diff options
| -rw-r--r-- | automation/abi-check/expected-report-libnssutil3.so.txt | 6 | ||||
| -rw-r--r-- | gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp | 50 | ||||
| -rw-r--r-- | gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp | 20 | ||||
| -rw-r--r-- | lib/cryptohi/keyi.h | 3 | ||||
| -rw-r--r-- | lib/cryptohi/secsign.c | 35 | ||||
| -rw-r--r-- | lib/cryptohi/secvfy.c | 120 | ||||
| -rw-r--r-- | lib/nss/nss.h | 2 | ||||
| -rw-r--r-- | lib/nss/nssoptions.c | 17 | ||||
| -rw-r--r-- | lib/pk11wrap/pk11pars.c | 205 | ||||
| -rw-r--r-- | lib/ssl/ssl3con.c | 81 | ||||
| -rw-r--r-- | lib/ssl/sslsock.c | 15 | ||||
| -rw-r--r-- | lib/util/SECerrs.h | 6 | ||||
| -rw-r--r-- | lib/util/nssutil.def | 7 | ||||
| -rw-r--r-- | lib/util/secerr.h | 3 | ||||
| -rw-r--r-- | lib/util/secoid.c | 24 | ||||
| -rw-r--r-- | lib/util/secoid.h | 9 | ||||
| -rw-r--r-- | lib/util/secoidt.h | 19 | ||||
| -rw-r--r-- | tests/policy/crypto-policy.txt | 9 | ||||
| -rwxr-xr-x[-rw-r--r--] | tests/policy/policy.sh | 25 | ||||
| -rwxr-xr-x | tests/ssl/ssl.sh | 31 | ||||
| -rw-r--r-- | tests/ssl/sslpolicy.txt | 65 |
21 files changed, 614 insertions, 138 deletions
diff --git a/automation/abi-check/expected-report-libnssutil3.so.txt b/automation/abi-check/expected-report-libnssutil3.so.txt index e69de29bb..92961214f 100644 --- a/automation/abi-check/expected-report-libnssutil3.so.txt +++ b/automation/abi-check/expected-report-libnssutil3.so.txt @@ -0,0 +1,6 @@ + +2 Added functions: + + [A] 'function PRBool NSS_IsPolicyLocked()' {NSS_IsPolicyLocked@@NSSUTIL_3.59} + [A] 'function void NSS_LockPolicy()' {NSS_LockPolicy@@NSSUTIL_3.59} + diff --git a/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp b/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp index 5719d1045..685d4127c 100644 --- a/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp +++ b/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp @@ -7,9 +7,55 @@ #include "mozpkix/pkixder.h" +#include "secoid.h" + using namespace mozilla::pkix; using namespace mozilla::pkix::test; +/* These tests generate invalid certificates on the fly, We want to test + * validation of those certificates, not the generation, so we + * need to temporarily allow disallowed signature policies before + * we do the actual certificate or ocsp signing + */ +class HashAlgorithmPolicies +{ + static const int numberOfHashes = 4; /* sigh */ + static const SECOidTag hashOids[numberOfHashes]; + + PRUint32 savedPolicy[numberOfHashes]; + +public: + void EnableHashSignaturePolicy(void); + void RestoreHashSignaturePolicy(void); +}; + +const SECOidTag HashAlgorithmPolicies::hashOids[numberOfHashes] = { + SEC_OID_MD2, + SEC_OID_MD4, + SEC_OID_MD5, + SEC_OID_SHA1 }; + +void +HashAlgorithmPolicies::EnableHashSignaturePolicy(void) +{ + for (int i=0;i < numberOfHashes; i++) { + ASSERT_EQ(SECSuccess, + NSS_GetAlgorithmPolicy(hashOids[i], &savedPolicy[i])); + ASSERT_EQ(SECSuccess, + NSS_SetAlgorithmPolicy(hashOids[i], NSS_USE_ALG_IN_SIGNATURE, 0)); + } +} + +void +HashAlgorithmPolicies::RestoreHashSignaturePolicy(void) +{ + for (int i=0;i < numberOfHashes; i++) { + ASSERT_EQ(SECSuccess, + NSS_SetAlgorithmPolicy(hashOids[i], savedPolicy[i], + NSS_USE_ALG_IN_SIGNATURE)); + } +} + static ByteString CreateCert(const char* issuerCN, const char* subjectCN, @@ -35,16 +81,20 @@ CreateCert(const char* issuerCN, } ScopedTestKeyPair reusedKey(CloneReusedKeyPair()); + HashAlgorithmPolicies policies; + policies.EnableHashSignaturePolicy(); ByteString certDER(CreateEncodedCertificate(v3, signatureAlgorithm, serialNumber, issuerDER, oneDayBeforeNow, oneDayAfterNow, subjectDER, *reusedKey, extensions, *reusedKey, signatureAlgorithm)); + policies.RestoreHashSignaturePolicy(); EXPECT_FALSE(ENCODING_FAILED(certDER)); return certDER; } + class AlgorithmTestsTrustDomain final : public DefaultCryptoTrustDomain { public: diff --git a/gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp b/gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp index 3fe4e7b5a..81bee3367 100644 --- a/gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp +++ b/gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp @@ -26,6 +26,8 @@ #include "mozpkix/pkixder.h" +#include "secoid.h" + using namespace mozilla::pkix; using namespace mozilla::pkix::test; @@ -338,6 +340,12 @@ TEST_F(pkixocsp_VerifyEncodedResponse_successful, unknown) TEST_F(pkixocsp_VerifyEncodedResponse_successful, good_unsupportedSignatureAlgorithm) { + PRUint32 policyMd5; + ASSERT_EQ(SECSuccess,NSS_GetAlgorithmPolicy(SEC_OID_MD5, &policyMd5)); + + /* our encode won't work if MD5 isn't allowed by policy */ + ASSERT_EQ(SECSuccess, + NSS_SetAlgorithmPolicy(SEC_OID_MD5, NSS_USE_ALG_IN_SIGNATURE, 0)); ByteString responseString( CreateEncodedOCSPSuccessfulResponse( OCSPResponseContext::good, *endEntityCertID, byKey, @@ -347,6 +355,9 @@ TEST_F(pkixocsp_VerifyEncodedResponse_successful, Input response; ASSERT_EQ(Success, response.Init(responseString.data(), responseString.length())); + /* now restore the existing policy */ + ASSERT_EQ(SECSuccess, + NSS_SetAlgorithmPolicy(SEC_OID_MD5, policyMd5, NSS_USE_ALG_IN_SIGNATURE)); bool expired; ASSERT_EQ(Result::ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, VerifyEncodedOCSPResponse(trustDomain, *endEntityCertID, @@ -930,14 +941,23 @@ TEST_F(pkixocsp_VerifyEncodedResponse_DelegatedResponder, // Note that the algorithm ID (md5WithRSAEncryption) identifies the signature // algorithm that will be used to sign the certificate that issues the OCSP // responses, not the responses themselves. + PRUint32 policyMd5; + ASSERT_EQ(SECSuccess,NSS_GetAlgorithmPolicy(SEC_OID_MD5, &policyMd5)); + + /* our encode won't work if MD5 isn't allowed by policy */ + ASSERT_EQ(SECSuccess, + NSS_SetAlgorithmPolicy(SEC_OID_MD5, NSS_USE_ALG_IN_SIGNATURE, 0)); ByteString responseString( CreateEncodedIndirectOCSPSuccessfulResponse( "good_indirect_unsupportedSignatureAlgorithm", OCSPResponseContext::good, byKey, md5WithRSAEncryption())); Input response; + /* now restore the