Bug 1311950 - Don't send PSS signature algorithms if we have no token…

… that supports verifying them r=mt Differential Revision: https://nss-review.dev.mozaws.net/D15
sailfishos-mirror · Nov 2, 2016 · 1c7088a · 1c7088a
1 parent b07bc66
commit 1c7088a
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
@@ -6365,7 +6365,7 @@ ssl_PickSignatureScheme(sslSocket *ss,
         }
 
         /* Skip RSA-PSS schemes when the certificate's private key slot does
-         * not supporting that mechanism. */
+         * not support this signature mechanism. */
         if (ssl_IsRsaPssSignatureScheme(preferred) && !slotDoesPss) {
             continue;
         }
@@ -9552,6 +9552,13 @@ ssl3_EncodeSigAlgs(sslSocket *ss, PRUint8 *buf, unsigned maxLen, PRUint32 *len)
         SSLHashType hashType = ssl_SignatureSchemeToHashType(
             ss->ssl3.signatureSchemes[i]);
         SECOidTag hashOID = ssl3_HashTypeToOID(hashType);
+
+        /* Skip RSA-PSS schemes if there are no tokens to verify them. */
+        if (ssl_IsRsaPssSignatureScheme(ss->ssl3.signatureSchemes[i]) &&
+            !PK11_TokenExists(auth_alg_defs[ssl_auth_rsa_pss])) {
+            continue;
+        }
+
         if ((NSS_GetAlgorithmPolicy(hashOID, &policy) != SECSuccess) ||
             (policy & NSS_USE_ALG_IN_SSL_KX)) {
             p = ssl_EncodeUintX((PRUint32)ss->ssl3.signatureSchemes[i], 2, p);