mirror of https://github.com/ctz/rustls
aws-lc-rs: reduce priority of `ECDSA_NISTP521_SHA512`
In TLS1.2, this actually means ECDSA_SHA512. If the peer selects that, we get caught out depending on the curve of the public key because we don't support (for example) `ECDSA_NISTP256_SHA512`. Reducing the preference of this improves matters, because a peer that respects our priority will only select that if nothing else is possible (which includes the cases that SHA256 and SHA384 are not supported, in which case we are hosed, but also if the version is TLS1.3 and public key is on P521).
This commit is contained in:
parent
a74f9d531b
commit
e01b7b2666
|
@ -168,10 +168,6 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms
|
|||
],
|
||||
mapping: &[
|
||||
// Note: for TLS1.2 the curve is not fixed by SignatureScheme. For TLS1.3 it is.
|
||||
(
|
||||
SignatureScheme::ECDSA_NISTP521_SHA512,
|
||||
&[webpki_algs::ECDSA_P521_SHA512],
|
||||
),
|
||||
(
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
&[
|
||||
|
@ -186,6 +182,10 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms
|
|||
webpki_algs::ECDSA_P384_SHA256,
|
||||
],
|
||||
),
|
||||
(
|
||||
SignatureScheme::ECDSA_NISTP521_SHA512,
|
||||
&[webpki_algs::ECDSA_P521_SHA512],
|
||||
),
|
||||
(SignatureScheme::ED25519, &[webpki_algs::ED25519]),
|
||||
(
|
||||
SignatureScheme::RSA_PSS_SHA512,
|
||||
|
|
|
@ -1129,9 +1129,9 @@ fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() {
|
|||
CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
if provider_is_aws_lc_rs() {
|
||||
vec![
|
||||
SignatureScheme::ECDSA_NISTP521_SHA512,
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ECDSA_NISTP521_SHA512,
|
||||
SignatureScheme::ED25519,
|
||||
]
|
||||
} else {
|
||||
|
@ -1499,10 +1499,6 @@ fn test_client_cert_resolve(
|
|||
fn default_signature_schemes(version: ProtocolVersion) -> Vec<SignatureScheme> {
|
||||
let mut v = vec![];
|
||||
|
||||
if provider_is_aws_lc_rs() {
|
||||
v.push(SignatureScheme::ECDSA_NISTP521_SHA512);
|
||||
}
|
||||
|
||||
v.extend_from_slice(&[
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
|
@ -1512,6 +1508,10 @@ fn default_signature_schemes(version: ProtocolVersion) -> Vec<SignatureScheme> {
|
|||
SignatureScheme::RSA_PSS_SHA256,
|
||||
]);
|
||||
|
||||
if provider_is_aws_lc_rs() {
|
||||
v.insert(2, SignatureScheme::ECDSA_NISTP521_SHA512);
|
||||
}
|
||||
|
||||
if version == ProtocolVersion::TLSv1_2 {
|
||||
v.extend_from_slice(&[
|
||||
SignatureScheme::RSA_PKCS1_SHA512,
|
||||
|
|
Loading…
Reference in New Issue