existing policy */ ASSERT_EQ(Success, response.Init(responseString.data(), responseString.length())); + ASSERT_EQ(SECSuccess, + NSS_SetAlgorithmPolicy(SEC_OID_MD5, policyMd5, NSS_USE_ALG_IN_SIGNATURE)); bool expired; ASSERT_EQ(Result::ERROR_OCSP_INVALID_SIGNING_CERT, VerifyEncodedOCSPResponse(trustDomain, *endEntityCertID, Now(), diff --git a/lib/cryptohi/keyi.h b/lib/cryptohi/keyi.h index b746d3c8d..707e11ade 100644 --- a/lib/cryptohi/keyi.h +++ b/lib/cryptohi/keyi.h @@ -17,6 +17,9 @@ KeyType seckey_GetKeyType(SECOidTag pubKeyOid); SECStatus sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg); +/* just get the 'encryption' oid from the combined signature oid */ +SECOidTag sec_GetEncAlgFromSigAlg(SECOidTag sigAlg); + /* extract the RSA-PSS hash algorithms and salt length from * parameters, taking into account of the default implications. * diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c index 125dfd913..c46b2b1e4 100644 --- a/lib/cryptohi/secsign.c +++ b/lib/cryptohi/secsign.c @@ -31,6 +31,7 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key) SGNContext *cx; SECOidTag hashalg, signalg; KeyType keyType; + PRUint32 policyFlags; SECStatus rv; /* OK, map a PKCS #7 hash and encrypt algorithm into @@ -44,7 +45,7 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key) rv = sec_DecodeSigAlg(NULL, alg, params, &signalg, &hashalg); if (rv != SECSuccess) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return 0; + return NULL; } keyType = seckey_GetKeyType(signalg); @@ -53,7 +54,19 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key) !((key->keyType == dsaKey) && (keyType == fortezzaKey)) && !((key->keyType == rsaKey) && (keyType == rsaPssKey))) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return 0; + return NULL; + } + /* check the policy on the hash algorithm */ + if ((NSS_GetAlgorithmPolicy(hashalg, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + return NULL; + } + /* check the policy on the encryption algorithm */ + if ((NSS_GetAlgorithmPolicy(signalg, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + return NULL; } cx = (SGNContext *)PORT_ZAlloc(sizeof(SGNContext)); @@ -452,9 +465,27 @@ SGN_Digest(SECKEYPrivateKey *privKey, SECItem digder; PLArenaPool *arena = 0; SGNDigestInfo *di = 0; + SECOidTag enctag; + PRUint32 policyFlags; result->data = 0; + /* check the policy on the hash algorithm */ + if ((NSS_GetAlgorithmPolicy(algtag, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + return SECFailure; + } + /* check the policy on the encryption algorithm */ + enctag = sec_GetEncAlgFromSigAlg( + SEC_GetSignatureAlgorithmOidTag(privKey->keyType, algtag)); + if ((enctag == SEC_OID_UNKNOWN) || + (NSS_GetAlgorithmPolicy(enctag, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + return SECFailure; + } + if (privKey->keyType == rsaKey) { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c index fc0a0c12b..2540a544c 100644 --- a/lib/cryptohi/secvfy.c +++ b/lib/cryptohi/secvfy.c @@ -217,6 +217,56 @@ const SEC_ASN1Template hashParameterTemplate[] = }; /* + * Get just the encryption algorithm from the signature algorithm + */ +SECOidTag +sec_GetEncAlgFromSigAlg(SECOidTag sigAlg) +{ + /* get the "encryption" algorithm */ + switch (sigAlg) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: + case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: + case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: + return SEC_OID_PKCS1_RSA_ENCRYPTION; + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: + return SEC_OID_PKCS1_RSA_PSS_SIGNATURE; + + /* what about normal DSA? */ + case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: + return SEC_OID_ANSIX9_DSA_SIGNATURE; + case SEC_OID_MISSI_DSS: + case SEC_OID_MISSI_KEA_DSS: + case SEC_OID_MISSI_KEA_DSS_OLD: + case SEC_OID_MISSI_DSS_OLD: + return SEC_OID_MISSI_DSS; + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: + return SEC_OID_ANSIX962_EC_PUBLIC_KEY; + /* we don't implement MD4 hashes */ + case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: + default: + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + break; + } + return SEC_OID_UNKNOWN; +} + +/* * Pulls the hash algorithm, signing algorithm, and key type out of a * composite algorithm. * @@ -229,15 +279,16 @@ const SEC_ASN1Template hashParameterTemplate[] = */ SECStatus sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, - const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg) + const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg) { int len; PLArenaPool *arena; SECStatus rv; SECItem oid; + SECOidTag encalg; PR_ASSERT(hashalg != NULL); - PR_ASSERT(encalg != NULL); + PR_ASSERT(encalgp != NULL); switch (sigAlg) { /* We probably shouldn't be generating MD2 signatures either */ @@ -354,52 +405,13 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return SECFailure; } - /* get the "encryption" algorithm */ - switch (sigAlg) { - case SEC_OID_PKCS1_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: - case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: - case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: - *encalg = SEC_OID_PKCS1_RSA_ENCRYPTION; - break; - case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: - *encalg = SEC_OID_PKCS1_RSA_PSS_SIGNATURE; - break; - /* what about normal DSA? */ - case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: - case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: - case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST: - case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: - *encalg = SEC_OID_ANSIX9_DSA_SIGNATURE; - break; - case SEC_OID_MISSI_DSS: - case SEC_OID_MISSI_KEA_DSS: - case SEC_OID_MISSI_KEA_DSS_OLD: - case SEC_OID_MISSI_DSS_OLD: - *encalg = SEC_OID_MISSI_DSS; - break; - case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: - case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: - *encalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; - break; - /* we don't implement MD4 hashes */ - case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: - default: - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; + encalg = sec_GetEncAlgFromSigAlg(sigAlg); + if (encalg == SEC_OID_UNKNOWN) { + return SECFailure; } + *encalgp = encalg; + return SECSuccess; } @@ -423,6 +435,7 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, SECStatus rv; unsigned int sigLen; KeyType type; + PRUint32 policyFlags; /* make sure the encryption algorithm matches the key type */ /* RSA-PSS algorithm can be used with both rsaKey and rsaPssKey */ @@ -433,6 +446,13 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, return NULL; } + /* check the policy on the encryption algorithm */ + if ((NSS_GetAlgorithmPolicy(encAlg, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + return NULL; + } + cx = (VFYContext *)PORT_ZAlloc(sizeof(VFYContext)); if (cx == NULL) { goto loser; @@ -493,6 +513,14 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, /* error set by HASH_GetHashTypeByOidTag */ goto loser; } + /* check the policy on the hash algorithm. Do this after + * the rsa decode because some uses of this function get hash implicitly + * from the RSA signature itself. */ + if ((NSS_GetAlgorithmPolicy(cx->hashAlg, &policyFlags) == SECFailure) || + !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { + PORT_SetError(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); + goto loser; + } if (hash) { *hash = cx->hashAlg; diff --git a/lib/nss/nss.h b/lib/nss/nss.h index 54ca3371f..76357aa49 100644 --- a/lib/nss/nss.h +++ b/lib/nss/nss.h @@ -299,6 +299,8 @@ SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); * old NSS versions. This option might be removed in the future NSS * releases; don't rely on it. */ #define __NSS_PKCS12_DECODE_FORCE_UNICODE 0x00c +#define NSS_DEFAULT_LOCKS 0x00d /* lock default values */ +#define NSS_DEFAULT_SSL_LOCK 1 /* lock the ssl default values */ /* * Set and get global options for the NSS library. diff --git a/lib/nss/nssoptions.c b/lib/nss/nssoptions.c index 1339cede8..f7225c414 100644 --- a/lib/nss/nssoptions.c +++ b/lib/nss/nssoptions.c @@ -14,6 +14,7 @@ #include "secoid.h" #include "nss.h" #include "nssoptions.h" +#include "secerr.h" struct nssOps { PRInt32 rsaMinKeySize; @@ -24,6 +25,7 @@ struct nssOps { PRInt32 dtlsVersionMinPolicy; PRInt32 dtlsVersionMaxPolicy; PRInt32 pkcs12DecodeForceUnicode; + PRInt32 defaultLocks; }; static struct nssOps nss_ops = { @@ -34,7 +36,8 @@ static struct nssOps nss_ops = { 0xffff, /* set TLS max to more than the largest legal SSL value */ 1, 0xffff, - PR_FALSE + PR_FALSE, + 0 }; SECStatus @@ -42,6 +45,11 @@ NSS_OptionSet(PRInt32 which, PRInt32 value) { SECStatus rv = SECSuccess; + if (NSS_IsPolicyLocked()) { + PORT_SetError(SEC_ERROR_POLICY_LOCKED); + return SECFailure; + } + switch (which) { case NSS_RSA_MIN_KEY_SIZE: nss_ops.rsaMinKeySize = value; @@ -67,7 +75,11 @@ NSS_OptionSet(PRInt32 which, PRInt32 value) case __NSS_PKCS12_DECODE_FORCE_UNICODE: nss_ops.pkcs12DecodeForceUnicode = value; break; + case NSS_DEFAULT_LOCKS: + nss_ops.defaultLocks = value; + break; default: + PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; } @@ -104,6 +116,9 @@ NSS_OptionGet(PRInt32 which, PRInt32 *value) case __NSS_PKCS12_DECODE_FORCE_UNICODE: *value = nss_ops.pkcs12DecodeForceUnicode; break; + case NSS_DEFAULT_LOCKS: + *value = nss_ops.defaultLocks; + break; default: rv = SECFailure; } diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c index 0e823233d..68738b3d4 100644 --- a/lib/pk11wrap/pk11pars.c +++ b/lib/pk11wrap/pk11pars.c @@ -158,16 +158,17 @@ SECMOD_CreateModule(const char *library, const char *moduleName, * Disallow values are parsed first, then allow values, independent of the * order they appear. * - * Future key words (not yet implemented): + * flags: turn on the following flags: + * policy-lock: turn off the ability for applications to change policy with + * the call NSS_SetAlgorithmPolicy or the other system policy + * calls (SSL_SetPolicy, etc.) + * ssl-lock: turn off the ability to change the ssl defaults. + * + * The following only apply to ssl cipher suites (future smime) + * * enable: turn on ciphersuites by default. * disable: turn off ciphersuites by default without disallowing them by policy. - * flags: turn on the following flags: - * ssl-lock: turn off the ability for applications to change policy with - * the SSL_SetCipherPolicy (or SSL_SetPolicy). - * policy-lock: turn off the ability for applications to change policy with - * the call NSS_SetAlgorithmPolicy. - * ssl-default-lock: turn off the ability for applications to change cipher - * suite states with SSL_EnableCipher, SSL_DisableCipher. + * * */ @@ -323,21 +324,21 @@ static const oidValDef curveOptList[] = { static const oidValDef hashOptList[] = { /* Hashes */ { CIPHER_NAME("MD2"), SEC_OID_MD2, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("MD4"), SEC_OID_MD4, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("MD5"), SEC_OID_MD5, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("SHA1"), SEC_OID_SHA1, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("SHA224"), SEC_OID_SHA224, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("SHA256"), SEC_OID_SHA256, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("SHA384"), SEC_OID_SHA384, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("SHA512"), SEC_OID_SHA512, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE } }; static const oidValDef macOptList[] = { @@ -389,7 +390,13 @@ static const oidValDef kxOptList[] = { static const oidValDef signOptList[] = { /* Signatures */ { CIPHER_NAME("DSA"), SEC_OID_ANSIX9_DSA_SIGNATURE, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, + { CIPHER_NAME("RSA-PKCS"), SEC_OID_PKCS1_RSA_ENCRYPTION, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, + { CIPHER_NAME("RSA-PSS"), SEC_OID_PKCS1_RSA_PSS_SIGNATURE, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, + { CIPHER_NAME("ECDSA"), SEC_OID_ANSIX962_EC_PUBLIC_KEY, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, }; typedef struct { @@ -405,7 +412,7 @@ static const