From fd8d15350f7560f35085b4b945eb3e34a0dfa708 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Thu, 2 Mar 2023 14:38:29 -0800 Subject: Backed out changeset 761e7d215e0a for causing gtest failures --- cmd/crmftest/testcrmf.c | 2 +- gtests/ssl_gtest/tls_subcerts_unittest.cc | 26 +------- lib/cryptohi/keyhi.h | 5 -- lib/cryptohi/keyi.h | 4 -- lib/cryptohi/seckey.c | 99 ------------------------------- lib/cryptohi/secsign.c | 23 ------- lib/cryptohi/secvfy.c | 13 +--- lib/freebl/blapit.h | 2 +- lib/nss/nss.h | 22 ------- lib/nss/nssoptions.c | 28 +-------- lib/nss/nssoptions.h | 2 - lib/pk11wrap/pk11kea.c | 7 ++- lib/pk11wrap/pk11pars.c | 34 +---------- lib/softoken/fips_algorithms.h | 13 +--- lib/ssl/ssl3con.c | 39 ++++-------- tests/policy/crypto-policy.txt | 2 - tests/ssl/sslpolicy.txt | 4 -- 17 files changed, 22 insertions(+), 303 deletions(-) diff --git a/cmd/crmftest/testcrmf.c b/cmd/crmftest/testcrmf.c index 1982b9d48..3fe5725bf 100644 --- a/cmd/crmftest/testcrmf.c +++ b/cmd/crmftest/testcrmf.c @@ -85,7 +85,7 @@ #include "sechash.h" #endif -#define MAX_KEY_LEN 1024 +#define MAX_KEY_LEN 512 #define PATH_LEN 150 #define BUFF_SIZE 150 #define UID_BITS 800 diff --git a/gtests/ssl_gtest/tls_subcerts_unittest.cc b/gtests/ssl_gtest/tls_subcerts_unittest.cc index a1f7cac0a..77bb41a0b 100644 --- a/gtests/ssl_gtest/tls_subcerts_unittest.cc +++ b/gtests/ssl_gtest/tls_subcerts_unittest.cc @@ -9,8 +9,6 @@ #include "prtime.h" #include "secerr.h" #include "ssl.h" -#include "nss.h" -#include "blapit.h" #include "gtest_utils.h" #include "tls_agent.h" @@ -350,14 +348,9 @@ static void GenerateWeakRsaKey(ScopedSECKEYPrivateKey& priv, ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); ASSERT_TRUE(slot); PK11RSAGenParams rsaparams; -// The absolute minimum size of RSA key that we can use with SHA-256 is -// 256bit (hash) + 256bit (salt) + 8 (start byte) + 8 (end byte) = 528. -#define RSA_WEAK_KEY 528 -#if RSA_MIN_MODULUS_BITS < RSA_WEAK_KEY + // The absolute minimum size of RSA key that we can use with SHA-256 is + // 256bit (hash) + 256bit (salt) + 8 (start byte) + 8 (end byte) = 528. rsaparams.keySizeInBits = 528; -#else - rsaparams.keySizeInBits = RSA_MIN_MODULUS_BITS + 1; -#endif rsaparams.pe = 65537; // Bug 1012786: PK11_GenerateKeyPair can fail if there is insufficient @@ -397,18 +390,6 @@ TEST_P(TlsConnectTls13, DCWeakKey) { ssl_sig_rsa_pss_pss_sha256}; client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); -#if RSA_MIN_MODULUS_BITS > RSA_WEAK_KEY - // save the MIN POLICY length. - PRInt32 minRsa; - - ASSERT_EQ(SECSuccess, NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minRsa)); -#if RSA_MIN_MODULUS_BITS >= 2048 - ASSERT_EQ(SECSuccess, - NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, RSA_MIN_MODULUS_BITS + 1024)); -#else - ASSERT_EQ(SECSuccess, NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 2048)); -#endif -#endif ScopedSECKEYPrivateKey dc_priv; ScopedSECKEYPublicKey dc_pub; @@ -431,9 +412,6 @@ TEST_P(TlsConnectTls13, DCWeakKey) { auto cfilter = MakeTlsFilter( client_, ssl_delegated_credentials_xtn); ConnectExpectAlert(client_, kTlsAlertInsufficientSecurity); -#if RSA_MIN_MODULUS_BITS > RSA_WEAK_KEY - ASSERT_EQ(SECSuccess, NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, minRsa)); -#endif } class ReplaceDCSigScheme : public TlsHandshakeFilter { diff --git a/lib/cryptohi/keyhi.h b/lib/cryptohi/keyhi.h index 173dbda90..180990049 100644 --- a/lib/cryptohi/keyhi.h +++ b/lib/cryptohi/keyhi.h @@ -52,11 +52,6 @@ extern unsigned SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk); */ extern unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk); -/* -** Return the strength of the private key in bits -*/ -extern unsigned SECKEY_PrivateKeyStrengthInBits(const SECKEYPrivateKey *privk); - /* ** Return the length of the signature in bytes */ diff --git a/lib/cryptohi/keyi.h b/lib/cryptohi/keyi.h index 5683afbeb..707e11ade 100644 --- a/lib/cryptohi/keyi.h +++ b/lib/cryptohi/keyi.h @@ -4,7 +4,6 @@ #ifndef _KEYI_H_ #define _KEYI_H_ -#include "secerr.h" SEC_BEGIN_PROTOS /* NSS private functions */ @@ -37,9 +36,6 @@ SECStatus sec_DecodeRSAPSSParamsToMechanism(PLArenaPool *arena, const SECItem *params, CK_RSA_PKCS_PSS_PARAMS *mech); -/* make sure the key length matches the policy for keyType */ -SECStatus seckey_EnforceKeySize(KeyType keyType, unsigned keyLength, - SECErrorCodes error); SEC_END_PROTOS #endif /* _KEYHI_H_ */ diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c index 656609e0d..fb353fa14 100644 --- a/lib/cryptohi/seckey.c +++ b/lib/cryptohi/seckey.c @@ -14,7 +14,6 @@ #include "secdig.h" #include "prtime.h" #include "keyi.h" -#include "nss.h" SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) SEC_ASN1_MKSUB(SEC_IntegerTemplate) @@ -1041,59 +1040,6 @@ SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk) return bitSize; } -unsigned -SECKEY_PrivateKeyStrengthInBits(const SECKEYPrivateKey *privk) -{ - unsigned bitSize = 0; - SECItem params = { siBuffer, NULL, 0 }; - SECStatus rv; - - if (!privk) { - PORT_SetError(SEC_ERROR_INVALID_KEY); - return 0; - } - - /* interpret modulus length as key strength */ - switch (privk->keyType) { - case rsaKey: - case rsaPssKey: - case rsaOaepKey: - /* some tokens don't export CKA_MODULUS on the private key, - * PK11_SignatureLen works around this if necessary */ - bitSize = PK11_SignatureLen((SECKEYPrivateKey *)privk) * PR_BITS_PER_BYTE; - if (bitSize == -1) { - bitSize = 0; - } - return bitSize; - case dsaKey: - case fortezzaKey: - case dhKey: - case keaKey: - rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, - CKA_PRIME, NULL, ¶ms); - if ((rv != SECSuccess) || (params.data == NULL)) { - PORT_SetError(SEC_ERROR_INVALID_KEY); - return 0; - } - bitSize = SECKEY_BigIntegerBitLength(¶ms); - PORT_Free(params.data); - return bitSize; - case ecKey: - rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, - CKA_EC_PARAMS, NULL, ¶ms); - if ((rv != SECSuccess) || (params.data == NULL)) { - return 0; - } - bitSize = SECKEY_ECParamsToKeySize(¶ms); - PORT_Free(params.data); - return bitSize; - default: - break; - } - PORT_SetError(SEC_ERROR_INVALID_KEY); - return 0; -} - /* returns signature length in bytes (not bits) */ unsigned SECKEY_SignatureLen(const SECKEYPublicKey *pubk) @@ -1267,51 +1213,6 @@ SECKEY_CopyPublicKey(const SECKEYPublicKey *pubk) return NULL; } -/* - * Check that a given key meets the policy limits for the given key - * size. - */ -SECStatus -seckey_EnforceKeySize(KeyType keyType, unsigned keyLength, SECErrorCodes error) -{ - PRInt32 opt = -1; - PRInt32 optVal; - SECStatus rv; - - switch (keyType) { - case rsaKey: - case rsaPssKey: - case rsaOaepKey: - opt = NSS_RSA_MIN_KEY_SIZE; - break; - case dsaKey: - case fortezzaKey: - opt = NSS_DSA_MIN_KEY_SIZE; - break; - case dhKey: - case keaKey: - opt = NSS_DH_MIN_KEY_SIZE; - break; - case ecKey: - opt = NSS_ECC_MIN_KEY_SIZE; - break; - case nullKey: - default: - PORT_SetError(SEC_ERROR_INVALID_KEY); - return SECFailure; - } - PORT_Assert(opt != -1); - rv = NSS_OptionGet(opt, &optVal); - if (rv != SECSuccess) { - return rv; - } - if (optVal > keyLength) { - PORT_SetError(error); - return SECFailure; - } - return SECSuccess; -} - /* * Use the private key to find a public key handle. The handle will be on * the same slot as the private key. diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c index 8779904d3..13a6d6c5e 100644 --- a/lib/cryptohi/secsign.c +++ b/lib/cryptohi/secsign.c @@ -15,7 +15,6 @@ #include "pk11func.h" #include "secerr.h" #include "keyi.h" -#include "nss.h" struct SGNContextStr { SECOidTag signalg; @@ -33,7 +32,6 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key) SECOidTag hashalg, signalg; KeyType keyType; PRUint32 policyFlags; - PRInt32 optFlags; SECStatus rv; /* OK, map a PKCS #7 hash and encrypt algorithm into @@ -58,16 +56,6 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key) PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return NULL; } - if (NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optFlags) != SECFailure) { - if (optFlags & NSS_KEY_SIZE_POLICY_SIGN_FLAG) { - rv = seckey_EnforceKeySize(key->keyType, - SECKEY_PrivateKeyStrengthInBits(key), - SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); - if (rv != SECSuccess) { - return NULL; - } - } - } /* check the policy on the hash algorithm */ if ((NSS_GetAlgorithmPolicy(hashalg, &policyFlags) == SECFailure) || !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { @@ -477,20 +465,9 @@ SGN_Digest(SECKEYPrivateKey *privKey, SGNDigestInfo *di = 0; SECOidTag enctag; PRUint32 policyFlags; - PRInt32 optFlags; result->data = 0; - if (NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optFlags) != SECFailure) { - if (optFlags & NSS_KEY_SIZE_POLICY_SIGN_FLAG) { - rv = seckey_EnforceKeySize(privKey->keyType, - SECKEY_PrivateKeyStrengthInBits(privKey), - SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); - if (rv != SECSuccess) { - return SECFailure; - } - } - } /* check the policy on the hash algorithm */ if ((NSS_GetAlgorithmPolicy(algtag, &policyFlags) == SECFailure) || !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c index 8c9dc2d87..f6f5d72b8 100644 --- a/lib/cryptohi/secvfy.c +++ b/lib/cryptohi/secvfy.c @@ -16,7 +16,6 @@ #include "secdig.h" #include "secerr.h" #include "keyi.h" -#include "nss.h" /* ** Recover the DigestInfo from an RSA PKCS#1 signature. @@ -467,7 +466,6 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, unsigned int sigLen; KeyType type; PRUint32 policyFlags; - PRInt32 optFlags; /* make sure the encryption algorithm matches the key type */ /* RSA-PSS algorithm can be used with both rsaKey and rsaPssKey */ @@ -477,16 +475,7 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, PORT_SetError(SEC_ERROR_PKCS7_KEYALG_MISMATCH); return NULL; } - if (NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optFlags) != SECFailure) { - if (optFlags & NSS_KEY_SIZE_POLICY_VERIFY_FLAG) { - rv = seckey_EnforceKeySize(key->keyType, - SECKEY_PublicKeyStrengthInBits(key), - SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); - if (rv != SECSuccess) { - return NULL; - } - } - } + /* check the policy on the encryption algorithm */ if ((NSS_GetAlgorithmPolicy(encAlg, &policyFlags) == SECFailure) || !