mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge mozilla-central to mozilla-inbound. a=merge on a CLOSED TREE

This commit is contained in:
Razvan Maries 2019-08-02 07:11:00 +03:00
Родитель d7ec6fb695 f57bfff083
Коммит 1fb298eac8
47 изменённых файлов: 1619 добавлений и 462 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

18
devtools/server/tests/unit/head_dbg.js
Просмотреть файл

@ -925,15 +925,19 @@ async function setupTestFromUrl(url) {
* @param Object options
* Optional arguments to tweak test environment
* - JSPrincipal principal
* Principal to use for the debuggee.
* Principal to use for the debuggee. Defaults to systemPrincipal.
* - boolean doNotRunWorker
* If true, do not run this tests in worker debugger context.
* If true, do not run this tests in worker debugger context. Defaults to false.
* - bool wantXrays
* Whether the debuggee wants Xray vision with respect to same-origin objects
* outside the sandbox. Defaults to true.
*/
function threadFrontTest(test, options = {}) {
let { principal, doNotRunWorker } = options;
if (!principal) {
principal = systemPrincipal;
}
const {
principal = systemPrincipal,
doNotRunWorker = false,
wantXrays = true,
} = options;
async function runThreadFrontTestWithServer(server, test) {
// Setup a server and connect a client to it.
@ -942,7 +946,7 @@ function threadFrontTest(test, options = {}) {
// Create a custom debuggee and register it to the server.
// We are using a custom Sandbox as debuggee. Create a new zone because
// debugger and debuggee must be in different compartments.
const debuggee = Cu.Sandbox(principal, { freshZone: true });
const debuggee = Cu.Sandbox(principal, { freshZone: true, wantXrays });
const scriptName = "debuggee.js";
debuggee.__name = scriptName;
server.addTestGlobal(debuggee);

77
devtools/server/tests/unit/test_objectgrips-17.js
Просмотреть файл

@ -12,28 +12,28 @@ registerCleanupFunction(() => {
async function testPrincipal(options, globalPrincipal, debuggeeHasXrays) {
const { debuggee } = options;
let global, subsumes, isOpaque, globalIsInvisible;
// Create a global object with the specified security principal.
// If none is specified, use the debuggee.
if (globalPrincipal === undefined) {
global = debuggee;
subsumes = true;
isOpaque = false;
globalIsInvisible = false;
await test(options, { global, subsumes, isOpaque, globalIsInvisible });
await test(options, {
global: debuggee,
subsumes: true,
isOpaque: false,
globalIsInvisible: false,
});
return;
}
const debuggeePrincipal = Cu.getObjectPrincipal(debuggee);
const sameOrigin = debuggeePrincipal === globalPrincipal;
subsumes = sameOrigin || debuggeePrincipal === systemPrincipal;
const sameOrigin = debuggeePrincipal.origin === globalPrincipal.origin;
const subsumes = debuggeePrincipal.subsumes(globalPrincipal);
for (const globalHasXrays of [true, false]) {
isOpaque =
const isOpaque =
subsumes &&
globalPrincipal !== systemPrincipal &&
((sameOrigin && debuggeeHasXrays) || globalHasXrays);
for (globalIsInvisible of [true, false]) {
global = Cu.Sandbox(globalPrincipal, {
for (const globalIsInvisible of [true, false]) {
let global = Cu.Sandbox(globalPrincipal, {
wantXrays: globalHasXrays,
invisibleToDebugger: globalIsInvisible,
});
@ -278,6 +278,10 @@ function check_prototype(
}
}
function createNullPrincipal() {
return Cc["@mozilla.org/nullprincipal;1"].createInstance(Ci.nsIPrincipal);
}
async function run_tests_in_principal(
options,
debuggeePrincipal,
@ -297,52 +301,21 @@ async function run_tests_in_principal(
await testPrincipal(options, systemPrincipal, debuggeeHasXrays);
// Test objects created in a cross-origin null principal new global.
await testPrincipal(options, null, debuggeeHasXrays);
await testPrincipal(options, createNullPrincipal(), debuggeeHasXrays);
if (debuggeePrincipal === null) {
// Test objects created in a same-origin null principal new global.
await testPrincipal(
options,
Cu.getObjectPrincipal(debuggee),
debuggeeHasXrays
);
if (debuggeePrincipal != systemPrincipal) {
// Test objects created in a same-origin principal new global.
await testPrincipal(options, debuggeePrincipal, debuggeeHasXrays);
}
}
// threadFrontTest uses systemPrincipal by default, but let's be explicit here.
for (const principal of [systemPrincipal, createNullPrincipal()]) {
for (const wantXrays of [true, false]) {
add_task(
threadFrontTest(
options => {
return run_tests_in_principal(options, systemPrincipal, true);
},
{ principal: systemPrincipal, wantXrays: true }
)
);
add_task(
threadFrontTest(
options => {
return run_tests_in_principal(options, systemPrincipal, false);
},
{ principal: systemPrincipal, wantXrays: false }
)
);
const nullPrincipal = Cc["@mozilla.org/nullprincipal;1"].createInstance(
Ci.nsIPrincipal
);
add_task(
threadFrontTest(
options => {
return run_tests_in_principal(options, nullPrincipal, true);
},
{ principal: nullPrincipal, wantXrays: true }
)
);
add_task(
threadFrontTest(
options => {
return run_tests_in_principal(options, nullPrincipal, false);
},
{ principal: nullPrincipal, wantXrays: false }
options => run_tests_in_principal(options, principal, wantXrays),
{ principal, wantXrays }
)
);
}
}