algListsDef algOptLists[] = { { macOptList, PR_ARRAY_SIZE(macOptList), "MAC", PR_FALSE }, { cipherOptList, PR_ARRAY_SIZE(cipherOptList), "CIPHER", PR_FALSE }, { kxOptList, PR_ARRAY_SIZE(kxOptList), "OTHER-KX", PR_FALSE }, - { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_TRUE }, + { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_FALSE }, }; static const optionFreeDef sslOptList[] = { @@ -443,10 +450,19 @@ static const policyFlagDef policyFlagList[] = { /* add other key exhanges in the future */ { CIPHER_NAME("KEY-EXCHANGE"), NSS_USE_ALG_IN_SSL_KX }, { CIPHER_NAME("CERT-SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE }, - /* add other signatures in the future */ - { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE }, - /* enable everything */ - { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + { CIPHER_NAME("CMS-SIGNATURE"), NSS_USE_ALG_IN_CMS_SIGNATURE }, + { CIPHER_NAME("ALL-SIGNATURE"), NSS_USE_ALG_IN_SIGNATURE }, + /* sign turns off all signatures, but doesn't change the + * allowance for specific sigantures... for example: + * disallow=sha256/all allow=sha256/signature doesn't allow + * cert-sigantures, where disallow=sha256/all allow=sha256/all-signature + * does. + * however, disallow=sha356/signature and disallow=sha256/all-siganture are + * equivalent in effect */ + { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_ANY_SIGNATURE }, + /* enable/disable everything */ + { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX | + NSS_USE_ALG_IN_SIGNATURE }, { CIPHER_NAME("NONE"), 0 } }; @@ -538,8 +554,82 @@ secmod_getPolicyOptValue(const char *policyValue, int policyValueLength, return SECFailure; } +/* Policy operations: + * Disallow: operation is disallowed by policy. Implies disabled. + * Allow: operation is allowed by policy (but could be disabled). + * Disable: operation is turned off by default (but could be allowed). + * Enable: operation is enabled by default. Implies allowed. + */ +typedef enum { + NSS_DISALLOW, + NSS_ALLOW, + NSS_DISABLE, + NSS_ENABLE +} NSSPolicyOperation; + +/* apply the operator specific policy */ +SECStatus +secmod_setPolicyOperation(SECOidTag oid, NSSPolicyOperation operation, + PRUint32 value) +{ + SECStatus rv = SECSuccess; + switch (operation) { + case NSS_DISALLOW: + /* clear the requested policy bits */ + rv = NSS_SetAlgorithmPolicy(oid, 0, value); + break; + case NSS_ALLOW: + /* set the requested policy bits */ + rv = NSS_SetAlgorithmPolicy(oid, value, 0); + break; + /* enable/disable only apply to SSL cipher suites (future S/MIME). + * Enable/disable is implemented by clearing the DEFAULT_NOT_VALID + * flag, then setting the NSS_USE_DEFAULT_SSL_ENABLE flag to the + * correct value. The ssl policy code will then sort out what to + * set based on ciphers and cipher suite values.*/ + case NSS_DISABLE: + if (value & (NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX)) { + /* clear not valid and enable */ + rv = NSS_SetAlgorithmPolicy(oid, 0, + NSS_USE_DEFAULT_NOT_VALID | + NSS_USE_DEFAULT_SSL_ENABLE); + } + break; + case NSS_ENABLE: + if (value & (NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX)) { + /* set enable, clear not valid. NOTE: enable implies allow! */ + rv = NSS_SetAlgorithmPolicy(oid, value | NSS_USE_DEFAULT_SSL_ENABLE, + NSS_USE_DEFAULT_NOT_VALID); + } + break; + default: + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + rv = SECFailure; + break; + } + return rv; +} + +const char * +secmod_getOperationString(NSSPolicyOperation operation) +{ + switch (operation) { + case NSS_DISALLOW: + return "disallow"; + case NSS_ALLOW: + return "allow"; + case NSS_DISABLE: + return "disable"; + case NSS_ENABLE: + return "enable"; + default: + break; + } + return "invalid"; +} + static SECStatus -secmod_applyCryptoPolicy(const char *policyString, PRBool allow, +secmod_applyCryptoPolicy(const char *policyString, NSSPolicyOperation operation, PRBool printPolicyFeedback) { const char *cipher, *currentString; @@ -573,18 +663,10 @@ secmod_applyCryptoPolicy(const char *policyString, PRBool allow, for (i = 0; i < PR_ARRAY_SIZE(algOptLists); i++) { const algListsDef *algOptList = &algOptLists[i]; for (j = 0; j < algOptList->entries; j++) { - PRUint32 enable, disable; if (!newValue) { value = algOptList->list[j].val; } - if (allow) { - enable = value; - disable = 0; - } else { - enable = 0; - disable = value; - } - NSS_SetAlgorithmPolicy(algOptList->list[j].oid, enable, disable); + secmod_setPolicyOperation(algOptList->list[j].oid, operation, value); } } continue; @@ -603,20 +685,12 @@ secmod_applyCryptoPolicy(const char *policyString, PRBool allow, if ((newOption || algOpt->name_size == length) && PORT_Strncasecmp(algOpt->name, cipher, name_size) == 0) { PRUint32 value = algOpt->val; - PRUint32 enable, disable; if (newOption) { value = secmod_parsePolicyValue(&cipher[name_size] + 1, length - name_size - 1, printPolicyFeedback); } - if (allow) { - enable = value; - disable = 0; - } else { - enable = 0; - disable = value; - } - rv = NSS_SetAlgorithmPolicy(algOpt->oid, enable, disable); + rv = secmod_setPolicyOperation(algOptList->list[j].oid, operation, value); if (rv != SECSuccess) { /* could not enable option */ /* NSS_SetAlgorithPolicy should have set the error code */ @@ -666,7 +740,7 @@ secmod_applyCryptoPolicy(const char *policyString, PRBool allow, if (unknown && printPolicyFeedback) { PR_SetEnv("NSS_POLICY_FAIL=1"); fprintf(stderr, "NSS-POLICY-FAIL %s: unknown identifier: %.