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h index d3d935ebe..0054e17b8 100644 --- a/lib/freebl/blapit.h +++ b/lib/freebl/blapit.h @@ -135,7 +135,7 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated)); * These values come from the initial key size limits from the PKCS #11 * module. They may be arbitrarily adjusted to any value freebl supports. */ -#define RSA_MIN_MODULUS_BITS 1023 /* 128 */ +#define RSA_MIN_MODULUS_BITS 128 #define RSA_MAX_MODULUS_BITS 16384 #define RSA_MAX_EXPONENT_BITS 64 #define DH_MIN_P_BITS 128 diff --git a/lib/nss/nss.h b/lib/nss/nss.h index b3ef5057c..081422e91 100644 --- a/lib/nss/nss.h +++ b/lib/nss/nss.h @@ -302,28 +302,6 @@ SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); #define NSS_DEFAULT_LOCKS 0x00d /* lock default values */ #define NSS_DEFAULT_SSL_LOCK 1 /* lock the ssl default values */ -/* NSS_KEY_SIZE_POLICY controls what kinds of operations are subject to - * the NSS_XXX_MIN_KEY_SIZE values. - * NSS_KEY_SIZE_POLICY_FLAGS sets and clears all the flags to the input - * value - * On get it returns all the flags - * NSS_KEY_SIZE_POLICY_SET_FLAGS sets only the flags=1 in theinput value and - * does not affect the other flags - * On get it returns all the flags - * NSS_KEY_SIZE_POLICY_CLEAR_FLAGS clears only the flags=1 in the input - * value and does not affect the other flags - * On get it returns all the compliment of all the flags - * (cleared flags == 1) */ -#define NSS_KEY_SIZE_POLICY_FLAGS 0x00e -#define NSS_KEY_SIZE_POLICY_SET_FLAGS 0x00f -#define NSS_KEY_SIZE_POLICY_CLEAR_FLAGS 0x010 -/* currently defined flags */ -#define NSS_KEY_SIZE_POLICY_SSL_FLAG 1 -#define NSS_KEY_SIZE_POLICY_VERIFY_FLAG 2 -#define NSS_KEY_SIZE_POLICY_SIGN_FLAG 4 - -#define NSS_ECC_MIN_KEY_SIZE 0x011 - /* * Set and get global options for the NSS library. */ diff --git a/lib/nss/nssoptions.c b/lib/nss/nssoptions.c index cc637ffda..f7225c414 100644 --- a/lib/nss/nssoptions.c +++ b/lib/nss/nssoptions.c @@ -26,8 +26,6 @@ struct nssOps { PRInt32 dtlsVersionMaxPolicy; PRInt32 pkcs12DecodeForceUnicode; PRInt32 defaultLocks; - PRInt32 keySizePolicyFlags; - PRInt32 eccMinKeySize; }; static struct nssOps nss_ops = { @@ -39,9 +37,7 @@ static struct nssOps nss_ops = { 1, 0xffff, PR_FALSE, - 0, - NSS_KEY_SIZE_POLICY_SSL_FLAG, - SSL_ECC_MIN_CURVE_BITS + 0 }; SECStatus @@ -82,18 +78,6 @@ NSS_OptionSet(PRInt32 which, PRInt32 value) case NSS_DEFAULT_LOCKS: nss_ops.defaultLocks = value; break; - case NSS_KEY_SIZE_POLICY_FLAGS: - nss_ops.keySizePolicyFlags = value; - break; - case NSS_KEY_SIZE_POLICY_SET_FLAGS: - nss_ops.keySizePolicyFlags |= value; - break; - case NSS_KEY_SIZE_POLICY_CLEAR_FLAGS: - nss_ops.keySizePolicyFlags &= ~value; - break; - case NSS_ECC_MIN_KEY_SIZE: - nss_ops.eccMinKeySize = value; - break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; @@ -135,16 +119,6 @@ NSS_OptionGet(PRInt32 which, PRInt32 *value) case NSS_DEFAULT_LOCKS: *value = nss_ops.defaultLocks; break; - case NSS_KEY_SIZE_POLICY_FLAGS: - case NSS_KEY_SIZE_POLICY_SET_FLAGS: - *value = nss_ops.keySizePolicyFlags; - break; - case NSS_KEY_SIZE_POLICY_CLEAR_FLAGS: - *value = ~nss_ops.keySizePolicyFlags; - break; - case NSS_ECC_MIN_KEY_SIZE: - *value = nss_ops.eccMinKeySize; - break; default: rv = SECFailure; } diff --git a/lib/nss/nssoptions.h b/lib/nss/nssoptions.h index 3f19c61ed..024c1e92f 100644 --- a/lib/nss/nssoptions.h +++ b/lib/nss/nssoptions.h @@ -18,5 +18,3 @@ * happens because NSS used to count bit lengths incorrectly. */ #define SSL_DH_MIN_P_BITS 1023 #define SSL_DSA_MIN_P_BITS 1023 -/* not really used