void DisableMD5() { NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE); NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, 0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE); NSS_SetAlgorithmPolicy(SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC, 0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE); }
static SECStatus applyCryptoPolicy(char *policy) { char *s, *sp, *p; unsigned i; SECStatus rv; unsigned unknown; if (policy == NULL || policy[0] == 0) { return SECSuccess; /* do nothing */ } p = policy; /* disable all options by default */ for (i = 0; i < PR_ARRAY_SIZE(algOptList); i++) { NSS_SetAlgorithmPolicy(algOptList[i].oid, 0, algOptList[i].val); } NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, 0); do { s = strtok_r(p, ":", &sp); p = NULL; if (s != NULL) { unknown = 1; for (i = 0; i < PR_ARRAY_SIZE(algOptList); i++) { if (strcasecmp(algOptList[i].name, s) == 0) { rv = NSS_SetAlgorithmPolicy(algOptList[i].oid, algOptList[i].val, 0); if (rv != SECSuccess) { /* could not enable option */ rv = SECFailure; goto cleanup; } unknown = 0; break; } } if (unknown != 0) { for (i = 0; i < PR_ARRAY_SIZE(freeOptList); i++) { if (strncasecmp(freeOptList[i].name, s, freeOptList[i].name_size) == 0 && s[freeOptList[i].name_size] == '=') { PRInt32 val = atoi(&s[freeOptList[i].name_size+1]); assert(val != 0); rv = NSS_OptionSet(freeOptList[i].option, val); if (rv != SECSuccess) { /* could not enable option */ rv = SECFailure; goto cleanup; } unknown = 0; break; } } } if (unknown != 0) { fprintf(stderr, "error in term '%s'\n", s); rv = SECFailure; goto cleanup; } } } while (s != NULL); cleanup: /*NSS cannot recover*/ rv = SECSuccess; return rv; }