*s\n", - allow ? "allow" : "disallow", length, cipher); + secmod_getOperationString(operation), length, cipher); } } return rv; @@ -709,7 +783,8 @@ secmod_sanityCheckCryptoPolicy(void) anyEnabled = PR_TRUE; fprintf(stderr, "NSS-POLICY-INFO: %s is enabled for SSL\n", algOpt->name); } - if ((algOpt->val & NSS_USE_ALG_IN_CERT_SIGNATURE) && (value & NSS_USE_ALG_IN_CERT_SIGNATURE)) { + if ((algOpt->val & NSS_USE_ALG_IN_CERT_SIGNATURE) && + ((value & NSS_USE_CERT_SIGNATURE_OK) == NSS_USE_CERT_SIGNATURE_OK)) { ++num_sig_enabled; anyEnabled = PR_TRUE; fprintf(stderr, "NSS-POLICY-INFO: %s is enabled for CERT-SIGNATURE\n", algOpt->name); @@ -740,7 +815,7 @@ secmod_sanityCheckCryptoPolicy(void) static SECStatus secmod_parseCryptoPolicy(const char *policyConfig, PRBool printPolicyFeedback) { - char *disallow, *allow; + char *args; SECStatus rv; if (policyConfig == NULL) { @@ -752,20 +827,46 @@ secmod_parseCryptoPolicy(const char *policyConfig, PRBool printPolicyFeedback) if (rv != SECSuccess) { return rv; } - disallow = NSSUTIL_ArgGetParamValue("disallow", policyConfig); - rv = secmod_applyCryptoPolicy(disallow, PR_FALSE, printPolicyFeedback); - if (disallow) - PORT_Free(disallow); + args = NSSUTIL_ArgGetParamValue("disallow", policyConfig); + rv = secmod_applyCryptoPolicy(args, NSS_DISALLOW, printPolicyFeedback); + if (args) + PORT_Free(args); + if (rv != SECSuccess) { + return rv; + } + args = NSSUTIL_ArgGetParamValue("allow", policyConfig); + rv = secmod_applyCryptoPolicy(args, NSS_ALLOW, printPolicyFeedback); + if (args) + PORT_Free(args); if (rv != SECSuccess) { return rv; } - allow = NSSUTIL_ArgGetParamValue("allow", policyConfig); - rv = secmod_applyCryptoPolicy(allow, PR_TRUE, printPolicyFeedback); - if (allow) - PORT_Free(allow); + args = NSSUTIL_ArgGetParamValue("disable", policyConfig); + rv = secmod_applyCryptoPolicy(args, NSS_DISABLE, printPolicyFeedback); + if (args) + PORT_Free(args); if (rv != SECSuccess) { return rv; } + args = NSSUTIL_ArgGetParamValue("enable", policyConfig); + rv = secmod_applyCryptoPolicy(args, NSS_ENABLE, printPolicyFeedback); + if (args) + PORT_Free(args); + if (rv != SECSuccess) { + return rv; + } + /* this has to be last. Everything after this will be a noop */ + if (NSSUTIL_ArgHasFlag("flags", "ssl-lock", policyConfig)) { + PRInt32 locks; + /* don't overwrite other (future) lock flags */ + rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks); + if (rv == SECSuccess) { + NSS_OptionSet(NSS_DEFAULT_LOCKS, locks | NSS_DEFAULT_SSL_LOCK); + } + } + if (NSSUTIL_ArgHasFlag("flags", "policy-lock", policyConfig)) { + NSS_LockPolicy(); + } if (printPolicyFeedback) { /* This helps to distinguish configurations that don't contain any * policy config= statement. */ diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 5f22872f8..767ffc30f 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -13596,6 +13596,61 @@ ssl3_DestroySSL3Info(sslSocket *ss) tls13_DestroyPskList(&ss->ssl3.hs.psks); } +/* + * parse the policy value for a single algorithm in a cipher_suite, + * return TRUE if we disallow by the cipher suite by policy + * (we don't have to parse any more algorithm policies on this cipher suite), + * otherwise return FALSE. + * 1. If we don't have the required policy, disable by default, disallow by + * policy and return TRUE (no more processing needed). + * 2. If we have the required policy, and we are disabled, return FALSE, + * (if we are disabled, we only need to parse policy, not default). + * 3. If we have the required policy, and we aren't adjusting the defaults + * return FALSE. (only parsing the policy, not default). + * 4. We have the required policy and we are adjusting the defaults. + * If we are setting default = FALSE, set isDisabled to true so that + * we don't try to re-enable the cipher suite based on a different + * algorithm. + */ +PRBool +ssl_HandlePolicy(int cipher_suite, SECOidTag policyOid, + PRUint32 requiredPolicy, PRBool *isDisabled) +{ + PRUint32 policy; + SECStatus rv; + + /* first fetch the policy for this algorithm */ + rv = NSS_GetAlgorithmPolicy(policyOid, &policy); + if (rv != SECSuccess) { + return PR_FALSE; /* no policy value, continue to the next algorithm */ + } + /* first, are we allowed by policy, if not turn off allow and disable */ + if (!(policy & requiredPolicy)) { + ssl_CipherPrefSetDefault(cipher_suite, PR_FALSE); + ssl_CipherPolicySet(cipher_suite, SSL_NOT_ALLOWED); + return PR_TRUE; + } + /* If we are already disabled, or the policy isn't setting a default + * we are done processing this algorithm */ + if (*isDisabled || (policy & NSS_USE_DEFAULT_NOT_VALID)) { + return PR_FALSE; + } + /* set the default value for the cipher suite. If we disable the cipher + * suite, remember that so we don't process the next default. This has + * the effect of disabling the whole cipher suite if any of the + * algorithms it uses are disabled by default. We still have to + * process the upper level because the cipher suite is still allowed + * by policy, and we may still have to disallow it based on other + * algorithms in the cipher suite. */ + if (policy & NSS_USE_DEFAULT_SSL_ENABLE) { + ssl_CipherPrefSetDefault(cipher_suite, PR_TRUE); + } else { + *isDisabled = PR_TRUE; + ssl_CipherPrefSetDefault(cipher_suite, PR_FALSE); + } + return PR_FALSE; +} + #define MAP_NULL(x) (((x) != 0) ? (x) : SEC_OID_NULL_CIPHER) SECStatus @@ -13614,30 +13669,30 @@ ssl3_ApplyNSSPolicy(void) for (i = 1; i < PR_ARRAY_SIZE(cipher_suite_defs); ++i) { const ssl3CipherSuiteDef *suite = &cipher_suite_defs[i]; SECOidTag policyOid; + PRBool isDisabled = PR_FALSE; + /* if we haven't explicitly disabled it below enable by policy */ + ssl_CipherPolicySet(suite->cipher_suite, SSL_ALLOWED); + + /* now check the various key exchange, ciphers and macs and + * if we ever disallow by policy, we are done, go to the next cipher + */ policyOid = MAP_NULL(kea_defs[suite->key_exchange_alg].oid); - rv = NSS_GetAlgorithmPolicy(policyOid, &policy); - if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL_KX)) { - ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE); - ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED); + if (ssl_HandlePolicy(suite->cipher_suite, policyOid, + NSS_USE_ALG_IN_SSL_KX, &isDisabled)) { continue; } policyOid = MAP_NULL(ssl_GetBulkCipherDef(suite)->oid); - rv = NSS_GetAlgorithmPolicy(policyOid, &policy); - if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) { - ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE); - ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED); + if (ssl_HandlePolicy(suite->cipher_suite, policyOid, + NSS_USE_ALG_IN_SSL, &isDisabled)) { continue; } if (ssl_GetBulkCipherDef(suite)->type != type_aead) { policyOid = MAP_NULL(ssl_GetMacDefByAlg(suite->mac_alg)->oid); - rv = NSS_GetAlgorithmPolicy(policyOid, &policy); - if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) { - ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE); - ssl_CipherPolicySet(suite->cipher_suite, - SSL_NOT_ALLOWED); + if (ssl_HandlePolicy(suite->cipher_suite, policyOid, + NSS_USE_ALG_IN_SSL, &isDisabled)) { continue; } } diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index 83372104e..695f39c50 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -1460,6 +1460,10 @@ SSL_CipherPolicySet(PRInt32 which, PRInt32 policy) if (rv != SECSuccess) { return rv; } + if (NSS_IsPolicyLocked()) { + PORT_SetError(SEC_ERROR_POLICY_LOCKED); + return SECFailure; + } return ssl_CipherPolicySet(which, policy); } @@ -1506,10 +1510,15 @@ SECStatus SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled) { SECStatus rv = ssl_Init(); + PRInt32 locks; if (rv != SECSuccess) { return rv; } + rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks); + if ((rv == SECSuccess) && (locks & NSS_DEFAULT_SSL_LOCK)) { + return SECSuccess; + } return ssl_CipherPrefSetDefault(which, enabled); } @@ -1535,11 +1544,17 @@ SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) { sslSocket *ss = ssl_FindSocket(fd); + PRInt32 locks; + SECStatus rv; if (!ss) { SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd)); return SECFailure; } + rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks); + if ((rv == SECSuccess) && (locks & NSS_DEFAULT_SSL_LOCK)) { + return SECSuccess; + } if (ssl_IsRemovedCipherSuite(which)) return SECSuccess; return ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled); diff --git a/lib/util/SECerrs.h b/lib/util/SECerrs.h index d58813e46..4fb4afe40 100644 --- a/lib/util/SECerrs.h +++ b/lib/util/SECerrs.h @@ -552,3 +552,9 @@ ER3(SEC_ERROR_APPLICATION_CALLBACK_ERROR, (SEC_ERROR_BASE + 178), ER3(SEC_ERROR_INVALID_STATE, (SEC_ERROR_BASE + 179), "The attempted operation is invalid for the current state.") + +ER3(SEC_ERROR_POLICY_LOCKED, (SEC_ERROR_BASE + 180), + "Could not change the policy because the policy is now locked.") + +ER3(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED, (SEC_ERROR_BASE + 181), + "Could not create or verify a signature using a signature algorithm that is disabled because it is not secure.") diff --git a/lib/util/nssutil.def b/lib/util/nssutil.def index 8c233f7d3..2d61f53cd 100644 --- a/lib/util/nssutil.def +++ b/lib/util/nssutil.def @@ -334,3 +334,10 @@ NSSUTIL_AddNSSFlagToModuleSpec; ;+ local: ;+ *; ;+}; +;+NSSUTIL_3.59 { # NSS Utilities 3.59 release +;+ global: +NSS_IsPolicyLocked; +NSS_LockPolicy; +;+ local: +;+ *; +;+}; diff --git a/lib/util/secerr.h b/lib/util/secerr.h index 44bb5ee4a..7b205a71e 100644 --- a/lib/util/secerr.h +++ b/lib/util/secerr.h @@ -212,6 +212,9 @@ typedef enum { SEC_ERROR_INVALID_STATE = (SEC_ERROR_BASE + 179), + SEC_ERROR_POLICY_LOCKED = (SEC_ERROR_BASE + 180), + SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 181), + /* Add new error codes above here. */ SEC_ERROR_END_OF_LIST } SECErrorCodes; diff --git a/lib/util/secoid.c b/lib/util/secoid.c index d2bd8fd1f..b10f859fb 100644 --- a/lib/util/secoid.c +++ b/lib/util/secoid.c @@ -2244,6 +2244,8 @@ NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue) return SECSuccess; } +static PRBool nss_policy_locked = PR_FALSE; + /* The Set function modifies the stored value according to the following * algorithm: * policy[tag] = (policy[tag] & ~clearBits) | setBits; @@ -2255,6 +2257,11 @@ NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits) PRUint32 policyFlags; if (!pxo) return SECFailure; + + if (nss_policy_locked) { + PORT_SetError(SEC_ERROR_POLICY_LOCKED); + return SECFailure; + } /* The stored policy flags are the ones complement of the flags as * seen by the user. This is not atomic, but these changes should * be done rarely, e.g. at initialization time. @@ -2265,6 +2272,20 @@ NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits) return SECSuccess; } +/* Get the state of nss_policy_locked */ +PRBool +NSS_IsPolicyLocked(void) +{ + return nss_policy_locked; +} + +/* Once the policy is locked, it can't be unlocked */ +void +NSS_LockPolicy(void) +{ + nss_policy_locked = PR_TRUE; +} + /* --------- END OF opaque extended OID table accessor functions ---------*/ /* for now, this is only used in a single place, so it can remain static */ @@ -2326,6 +2347,9 @@ SECOID_Shutdown(void) dynOidEntriesAllocated = 0; dynOidEntriesUsed = 0; } + /* we are trashing the old policy state now, also reenable changing + * the policy as well */ + nss_policy_locked = PR_FALSE; memset(xOids, 0, sizeof xOids); return SECSuccess; } diff --git a/lib/util/secoid.h b/lib/util/secoid.h index e6eaa8ce9..20d4cf551 100644 --- a/lib/util/secoid.h +++ b/lib/util/secoid.h @@ -135,6 +135,15 @@ extern SECStatus NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue); extern SECStatus NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits); +/* Lock the policy so NSS_SetAlgorithmPolicy (and other policy functions) + * No longer function */ +void +NSS_LockPolicy(void); + +/* return true if policy changes are now locked out */ +PRBool +NSS_IsPolicyLocked(void); + SEC_END_PROTOS #endif /* _SECOID_H_ */ diff --git a/lib/util/secoidt.h b/lib/util/secoidt.h index 837972e2f..c73829ef8 100644 --- a/lib/util/secoidt.h +++ b/lib/util/secoidt.h @@ -538,7 +538,24 @@ struct SECOidDataStr { #define NSS_USE_ALG_IN_SSL_KX 0x00000004 /* used in SSL key exchange */ #define NSS_USE_ALG_IN_SSL 0x00000008 /* used in SSL record protocol */ #define NSS_USE_POLICY_IN_SSL 0x00000010 /* enable policy in SSL protocol */ -#define NSS_USE_ALG_RESERVED 0xfffffffc /* may be used in future */ +#define NSS_USE_ALG_IN_ANY_SIGNATURE 0x00000020 /* used in S/MIME */ +#define NSS_USE_DEFAULT_NOT_VALID 0x80000000 /* clear to make the default flag valid */ +#define NSS_USE_DEFAULT_SSL_ENABLE 