void
DisableMD5()
{
NSS_SetAlgorithmPolicy(SEC_OID_MD5,
0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
NSS_SetAlgorithmPolicy(SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
}
static SECStatus applyCryptoPolicy(char *policy)
{
char *s, *sp, *p;
unsigned i;
SECStatus rv;
unsigned unknown;
if (policy == NULL || policy[0] == 0) {
return SECSuccess; /* do nothing */
}
p = policy;
/* disable all options by default */
for (i = 0; i < PR_ARRAY_SIZE(algOptList); i++) {
NSS_SetAlgorithmPolicy(algOptList[i].oid, 0, algOptList[i].val);
}
NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, 0);
do {
s = strtok_r(p, ":", &sp);
p = NULL;
if (s != NULL) {
unknown = 1;
for (i = 0; i < PR_ARRAY_SIZE(algOptList); i++) {
if (strcasecmp(algOptList[i].name, s) == 0) {
rv = NSS_SetAlgorithmPolicy(algOptList[i].oid,
algOptList[i].val, 0);
if (rv != SECSuccess) {
/* could not enable option */
rv = SECFailure;
goto cleanup;
}
unknown = 0;
break;
}
}
if (unknown != 0) {
for (i = 0; i < PR_ARRAY_SIZE(freeOptList); i++) {
if (strncasecmp(freeOptList[i].name, s, freeOptList[i].name_size) == 0 &&
s[freeOptList[i].name_size] == '=') {
PRInt32 val = atoi(&s[freeOptList[i].name_size+1]);
assert(val != 0);
rv = NSS_OptionSet(freeOptList[i].option, val);
if (rv != SECSuccess) {
/* could not enable option */
rv = SECFailure;
goto cleanup;
}
unknown = 0;
break;
}
}
}
if (unknown != 0) {
fprintf(stderr, "error in term '%s'\n", s);
rv = SECFailure;
goto cleanup;
}
}
} while (s != NULL);
cleanup:
/*NSS cannot recover*/
rv = SECSuccess;
return rv;
}