by SSL, but define it here for consistency */ -#define SSL_ECC_MIN_CURVE_BITS 255 diff --git a/lib/pk11wrap/pk11kea.c b/lib/pk11wrap/pk11kea.c index 805e48651..249a301ad 100644 --- a/lib/pk11wrap/pk11kea.c +++ b/lib/pk11wrap/pk11kea.c @@ -78,14 +78,15 @@ pk11_KeyExchange(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, if (privKeyHandle == CK_INVALID_HANDLE) { PK11RSAGenParams rsaParams; - if (symKeyLength > 120) /* bytes */ { - /* we'd have to generate an RSA key pair > 1024 bits long, + if (symKeyLength > 53) /* bytes */ { + /* we'd have to generate an RSA key pair > 512 bits long, ** and that's too costly. Don't even try. */ PORT_SetError(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY); goto rsa_failed; } - rsaParams.keySizeInBits = 1024; + rsaParams.keySizeInBits = + (symKeyLength > 21 || symKeyLength == 0) ? 512 : 256; rsaParams.pe = 0x10001; privKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams, &pubKey, PR_FALSE, PR_TRUE, symKey->cx); diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c index 0243a930b..2c72bf06f 100644 --- a/lib/pk11wrap/pk11pars.c +++ b/lib/pk11wrap/pk11pars.c @@ -434,21 +434,12 @@ static const optionFreeDef sslOptList[] = { { CIPHER_NAME("DTLS1.3"), 0x304 }, }; -static const optionFreeDef keySizeFlagsList[] = { - { CIPHER_NAME("KEY-SIZE-SSL"), NSS_KEY_SIZE_POLICY_SSL_FLAG }, - { CIPHER_NAME("KEY-SIZE-SIGN"), NSS_KEY_SIZE_POLICY_SIGN_FLAG }, - { CIPHER_NAME("KEY-SIZE-VERIFY"), NSS_KEY_SIZE_POLICY_VERIFY_FLAG }, -}; - static const optionFreeDef freeOptList[] = { /* Restrictions for asymetric keys */ { CIPHER_NAME("RSA-MIN"), NSS_RSA_MIN_KEY_SIZE }, { CIPHER_NAME("DH-MIN"), NSS_DH_MIN_KEY_SIZE }, { CIPHER_NAME("DSA-MIN"), NSS_DSA_MIN_KEY_SIZE }, - { CIPHER_NAME("ECC-MIN"), NSS_ECC_MIN_KEY_SIZE }, - /* what operations doe the key size apply to */ - { CIPHER_NAME("KEY-SIZE-FLAGS"), NSS_KEY_SIZE_POLICY_FLAGS }, /* constraints on SSL Protocols */ { CIPHER_NAME("TLS-VERSION-MIN"), NSS_TLS_VERSION_MIN_POLICY }, { CIPHER_NAME("TLS-VERSION-MAX"), NSS_TLS_VERSION_MAX_POLICY }, @@ -557,7 +548,6 @@ secmod_getPolicyOptValue(const char *policyValue, int policyValueLength, *result = val; return SECSuccess; } - /* handle any ssl strings */ for (i = 0; i < PR_ARRAY_SIZE(sslOptList); i++) { if (policyValueLength == sslOptList[i].name_size && PORT_Strncasecmp(sslOptList[i].name, policyValue, @@ -566,29 +556,7 @@ secmod_getPolicyOptValue(const char *policyValue, int policyValueLength, return SECSuccess; } } - /* handle key_size flags. Each flag represents a bit, which - * gets or'd together. They can be separated by , | or + */ - val = 0; - while (*policyValue) { - PRBool found = PR_FALSE; - for (i = 0; i < PR_ARRAY_SIZE(keySizeFlagsList); i++) { - if (PORT_Strncasecmp(keySizeFlagsList[i].name, policyValue, - keySizeFlagsList[i].name_size) == 0) { - val |= keySizeFlagsList[i].option; - found = PR_TRUE; - policyValue += keySizeFlagsList[i].name_size; - break; - } - } - if (!found) { - return SECFailure; - } - if (*policyValue == ',' || *policyValue == '|' || *policyValue == '+') { - policyValue++; - } - } - *result = val; - return SECSuccess; + return SECFailure; } /* Policy operations: diff --git a/lib/softoken/fips_algorithms.h b/lib/softoken/fips_algorithms.h index 9084c8341..244b4b87a 100644 --- a/lib/softoken/fips_algorithms.h +++ b/lib/softoken/fips_algorithms.h @@ -54,9 +54,7 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] = { /* mechanisms using the same