bug 1195434 - specify what signature schemes the platform will actually accept in TLS handshakes r=mt
authorDavid Keeler <dkeeler@mozilla.com>
Thu, 03 Nov 2016 12:53:23 -0700
changeset 351521 ca0017c90ad0fb11dbf4ecd3409f9bf196059869
parent 351520 8988e17605ed135abd91f64a0c3c30b559d453ce
child 351522 c05a3ad32d21c1707f37f5dfd4e98ec6fb148d84
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-esr52@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmt
bugs1195434
milestone52.0a1
bug 1195434 - specify what signature schemes the platform will actually accept in TLS handshakes r=mt MozReview-Commit-ID: A3T4EgEfcfy
config/external/nss/nss.symbols
security/manager/ssl/nsNSSIOLayer.cpp
--- a/config/external/nss/nss.symbols
+++ b/config/external/nss/nss.symbols
@@ -687,16 +687,17 @@ SSL_SetCanFalseStartCallback
 SSL_SetDowngradeCheckVersion
 SSL_SetNextProtoNego
 SSL_SetPKCS11PinArg
 SSL_SetSockPeerID
 SSL_SetSRTPCiphers
 SSL_SetStapledOCSPResponses
 SSL_SetURL
 SSL_ShutdownServerSessionIDCache
+SSL_SignatureSchemePrefSet
 SSL_SNISocketConfigHook
 SSL_VersionRangeGet
 SSL_VersionRangeGetDefault
 SSL_VersionRangeGetSupported
 SSL_VersionRangeSet
 SSL_VersionRangeSetDefault
 UTIL_SetForkState
 VFY_Begin
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -2442,16 +2442,30 @@ nsSSLIOLayerImportFD(PRFileDesc* fd,
   return sslSock;
 loser:
   if (sslSock) {
     PR_Close(sslSock);
   }
   return nullptr;
 }
 
+static const SSLSignatureScheme sEnabledSignatureSchemes[] = {
+  ssl_sig_ecdsa_secp256r1_sha256,
+  ssl_sig_ecdsa_secp384r1_sha384,
+  ssl_sig_ecdsa_secp521r1_sha512,
+  ssl_sig_rsa_pss_sha256,
+  ssl_sig_rsa_pss_sha384,
+  ssl_sig_rsa_pss_sha512,
+  ssl_sig_rsa_pkcs1_sha256,
+  ssl_sig_rsa_pkcs1_sha384,
+  ssl_sig_rsa_pkcs1_sha512,
+  ssl_sig_ecdsa_sha1,
+  ssl_sig_rsa_pkcs1_sha1,
+};
+
 static nsresult
 nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
                        bool haveProxy, const char* host, int32_t port,
                        nsNSSSocketInfo* infoObject)
 {
   nsNSSShutDownPreventionLock locker;
   if (forSTARTTLS || haveProxy) {
     if (SECSuccess != SSL_OptionSet(fd, SSL_SECURITY, false)) {
@@ -2511,16 +2525,21 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b
     return NS_ERROR_FAILURE;
   }
   // This ensures that we send key shares for X25519 and P-256 in TLS 1.3, so
   // that servers are less likely to use HelloRetryRequest.
   if (SECSuccess != SSL_SendAdditionalKeyShares(fd, 1)) {
     return NS_ERROR_FAILURE;
   }
 
+  if (SECSuccess != SSL_SignatureSchemePrefSet(fd, sEnabledSignatureSchemes,
+                      mozilla::ArrayLength(sEnabledSignatureSchemes))) {
+    return NS_ERROR_FAILURE;
+  }
+
   bool enabled = infoObject->SharedState().IsOCSPStaplingEnabled();
   if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, enabled)) {
     return NS_ERROR_FAILURE;
   }
 
   bool sctsEnabled = infoObject->SharedState().IsSignedCertTimestampsEnabled();
   if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
       sctsEnabled)) {