-
Notifications
You must be signed in to change notification settings - Fork 6.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Limit the scope of the CAPI and CNG SHA-1 workarounds
In https://crbug.com/278370, we had to add some workarounds for legacy CAPI and CNG keys that only supported SHA-1. We've since carried these workarounds to current Chromium. Histograms now suggest there is negligible use of SHA-1 in TLS client signatures, with the exception of Windows. This is likely caused by those workarounds. Ideally we'd be able to query the key for supported signature algorithms, but this doesn't seem to be feasible. See https://crbug.com/924284#c14 So, instead, when we import CAPI keys and RSA-1024 CNG keys, do a trial signature with SHA-256. If it succeeds, disable the workaround. This should be safe; even if we cause a PIN prompt a smartcard, we do so immediately after the user selects the key, so it won't be out of place. If the system doesn't cache PIN prompts, it is possible we'll double prompt, but if PIN prompts aren't cached, users are likely already spammed with prompts due to quirks of connection management. Still, to mitigate the risk, the behavior change is gated on a base::Feature so we can easily disable it. If this sticks, we should hopefully reduce our SHA-1 signing on Windows. Should the numbers then align with other platforms, we can consider removing support for signing SHA-1 altogether. Bug: 1377705 Change-Id: Ic0f88625fe87756fadd8b9d6baa22f7fcb49a27c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3972200 Commit-Queue: David Benjamin <davidben@chromium.org> Reviewed-by: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/heads/main@{#1070686}
- Loading branch information
Showing
4 changed files
with
117 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters