssoptions.c +++ b/lib/nss/nssoptions.c @@ -14,6 +14,7 @@ #include "secoid.h" #include "nss.h" #include "nssoptions.h" +#include "secerr.h" struct nssOps { PRInt32 rsaMinKeySize; @@ -24,6 +25,7 @@ struct nssOps { PRInt32 dtlsVersionMinPolicy; PRInt32 dtlsVersionMaxPolicy; PRInt32 pkcs12DecodeForceUnicode; + PRInt32 defaultLocks; }; static struct nssOps nss_ops = { @@ -34,7 +36,8 @@ static struct nssOps nss_ops = { 0xffff, /* set TLS max to more than the largest legal SSL value */ 1, 0xffff, - PR_FALSE + PR_FALSE, + 0 }; SECStatus @@ -42,6 +45,11 @@ NSS_OptionSet(PRInt32 which, PRInt32 value) { SECStatus rv = SECSuccess; + if (NSS_IsPolicyLocked()) { + PORT_SetError(SEC_ERROR_POLICY_LOCKED); + return SECFailure; + } + switch (which) { case NSS_RSA_MIN_KEY_SIZE: nss_ops.rsaMinKeySize = value; @@ -67,7 +75,11 @@ NSS_OptionSet(PRInt32 which, PRInt32 value) case __NSS_PKCS12_DECODE_FORCE_UNICODE: nss_ops.pkcs12DecodeForceUnicode = value; break; + case NSS_DEFAULT_LOCKS: + nss_ops.defaultLocks = value; + break; default: + PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; } @@ -104,6 +116,9 @@ NSS_OptionGet(PRInt32 which, PRInt32 *value) case __NSS_PKCS12_DECODE_FORCE_UNICODE: *value = nss_ops.pkcs12DecodeForceUnicode; break; + case NSS_DEFAULT_LOCKS: + *value = nss_ops.defaultLocks; + break; default: rv = SECFailure; } diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c index 0e823233d..68738b3d4 100644 --- a/lib/pk11wrap/pk11pars.c +++ b/lib/pk11wrap/pk11pars.c @@ -158,16 +158,17 @@ SECMOD_CreateModule(const char *library, const char *moduleName, * Disallow values are parsed first, then allow values, independent of the * order they appear. * - * Future key words (not yet implemented): + * flags: turn on the following flags: + * policy-lock: turn off the ability for applications to change policy with + * the call NSS_SetAlgorithmPolicy or the other system policy + * calls (SSL_SetPolicy, etc.) + * ssl-lock: turn off the ability to change the ssl defaults. + * + * The following only apply to ssl cipher suites (future smime) + * * enable: turn on ciphersuites by default. * disable: turn off ciphersuites by default without disallowing them by policy. - * flags: turn on the following flags: - * ssl-lock: turn off the ability for applications to change policy with - * the SSL_SetCipherPolicy (or SSL_SetPolicy). - * policy-lock: turn off the ability for applications to change policy with - * the call NSS_SetAlgorithmPolicy. - * ssl-default-lock: turn off the ability for applications to change cipher - * suite states with SSL_EnableCipher, SSL_DisableCipher. + * * */ @@ -323,21 +324,21 @@ static const oidValDef curveOptList[] = { static const oidValDef hashOptList[] = { /* Hashes */ { CIPHER_NAME("MD2"), SEC_OID_MD2, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("MD4"), SEC_OID_MD4, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("MD5"), SEC_OID_MD5, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("SHA1"), SEC_OID_SHA1, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("SHA224"), SEC_OID_SHA224, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("SHA256"), SEC_OID_SHA256, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("SHA384"), SEC_OID_SHA384, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("SHA512"), SEC_OID_SHA512, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE } }; static const oidValDef macOptList[] = { @@ -389,7 +390,13 @@ static const oidValDef kxOptList[] = { static const oidValDef signOptList[] = { /* Signatures */ { CIPHER_NAME("DSA"), SEC_OID_ANSIX9_DSA_SIGNATURE, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, + { CIPHER_NAME("RSA-PKCS"), SEC_OID_PKCS1_RSA_ENCRYPTION, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, + { CIPHER_NAME("RSA-PSS"), SEC_OID_PKCS1_RSA_PSS_SIGNATURE, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, + { CIPHER_NAME("ECDSA"), SEC_OID_ANSIX962_EC_PUBLIC_KEY, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, }; typedef