0x40000000 /* default cipher suite setting 1=enable */ + +/* Combo policy bites */ +#define NSS_USE_ALG_RESERVED 0x3fffffc0 /* may be used in future */ +/* Alias of all the signature values. */ +#define NSS_USE_ALG_IN_SIGNATURE (NSS_USE_ALG_IN_CERT_SIGNATURE | \ + NSS_USE_ALG_IN_CMS_SIGNATURE | \ + NSS_USE_ALG_IN_ANY_SIGNATURE) +/* all the bits needed for a certificate signature + * and only the bits needed for a certificate signature */ +#define NSS_USE_CERT_SIGNATURE_OK (NSS_USE_ALG_IN_CERT_SIGNATURE | \ + NSS_USE_ALG_IN_ANY_SIGNATURE) +/* all the bits needed for an SMIME signature + * and only the bits needed for an SMIME signature */ +#define NSS_USE_CMS_SIGNATURE_OK (NSS_USE_ALG_IN_CMS_SIGNATURE | \ + NSS_USE_ALG_IN_ANY_SIGNATURE) /* Code MUST NOT SET or CLEAR reserved bits, and must NOT depend on them * being all zeros or having any other known value. The reserved bits diff --git a/tests/policy/crypto-policy.txt b/tests/policy/crypto-policy.txt index 9a8c0cd1b..c6de8824d 100644 --- a/tests/policy/crypto-policy.txt +++ b/tests/policy/crypto-policy.txt @@ -3,14 +3,15 @@ # col 3: an extended regular expression, expected to match the output # col 4: description of the test # -0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Standard policy -0 disallow=ALL_allow=HMAC-SHA1:HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:des-ede3-cbc:rc4:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:DHE-DSS:tls-version-min=tls1.0:dtls-version-min=tls1.0:DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Legacy policy -0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Reduced policy +0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Standard policy +0 disallow=ALL_allow=HMAC-SHA1:HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:des-ede3-cbc:rc4:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:DHE-DSS:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.0:dtls-version-min=tls1.0:DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Legacy policy +0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Reduced policy 2 disallow=ALL_allow=dtls-version-min=:dtls-version-max= NSS-POLICY-FAIL Missing value 2 disallow=ALL_allow=RSA-MIN=whatever NSS-POLICY-FAIL Invalid value 2 disallow=ALL_allow=flower NSS-POLICY-FAIL Invalid identifier 1 disallow=all NSS-POLICY-WARN.*NUMBER-OF-CERT-SIG disallow all -1 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-WARN.*NUMBER-OF-HASH No Hashes +1 disallow=all/signature NSS-POLICY-WARN.*NUMBER-OF-CERT-SIG disallow all signatures +1 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-WARN.*NUMBER-OF-HASH No Hashes 1 disallow=ALL_allow=tls-version-min=0:tls-version-max=0 NSS-POLICY-WARN.*NUMBER-OF-TLS-VERSIONS All TLS versions disabled 1 disallow=ALL_allow=dtls-version-min=0:dtls-version-max=0 NSS-POLICY-WARN.*NUMBER-OF-DTLS-VERSIONS All DTLS versions disabled 1 disallow=ALL_allow=tls-version-min=tls1.2:tls-version-max=tls1.1 NSS-POLICY-WARN.*NUMBER-OF-TLS-VERSIONS Invalid range of TLS versions diff --git a/tests/policy/policy.sh b/tests/policy/policy.sh index 50aee50ef..f3d16eb64 100644..100755 --- a/tests/policy/policy.sh +++ b/tests/policy/policy.sh @@ -12,6 +12,28 @@ # ######################################################################## +policy_init() +{ + SCRIPTNAME=policy.sh # sourced - $0 would point to all.sh + + if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for + CLEANUP="${SCRIPTNAME}" # cleaning this script will do it + fi + + if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then + cd ../common + . ./init.sh + fi + SCRIPTNAME=policy.sh + +} + +policy_cleanup() +{ + cd ${QADIR} + . common/cleanup.sh +} + ignore_blank_lines() { LC_ALL=C egrep -v '^[[:space:]]*(#|$)' "$1" @@ -53,6 +75,9 @@ NSS=flags=policyOnly,moduleDB html_msg $ret 0 "\"${testname}\" output is expected to match \"${match}\"" done + html "</TABLE><BR>" } +policy_init policy_run_tests +policy_cleanup diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh index d273a29b8..d63eb673c 100755 --- a/tests/ssl/ssl.sh +++ b/tests/ssl/ssl.sh @@ -886,6 +886,7 @@ ssl_policy_listsuites() cp ${P_R_CLIENTDIR}/pkcs11.txt ${P_R_CLIENTDIR}/pkcs11.txt.sav # Disallow all explicitly + testname="listsuites with all cipher disallowed by policy" setup_policy "disallow=all" ${P_R_CLIENTDIR} RET_EXP=1 list_enabled_suites | grep '^TLS_' @@ -894,6 +895,7 @@ ssl_policy_listsuites() "produced a returncode of $RET, expected is $RET_EXP" # Disallow RSA in key exchange explicitly + testname="listsuites with rsa cipher disallowed by policy" setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_CLIENTDIR} RET_EXP=1 list_enabled_suites | grep '^TLS_RSA_' @@ -901,6 +903,34 @@ ssl_policy_listsuites() html_msg $RET $RET_EXP "${testname}" \ "produced a returncode of $RET, expected is $RET_EXP" + # allow by policy, but disable by default + testname="listsuites with all ciphers enabled by policy but disabled by default" + setup_policy "allow=all disable=all" ${P_R_CLIENTDIR} + RET_EXP=1 + list_enabled_suites | grep '^TLS_' + RET=$? + html_msg $RET $RET_EXP "${testname}" \ + "produced a returncode of $RET, expected is $RET_EXP" + + # allow by policy, but disable by default just rsa-kea + testname="listsuites with all ciphers enabled by policy but rsa disabled by default" + setup_policy "allow=all disable=rsa/ssl-key-exchange" ${P_R_CLIENTDIR} + RET_EXP=1 + list_enabled_suites | grep '^TLS_RSA_' + RET=$? + html_msg $RET $RET_EXP "${testname}" \ + "produced a returncode of $RET, expected is $RET_EXP" + + # list_enabled_suites tries to set a policy value explicitly, This will + # cause list_enabled_suites to fail if we lock the policy + testname="listsuites with policy locked" + setup_policy "allow=all flags=policy-lock" ${P_R_CLIENTDIR} + RET_EXP=1 + SSL_DIR="${P_R_CLIENTDIR}" ${BINDIR}/listsuites + RET=$? + html_msg $RET $RET_EXP "${testname}" \ + "produced a returncode of $RET, expected is $RET_EXP" + cp ${P_R_CLIENTDIR}/pkcs11.txt.sav ${P_R_CLIENTDIR}/pkcs11.txt html "</TABLE><BR>" @@ -925,6 +955,7 @@ ssl_policy_selfserv() cp ${P_R_SERVERDIR}/pkcs11.txt ${P_R_SERVERDIR}/pkcs11.txt.sav # Disallow RSA in key exchange explicitly + testname="Disallow RSA key exchange explicitly" setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_SERVERDIR} SAVE_SERVER_OPTIONS=${SERVER_OPTIONS} diff --git a/tests/ssl/sslpolicy.txt b/tests/ssl/sslpolicy.txt index 844fd0e8f..f5e547185 100644 --- a/tests/ssl/sslpolicy.txt +++ b/tests/ssl/sslpolicy.txt @@ -7,8 +7,14 @@ # The policy string is set to the config= line in the pkcs11.txt # it currently has 2 keywords: # -# disallow= turn off the use of this algorithm by policy. +# disallow= turn off the use of this algorithm by policy. (implies disable) # allow= allow this algorithm to by used if selected by policy. +# disable= turn off the use of this algorithm even if allowed by policy +# (application can override) +# enable= turn off this algorithm by default (implies allow) +# flags= policy-lock: can't change policy with NSS_SetAlgorithmPolicy, +# NSS_SetOption, or SSL_SetCipherPolicy +# ssl-lock: can't change the cipher suite settings with the application. # # The syntax is disallow=algorithm{/uses}:algorithm{/uses} # where {} signifies an optional element @@ -76,6 +82,9 @@ # SECT571R1 # Signatures: # DSA +# RSA-PKCS +# RSA-PSS +# ECDSA # Hashes: # MD2 # MD4 @@ -137,7 +146,8 @@ # ssl-key-exchange # key-exchange (includes ssl-key-exchange) # cert-signature -# signature (includes cert-signature) +# all-signature (includes cert-signature) +# signature (all signatures off, some signature allowed based on other option) # all (includes all of the above) #----------------------------------------------- # In addition there are the following options: @@ -147,31 +157,48 @@ # they have the following syntax: # allow=min-rsa=512:min-dh=1024 # +# in the following tests, we use the cipher suite 'd': +# d SSL3 RSA WITH 3DES EDE CBC SHA (=:000a). +# NOTE: the certificates used in validation are rsa-pkcs1/sha256 signed. +# # Exp Enable Enable Cipher Config Policy Test Name # Ret EC TLS # turn on single cipher - 0 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy - 0 noECC SSL3 d disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/cert-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy - 0 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly - 1 noECC SSL3 d disallow=all Disallow All Explicitly. + 0 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy + 0 noECC SSL3 d disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/all-signature:rsa-pkcs/all-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy + 0 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:dsa/all:rsa-pss/all:ecdsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly + 1 noECC SSL3 d disallow=all Disallow All Explicitly # turn off signature only - 1 noECC SSL3 d disallow=sha256 Disallow SHA256 Signatures Explicitly. - 1 noECC SSL3 d disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow. - 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly. + 1 noECC SSL3 d disallow=all/signature Disallow all signatures with Explicitly + 1 noECC SSL3 d disallow=sha256 Disallow SHA256 Explicitly + 1 noECC SSL3 d disallow=sha256/cert-signature Disallow SHA256 Certificate signature Explicitly + 1 noECC SSL3 d disallow=sha256/signature Disallow All SHA256 signatures Explicitly + 1 noECC SSL3 d disallow=sha256/all-signature Disallow Any SHA256 signature Explicitly + 1 noECC SSL3 d disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow + 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:dsa/all:ecdsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly # turn off single cipher 1 noECC SSL3 d disallow=des-ede3-cbc Disallow Cipher Explicitly - 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow. - 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly. + 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow + 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly # turn off H-Mac 1 noECC SSL3 d disallow=hmac-sha1 Disallow HMAC Explicitly - 1 noECC SSL3 d disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow. - 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly. + 1 noECC SSL3 d disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow + 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly # turn off key exchange - 1 noECC SSL3 d disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly. - 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow. - 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchnage Signatures Implicitly. + 1 noECC SSL3 d disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly + 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow + 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchange Signatures Implicitly # turn off version 1 noECC SSL3 d allow=tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Exlicitly - 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow. - 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly. - 0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly. + 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow + 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly + 0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly + 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly +# test default settings +# NOTE: tstclient will attempt to overide the defaults, so we detect we +# were successful by locking in our settings + 0 noECC SSL3 d allow=all_disable=all Disable all by default, application override + 1 noECC SSL3 d allow=all_disable=all_flags=ssl-lock,policy-lock Disable all by default, prevent application from enabling + 0 noECC SSL3 d allow=all_disable=all_flags=policy-lock Disable all by default, lock policy (application can still change the ciphers) +# explicitly enable :002f RSA_AES_128_CBC_SHA1 and lock it in + 0 noECC SSL3 d allow=all_disable=all_enable=hmac-sha1:sha256:rsa-pkcs:rsa:aes128-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0_flags=ssl-lock Lock in a different ciphersuite that the one the application asks for |