46
docshell/base/BrowsingContext.cpp
Просмотреть файл

@ -529,11 +529,47 @@ BrowsingContext* BrowsingContext::FindWithNameInSubtree(
return nullptr;
}
bool BrowsingContext::CanAccess(BrowsingContext* aContext) {
// TODO(farre): Bouncing this to nsDocShell::CanAccessItem is
// temporary, we should implement a replacement for this in
// BrowsingContext. See Bug 151590.
return aContext && nsDocShell::CanAccessItem(aContext->mDocShell, mDocShell);
// For historical context, see:
//
// Bug 13871: Prevent frameset spoofing
// Bug 103638: Targets with same name in different windows open in wrong
// window with javascript
// Bug 408052: Adopt "ancestor" frame navigation policy
// Bug 1570207: Refactor logic to rely on BrowsingContextGroups to enforce
// origin attribute isolation.
bool BrowsingContext::CanAccess(BrowsingContext* aTarget,
bool aConsiderOpener) {
MOZ_ASSERT(
mDocShell,
"CanAccess() may only be called in the process of the accessing window");
MOZ_ASSERT(aTarget, "Must have a target");
MOZ_DIAGNOSTIC_ASSERT(
Group() == aTarget->Group(),
"A BrowsingContext should never see a context from a different group");
// A frame can navigate itself and its own root.
if (aTarget == this || aTarget == Top()) {
return true;
}
// A frame can navigate any frame with a same-origin ancestor.
for (BrowsingContext* bc = aTarget; bc; bc = bc->GetParent()) {
if (bc->mDocShell &&
nsDocShell::ValidateOrigin(mDocShell, bc->mDocShell)) {
return true;
}
}
// If the target is a top-level document, a frame can navigate it if it can
// navigate its opener.
if (aConsiderOpener && !aTarget->GetParent()) {
if (RefPtr<BrowsingContext> opener = aTarget->GetOpener()) {
return CanAccess(opener, false);
}
}
return false;
}
BrowsingContext::~BrowsingContext() {