struct { @@ -405,7 +412,7 @@ static const algListsDef algOptLists[] = { { macOptList, PR_ARRAY_SIZE(macOptList), "MAC", PR_FALSE }, { cipherOptList, PR_ARRAY_SIZE(cipherOptList), "CIPHER", PR_FALSE }, { kxOptList, PR_ARRAY_SIZE(kxOptList), "OTHER-KX", PR_FALSE }, - { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_TRUE }, + { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_FALSE }, }; static const optionFreeDef sslOptList[] = { @@ -443,10 +450,19 @@ static const policyFlagDef policyFlagList[] = { /* add other key exhanges in the future */ { CIPHER_NAME("KEY-EXCHANGE"), NSS_USE_ALG_IN_SSL_KX }, { CIPHER_NAME("CERT-SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE }, - /* add other signatures in the future */ - { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE }, - /* enable everything */ - { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + { CIPHER_NAME("CMS-SIGNATURE"), NSS_USE_ALG_IN_CMS_SIGNATURE }, + { CIPHER_NAME("ALL-SIGNATURE"), NSS_USE_ALG_IN_SIGNATURE }, + /* sign turns off all signatures, but doesn't change the + * allowance for specific sigantures... for example: + * disallow=sha256/all allow=sha256/signature doesn't allow + * cert-sigantures, where disallow=sha256/all allow=sha256/all-signature + * does. + * however, disallow=sha356/signature and disallow=sha256/all-siganture are + * equivalent in effect */ + { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_ANY_SIGNATURE }, + /* enable/disable everything */ + { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX | + NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("NONE"), 0 } }; @@ -538,8 +554,82 @@ secmod_getPolicyOptValue(const char *policyValue, int policyValueLength, return SECFailure; } +/* Policy operations: + * Disallow: operation is disallowed by policy. Implies disabled. + * Allow: operation is allowed by policy (but could be disabled). + * Disable: operation is turned off by default (but could be allowed). + * Enable: operation is enabled by default. Implies allowed. + */ +typedef enum { + NSS_DISALLOW, + NSS_ALLOW, + NSS_DISABLE, + NSS_ENABLE +} NSSPolicyOperation; + +/* apply the operator specific policy */ +SECStatus +secmod_setPolicyOperation(SECOidTag oid, NSSPolicyOperation operation, + PRUint32 value) +{ + SECStatus rv = SECSuccess; + switch (operation) { + case NSS_DISALLOW: + /* clear the requested policy bits */ + rv = NSS_SetAlgorithmPolicy(oid, 0, value); + break; + case NSS_ALLOW: + /* set the requested policy bits */ + rv = NSS_SetAlgorithmPolicy(oid, value, 0); + break; + /* enable/disable only apply to SSL cipher suites (future S/MIME). + * Enable/disable is implemented by clearing the DEFAULT_NOT_VALID + * flag, then setting the NSS_USE_DEFAULT_SSL_ENABLE flag to the + * correct value. The ssl policy code will then sort out what to + * set based on ciphers and cipher suite values.*/ + case NSS_DISABLE: + if (value & (NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX)) { + /* clear not valid and enable */ + rv = NSS_SetAlgorithmPolicy(oid, 0, + NSS_USE_DEFAULT_NOT_VALID | + NSS_USE_DEFAULT_SSL_ENABLE); + } + break; + case NSS_ENABLE: + if (value & (NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX)) { + /* set enable, clear not valid. NOTE: enable implies allow! */ + rv = NSS_SetAlgorithmPolicy(oid, value | NSS_USE_DEFAULT_SSL_ENABLE, + NSS_USE_DEFAULT_NOT_VALID); + } + break; + default: + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + rv = SECFailure; + break; + } + return rv; +} + +const char * +secmod_getOperationString(NSSPolicyOperation operation) +{ + switch (operation) { + case NSS_DISALLOW: + return "disallow"; + case NSS_ALLOW: + return "allow"; + case NSS_DISABLE: + return "disable"; + case NSS_ENABLE: + return "enable"; + default: + break; + } + return "invalid"; +} + static SECStatus -secmod_applyCryptoPolicy(const char *policyString, PRBool allow, +secmod_applyCryptoPolicy(const char *policyString, NSSPolicyOperation operation, PRBool printPolicyFeedback) { const char *cipher, *currentString; @@ -573,18 +663,10 @@ secmod_applyCryptoPolicy(const char *policyString, PRBool allow, for (i = 0; i < PR_ARRAY_SIZE(algOptLists); i++) { const algListsDef *algOptList = &algOptLists[i]; for (j = 0; j < algOptList->entries; j++) { - PRUint32 enable, disable; if (!newValue) { value = algOptList->list[j].val; } - if (allow) { - enable = value; - disable = 0; - } else { - enable = 0; - disable = value; - } - NSS_SetAlgorithmPolicy(algOptList->list[j].oid, enable, disable); + secmod_setPolicyOperation(algOptList->list[j].oid, operation, value); } } continue; @@ -603,20 +685,12 @@ secmod_applyCryptoPolicy(const char *policyString, PRBool allow, if ((newOption || algOpt->name_size == length) && PORT_Strncasecmp(algOpt->name, cipher, name_size) == 0) { PRUint32 value = algOpt->val; - PRUint32 enable, disable; if (newOption) { value = secmod_parsePolicyValue(&cipher[name_size] + 1, length - name_size - 1, printPolicyFeedback); } - if (allow) { - enable = value; - disable = 0; - } else { - enable = 0; - disable = value; - } - rv = NSS_SetAlgorithmPolicy(algOpt->oid, enable, disable); + rv = secmod_setPolicyOperation(algOptList->list[j].oid, operation, value); if (rv != SECSuccess) { /* could not enable option */ /* NSS_SetAlgorithPolicy should have set the error code */ @@ -666,7 +740,7 @@ secmod_applyCryptoPolicy(const char *policyString, PRBool allow, if (unknown && printPolicyFeedback) { PR_SetEnv("NSS_POLICY_FAIL=1"); fprintf(stderr, "NSS-POLICY-FAIL %s: unknown identifier: %.*s\n", - allow ? "allow" : "disallow", length, cipher); + secmod_getOperationString(operation), length, cipher); } } return rv; @@ -709,7 +783,8 @@ secmod_sanityCheckCryptoPolicy(void) anyEnabled = PR_TRUE; fprintf(stderr, "NSS-POLICY-INFO: %s is enabled for SSL\n", algOpt->name); } - if ((algOpt->val & NSS_USE_ALG_IN_CERT_SIGNATURE) && (value & NSS_USE_ALG_IN_CERT_SIGNATURE)) { + if ((algOpt->val & NSS_USE_ALG_IN_CERT_SIGNATURE) && + ((value & NSS_USE_CERT_SIGNATURE_OK) == NSS_USE_CERT_SIGNATURE_OK)) { ++num_sig_enabled; anyEnabled = PR_TRUE; fprintf(stderr, "NSS-POLICY-INFO: %s is enabled for CERT-SIGNATURE\n", algOpt->name); @@ -740,7 +815,7 @@ secmod_sanityCheckCryptoPolicy(void) static SECStatus secmod_parseCryptoPolicy(const char *policyConfig, PRBool printPolicyFeedback) { - char *disallow, *allow; + char *args; SECStatus rv; if (policyConfig == NULL) { @@ -752,20 +827,46 @@ secmod_parseCryptoPolicy(const char *policyConfig, PRBool printPolicyFeedback) if (rv != SECSuccess) { return rv; } - disallow = NSSUTIL_ArgGetParamValue("disallow", policyConfig); - rv = secmod_applyCryptoPolicy(disallow, PR_FALSE, printPolicyFeedback); - if (disallow) - PORT_Free(disallow); + args = NSSUTIL_ArgGetParamValue("disallow", policyConfig); + rv = secmod_applyCryptoPolicy(args, NSS_DISALLOW, printPolicyFeedback); + if (args) + PORT_Free(args); + if (rv != SECSuccess) { + return rv; + } + args = NSSUTIL_ArgGetParamValue("allow", policyConfig); + rv = secmod_applyCryptoPolicy(args, NSS_ALLOW, printPolicyFeedback); + if (args) + PORT_Free(args); if (rv != SECSuccess) { return rv; } - allow = NSSUTIL_ArgGetParamValue("allow", policyConfig); - rv = secmod_applyCryptoPolicy(allow, PR_TRUE, printPolicyFeedback); - if (allow) - PORT_Free(allow); + args = NSSUTIL_ArgGetParamValue("disable", policyConfig); + rv = secmod_applyCryptoPolicy(args, NSS_DISABLE, printPolicyFeedback); + if (args) + PORT_Free(args); if (rv != SECSuccess) { return rv; } + args = NSSUTIL_ArgGetParamValue("enable", policyConfig); + rv = secmod_applyCryptoPolicy(args, NSS_ENABLE, printPolicyFeedback); + if (args) + PORT_Free(args); + if (rv != SECSuccess) { + return rv; + } + /* this has to be last. Everything after this will be a noop */ + if (NSSUTIL_ArgHasFlag("flags", "ssl-lock", policyConfig)) { + PRInt32 locks; + /* don't overwrite other (future) lock flags */ + rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks); + if (rv == SECSuccess) { + NSS_OptionSet(NSS_DEFAULT_LOCKS, locks | NSS_DEFAULT_SSL_LOCK); + } + } + if (NSSUTIL_ArgHasFlag("flags", "policy-lock", policyConfig)) { + NSS_LockPolicy(); + } if (printPolicyFeedback) { /* This helps to distinguish configurations that don't contain any * policy config= statement. */ diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 8be53d357..d1d22ae8d 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -13584,6 +13584,61 @@ ssl3_DestroySSL3Info(sslSocket *ss) tls13_DestroyPskList(&ss->ssl3.hs.psks); } +/* + * parse the policy value for a single algorithm in a cipher_suite, + * return TRUE if we disallow by the cipher suite by policy + * (we don't have to parse any more algorithm policies on this cipher suite), + * otherwise return FALSE. + * 1. If we don't have the required policy, disable by default, disallow by + * policy and return TRUE (no more processing needed). + * 2. If we have the required policy, and we are disabled, return FALSE, + * (if we are disabled, we only need to parse policy, not default). + * 3. If we have the required policy, and we aren't adjusting the defaults + * return FALSE. (only parsing the policy, not default). + * 4. We have the required policy and we are adjusting the defaults. + * If we are setting default = FALSE, set isDisabled to true so that + * we don't try to re-enable the cipher suite based on a different + * algorithm. + */ +PRBool +ssl_HandlePolicy(int cipher_suite, SECOidTag policyOid, + PRUint32 requiredPolicy, PRBool *isDisabled) +{ + PRUint32 policy; + SECStatus rv; + + /* first fetch the policy for this algorithm */ + rv = NSS_GetAlgorithmPolicy(policyOid, &policy); + if (rv != SECSuccess) { + return PR_FALSE; /* no policy value, continue to the next algorithm */ + } + /* first, are we allowed by policy, if not turn off allow and disable */ + if (!(policy & requiredPolicy)) { + ssl_CipherPrefSetDefault(cipher_suite, PR_FALSE); + ssl_CipherPolicySet(cipher_suite, SSL_NOT_ALLOWED); + return PR_TRUE; + } + /* If we are already disabled, or the policy isn't setting a default + * we are done processing this algorithm */ + if (*isDisabled || (policy & NSS_USE_DEFAULT_NOT_VALID)) { + return PR_FALSE; + } + /* set the default value for the cipher suite. If we disable the cipher + * suite, remember that so we don't process the next default. This has + * the effect of disabling the whole cipher suite if any of the + * algorithms it uses are disabled by default. We still have to + * process the upper level because the cipher suite is still allowed + * by policy, and we may still have to disallow it based on other + * algorithms in the cipher suite. */ + if (policy & NSS_USE_DEFAULT_SSL_ENABLE) { + ssl_CipherPrefSetDefault(cipher_suite, PR_TRUE); + } else { + *isDisabled = PR_TRUE; + ssl_CipherPrefSetDefault(cipher_suite, PR_FALSE); + } + return PR_FALSE; +} + #define MAP_NULL(x) (((x) != 0) ? (x) : SEC_OID_NULL_CIPHER) SECStatus @@ -13602,30 +13657,30 @@ ssl3_ApplyNSSPolicy(void) for (i = 1; i < PR_ARRAY_SIZE(cipher_suite_defs); ++i) { const ssl3CipherSuiteDef *suite = &cipher_suite_defs[i]; SECOidTag policyOid; + PRBool isDisabled = PR_FALSE; + /* if we haven't explicitly disabled it below enable by policy */ + ssl_CipherPolicySet(suite->cipher_suite, SSL_ALLOWED); + + /* now check the various key exchange, ciphers and macs and + * if we ever disallow by policy, we are done, go to the next cipher + */ policyOid = MAP_NULL(kea_defs[suite->key_exchange_alg].oid); - rv = NSS_GetAlgorithmPolicy(policyOid, &policy); - if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL_KX)) { - ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE); - ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED); + if (ssl_HandlePolicy(suite->cipher_suite, policyOid, + NSS_USE_ALG_IN_SSL_KX, &isDisabled)) { continue; } policyOid = MAP_NULL(ssl_GetBulkCipherDef(suite)->oid); - rv = NSS_GetAlgorithmPolicy(policyOid, &policy); - if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) { - ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE); - ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED); + if (ssl_HandlePolicy(suite->cipher_suite, policyOid, + NSS_USE_ALG_IN_SSL, &isDisabled)) { continue; } if (ssl_GetBulkCipherDef(suite)->type != type_aead) { policyOid = MAP_NULL(ssl_GetMacDefByAlg(suite->mac_alg)->oid); - rv = NSS_GetAlgorithmPolicy(policyOid, &policy); - if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) { - ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE); - ssl_CipherPolicySet(suite->cipher_suite, - SSL_NOT_ALLOWED); + if (ssl_HandlePolicy(suite->cipher_suite, policyOid, + NSS_USE_ALG_IN_SSL, &isDisabled)) { continue; } } diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index 83372104e..695f39c50 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -1460,6 +1460,10 @@ SSL_CipherPolicySet(PRInt32 which, PRInt32 policy) if (rv != SECSuccess) { return rv; } + if (NSS_IsPolicyLocked()) { + PORT_SetError(SEC_ERROR_POLICY_LOCKED); + return SECFailure; + } return ssl_CipherPolicySet(which, policy); } @@ -1506,10 +1510,15 @@ SECStatus SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled) { SECStatus rv = ssl_Init(); + PRInt32 locks; if (rv != SECSuccess) { return rv; } + rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks); + if ((rv == SECSuccess) && (locks & NSS_DEFAULT_SSL_LOCK)) { + return SECSuccess; + } return ssl_CipherPrefSetDefault(which, enabled); } @@ -1535,11 +1544,17 @@ SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) { sslSocket *ss = ssl_FindSocket(fd); + PRInt32 locks; + SECStatus rv; if (!ss) { SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd)); return SECFailure; } + rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks); + if ((rv == SECSuccess) && (locks & NSS_DEFAULT_SSL_LOCK)) { + return SECSuccess; + } if (ssl_IsRemovedCipherSuite(which)) return SECSuccess; return ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled); diff --git a/lib/util/SECerrs.h b/lib/util/SECerrs.h index 206fca087..5d88f1745 100644 --- a/lib/util/SECerrs.h +++ b/lib/util/SECerrs.h @@ -549,3 +549,9 @@ ER3(SEC_ERROR_LEGACY_DATABASE, (SEC_ERROR_BASE + 177), ER3(SEC_ERROR_APPLICATION_CALLBACK_ERROR, (SEC_ERROR_BASE + 178), "The certificate was rejected by extra checks in the application.") + +ER3(SEC_ERROR_POLICY_LOCKED, (SEC_ERROR_BASE + 179), + "Could not change the policy because the policy is now locked.") + +ER3(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED, (SEC_ERROR_BASE + 180), + "Could not create or verify a signature using a signature algorithm that is disabled because it is not secure.") diff --git a/lib/util/nssutil.def b/lib/util/nssutil.def index 8c233f7d3..f43c88d9d 100644 --- a/lib/util/nssutil.def +++ b/lib/util/nssutil.def @@ -334,3 +334,10 @@ NSSUTIL_AddNSSFlagToModuleSpec; ;+ local: ;+ *; ;+}; +;+NSSUTIL_3.58 { # NSS Utilities 3.58 release +;+ global: +NSS_IsPolicyLocked; +NSS_LockPolicy; +;+ local: +;+ *; +;+}; diff --git a/lib/util/secerr.h b/lib/util/secerr.h index 4fe1d8e38..cc2aa105a 100644 --- a/lib/util/secerr.h +++ b/lib/util/secerr.h @@ -210,6 +210,9 @@ typedef enum { SEC_ERROR_APPLICATION_CALLBACK_ERROR = (SEC_ERROR_BASE + 178), + SEC_ERROR_POLICY_LOCKED = (SEC_ERROR_BASE + 179), + SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 180), + /* Add new error codes above here. */ SEC_ERROR_END_OF_LIST } SECErrorCodes; diff --git a/lib/util/secoid.c b/lib/util/secoid.c index d2bd8fd1f..b10f859fb 100644 --- a/lib/util/secoid.c +++ b/lib/util/secoid.c @@ -2244,6 +2244,8 @@ NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue) return SECSuccess; } +static PRBool nss_policy_locked = PR_FALSE; + /* The Set function modifies the stored value according to the following * algorithm: * policy[tag] = (policy[tag] & ~clearBits) | setBits; @@ -2255,6 +2257,11 @@ NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits) PRUint32 policyFlags; if (!pxo) return SECFailure; + + if (nss_policy_locked) { + PORT_SetError(SEC_ERROR_POLICY_LOCKED); + return SECFailure; + } /* The stored policy flags are the ones complement of the flags as * seen by the user. This is not atomic, but these changes should * be done rarely, e.g. at initialization time. @@ -2265,6 +2272,20 @@ NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits) return SECSuccess; } +/* Get the state of nss_policy_locked */ +PRBool +NSS_IsPolicyLocked(void) +{ + return nss_policy_locked; +} + +/* Once the policy is locked, it can't be unlocked */ +void +NSS_LockPolicy(void) +{ + nss_policy_locked = PR_TRUE; +} + /* --------- END OF opaque extended OID table accessor functions ---------*/ /* for now, this is only used in a single place, so it can remain static */ @@ -2326,6 +2347,9 @@ SECOID_Shutdown(void) dynOidEntriesAllocated = 0; dynOidEntriesUsed = 0; } + /* we are trashing the old policy state now, also reenable changing + * the policy as well */ + nss_policy_locked = PR_FALSE; memset(xOids, 0, sizeof xOids); return SECSuccess; } diff --git a/lib/util/secoid.h b/lib/util/secoid.h index e6eaa8ce9..20d4cf551 100644 --- a/lib/util/secoid.h +++ b/lib/util/secoid.h @@ -135,6 +135,15 @@ extern SECStatus NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue); extern SECStatus NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits); +/* Lock the policy so NSS_SetAlgorithmPolicy (and other policy functions) + * No longer function */ +void +NSS_LockPolicy(void); + +/* return true if policy changes are now locked out */ +PRBool +NSS_IsPolicyLocked(void); + SEC_END_PROTOS #endif /* _SECOID_H_ */ diff --git a/lib/util/secoidt.h b/lib/util/secoidt.h index 837972e2f..c73829ef8 100644 --- a/lib/util/secoidt.h +++ b/lib/util/secoidt.h @@ -538,7 +538,24 @@ struct SECOidDataStr { #define NSS_USE_ALG_IN_SSL_KX 0x00000004 /* used in SSL key exchange */ #define NSS_USE_ALG_IN_SSL 0x00000008 /* used in SSL record protocol */ #define NSS_USE_POLICY_IN_SSL 0x00000010 /* enable policy in SSL protocol */ -#define NSS_USE_ALG_RESERVED 0xfffffffc /* may be used in future */ +#define NSS_USE_ALG_IN_ANY_SIGNATURE 0x00000020 /* used in S/MIME */ +#define NSS_USE_DEFAULT_NOT_VALID 0x80000000 /* clear to make the default flag valid */ +#define NSS_USE_DEFAULT_SSL_ENABLE 0x40000000 /* default cipher suite setting 1=enable */ + +/* Combo policy bites */ +#define NSS_USE_ALG_RESERVED 0x3fffffc0 /* may be used in future */ +/* Alias of all the signature values. */ +#define NSS_USE_ALG_IN_SIGNATURE (NSS_USE_ALG_IN_CERT_SIGNATURE | \ + NSS_USE_ALG_IN_CMS_SIGNATURE | \ + NSS_USE_ALG_IN_ANY_SIGNATURE) +/* all the bits needed for a certificate signature + * and only the bits needed for a certificate signature */ +#define NSS_USE_CERT_SIGNATURE_OK (NSS_USE_ALG_IN_CERT_SIGNATURE | \ + NSS_USE_ALG_IN_ANY_SIGNATURE) +/* all the bits needed for an SMIME signature + * and only the bits needed for an SMIME signature */ +#define NSS_USE_CMS_SIGNATURE_OK (NSS_USE_ALG_IN_CMS_SIGNATURE | \ + NSS_USE_ALG_IN_ANY_SIGNATURE) /* Code MUST NOT SET or CLEAR reserved bits, and must NOT depend on them * being all zeros or having any other known value. The reserved bits |