key types share the same key type * limits */ #define RSA_FB_KEY 2048, 4096 /* min, max */ -#define RSA_FB_STEP 1 -#define RSA_LEGACY_FB_KEY 1024, 1792 /* min, max */ -#define RSA_LEGACY_FB_STEP 256 +#define RSA_FB_STEP 1024 #define DSA_FB_KEY 2048, 4096 /* min, max */ #define DSA_FB_STEP 1024 #define DH_FB_KEY 2048, 4096 /* min, max */ @@ -68,7 +66,6 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] = { { CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone }, { CKM_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, { CKM_RSA_PKCS_OAEP, { RSA_FB_KEY, CKF_ENC }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, /* -------------- RSA Multipart Signing Operations -------------------- */ { CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, { CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, @@ -78,14 +75,6 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] = { { CKM_SHA256_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, { CKM_SHA384_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, { CKM_SHA512_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_SHA224_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, - { CKM_SHA256_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, - { CKM_SHA384_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, - { CKM_SHA512_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, - { CKM_SHA224_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, - { CKM_SHA256_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, - { CKM_SHA384_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, - { CKM_SHA512_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, /* ------------------------- DSA Operations --------------------------- */ { CKM_DSA_KEY_PAIR_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone }, { CKM_DSA, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone }, diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index a2618e00c..867c13ee7 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -7450,8 +7450,7 @@ ssl_HandleDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length) SECItem dh_Ys = { siBuffer, NULL, 0 }; unsigned dh_p_bits; unsigned dh_g_bits; - PRInt32 minDH = 0; - PRInt32 optval; + PRInt32 minDH; SSL3Hashes hashes; SECItem signature = { siBuffer, NULL, 0 }; @@ -7462,12 +7461,9 @@ ssl_HandleDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed. */ } - rv = NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optval); - if ((rv == SECSuccess) && (optval & NSS_KEY_SIZE_POLICY_SSL_FLAG)) { - (void)NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH); - } - if (minDH <= 0) { + rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH); + if (rv != SECSuccess || minDH <= 0) { minDH = SSL_DH_MIN_P_BITS; } dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p); @@ -11539,22 +11535,15 @@ SECStatus ssl_SetAuthKeyBits(sslSocket *ss, const SECKEYPublicKey *pubKey) { SECStatus rv; - PRUint32 minKey = 0; + PRUint32 minKey; PRInt32 optval; - PRBool usePolicyLength = PR_TRUE; - - rv = NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optval); - if (rv == SECSuccess) { - usePolicyLength = (PRBool)((optval & NSS_KEY_SIZE_POLICY_SSL_FLAG) == NSS_KEY_SIZE_POLICY_SSL_FLAG); - } ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey); switch (SECKEY_GetPublicKeyType(pubKey)) { case rsaKey: case rsaPssKey: case rsaOaepKey: - rv = usePolicyLength ? NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &optval) - : SECFailure; + rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &optval); if (rv == SECSuccess && optval > 0) { minKey = (PRUint32)optval; } else { @@ -11563,8 +11552,7 @@ ssl_SetAuthKeyBits(sslSocket *ss, const SECKEYPublicKey *pubKey) break; case dsaKey: - rv = usePolicyLength ? NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &optval) - : SECFailure; + rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &optval); if (rv == SECSuccess && optval > 0) { minKey = (PRUint32)optval; } else { @@ -11573,8 +11561,7 @@ ssl_SetAuthKeyBits(sslSocket *ss, const SECKEYPublicKey *pubKey) break; case dhKey: - rv = usePolicyLength ? NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &optval) - : SECFailure; + rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &optval); if (rv == SECSuccess && optval > 0) { minKey = (PRUint32)optval; } else { @@ -11583,15 +11570,9 @@ ssl_SetAuthKeyBits(sslSocket *ss, const SECKEYPublicKey *pubKey) break; case ecKey: - rv = usePolicyLength ? NSS_OptionGet(NSS_ECC_MIN_KEY_SIZE, &optval) - : SECFailure; - if (rv == SECSuccess && optval > 0) { - minKey = (PRUint32)optval; - } else { - /* Don't check EC strength here on the understanding that we - * only support curves we like. */ - minKey = ss->sec.authKeyBits; - } + /* Don't check EC strength here on the understanding that we only + * support curves we like. */ + minKey = ss->sec.authKeyBits; break; default: diff --git a/tests/policy/crypto-policy.txt b/tests/policy/crypto-policy.txt index 03515ffcd..c6de8824d 100644 --- a/tests/policy/crypto-policy.txt +++ b/tests/policy/crypto-policy.txt @@ -6,8 +6,6 @@ 0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Standard policy 0 disallow=ALL_allow=HMAC-SHA1:HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:des-ede3-cbc:rc4:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:DHE-DSS:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.0:dtls-version-min=tls1.0:DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Legacy policy 0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Reduced policy -0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072:KEY-SIZE-FLAGS=KEY-SIZE-SSL,KEY-SIZE-SIGN,KEY-SIZE-VERIFY NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Valid key size -2 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072:KEY-SIZE-FLAGS=UNKNOWN,KEY-SIZE-SIGN,KEY-SIZE-VERIFY NSS-POLICY-FAIL.*unknown.* Invalid key size 2 disallow=ALL_allow=dtls-version-min=:dtls-version-max= NSS-POLICY-FAIL Missing value 2 disallow=ALL_allow=RSA-MIN=whatever NSS-POLICY-FAIL Invalid value 2 disallow=ALL_allow=flower NSS-POLICY-FAIL Invalid identifier diff --git a/tests/ssl/sslpolicy.txt b/tests/ssl/sslpolicy.txt index 558b9f55d..f5e547185 100644 --- a/tests/ssl/sslpolicy.txt +++ b/tests/ssl/sslpolicy.txt @@ -194,10 +194,6 @@ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly 0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly - 1 noECC SSL3 d allow=rsa-min=16384:key-size-flags=key-size-verify Restrict RSA keys on signature verification - 1 noECC SSL3 d allow=rsa-min=16384:key-size-flags=key-size-sign Restrict RSA keys on signing - 1 noECC SSL3 d allow=rsa-min=16384:key-size-flags=key-size-ssl Restrict RSA keys when used in SSL - 0 noECC SSL3 d allow=rsa-min=1023 Restrict RSA keys when used in SSL # test default settings # NOTE: tstclient will attempt to overide the defaults, so we detect we # were successful by locking in our settings -- cgit v1.2.1