6
docshell/base/BrowsingContext.h
Просмотреть файл

@ -381,6 +381,9 @@ class BrowsingContext : public nsWrapperCache, public BrowsingContextBase {
IPCInitializer&& aInitializer, BrowsingContextGroup* aGroup,
ContentParent* aOriginProcess);
// Performs access control to check that 'this' can access 'aTarget'.
bool CanAccess(BrowsingContext* aTarget, bool aConsiderOpener = true);
protected:
virtual ~BrowsingContext();
BrowsingContext(BrowsingContext* aParent, BrowsingContextGroup* aGroup,
@ -398,9 +401,6 @@ class BrowsingContext : public nsWrapperCache, public BrowsingContextBase {
BrowsingContext* FindWithNameInSubtree(const nsAString& aName,
BrowsingContext* aRequestingContext);
// Performs access control to check that 'this' can access 'aContext'.
bool CanAccess(BrowsingContext* aContext);
// Removes the context from its group and sets mIsDetached to true.
void Unregister();

11
docshell/base/LoadContext.cpp
Просмотреть файл

@ -147,17 +147,6 @@ LoadContext::SetRemoteSubframes(bool aUseRemoteSubframes) {
return NS_ERROR_UNEXPECTED;
}
NS_IMETHODIMP
LoadContext::GetIsInIsolatedMozBrowserElement(
bool* aIsInIsolatedMozBrowserElement) {
MOZ_ASSERT(mIsNotNull);
NS_ENSURE_ARG_POINTER(aIsInIsolatedMozBrowserElement);
*aIsInIsolatedMozBrowserElement = mOriginAttributes.mInIsolatedMozBrowser;
return NS_OK;
}
NS_IMETHODIMP
LoadContext::GetScriptableOriginAttributes(JSContext* aCx,
JS::MutableHandleValue aAttrs) {

4
docshell/base/LoadContext.h
Просмотреть файл

@ -33,8 +33,6 @@ class LoadContext final : public nsILoadContext, public nsIInterfaceRequestor {
NS_DECL_NSILOADCONTEXT
NS_DECL_NSIINTERFACEREQUESTOR
// inIsolatedMozBrowser argumentsoverrides that in
// SerializedLoadContext provided by child process.
LoadContext(const IPC::SerializedLoadContext& aToCopy,
dom::Element* aTopFrameElement, OriginAttributes& aAttrs)
: mTopFrameElement(do_GetWeakReference(aTopFrameElement)),
@ -49,8 +47,6 @@ class LoadContext final : public nsILoadContext, public nsIInterfaceRequestor {
mOriginAttributes(aAttrs) {
}
// inIsolatedMozBrowser argument overrides that in
// SerializedLoadContext provided by child process.
LoadContext(const IPC::SerializedLoadContext& aToCopy,
uint64_t aNestedFrameId, OriginAttributes& aAttrs)
: mTopFrameElement(nullptr),

174
docshell/base/nsDocShell.cpp
Просмотреть файл

@ -256,11 +256,6 @@ static int32_t gDocShellCount = 0;
// Global count of docshells with the private attribute set
static uint32_t gNumberOfPrivateDocShells = 0;
// True means we validate window targets to prevent frameset
// spoofing. Initialize this to a non-bolean value so we know to check
// the pref on the creation of the first docshell.
static uint32_t gValidateOrigin = 0xffffffff;
#ifdef DEBUG
static mozilla::LazyLogModule gDocShellLog("nsDocShell");
#endif
@ -2847,38 +2842,11 @@ bool nsDocShell::CanAccessItem(nsIDocShellTreeItem* aTargetItem,
bool aConsiderOpener) {
MOZ_ASSERT(aTargetItem, "Must have target item!");
if (!gValidateOrigin || !aAccessingItem) {
if (!aAccessingItem) {
// Good to go
return true;
}
// XXXbz should we care if aAccessingItem or the document therein is
// chrome? Should those get extra privileges?
// For historical context, see:
//
// Bug 13871: Prevent frameset spoofing
// Bug 103638: Targets with same name in different windows open in wrong
// window with javascript
// Bug 408052: Adopt "ancestor" frame navigation policy
// Now do a security check.
//
// Disallow navigation if the two frames are not part of the same app, or if
// they have different is-in-browser-element states.
//
// Allow navigation if
// 1) aAccessingItem can script aTargetItem or one of its ancestors in
// the frame hierarchy or
// 2) aTargetItem is a top-level frame and aAccessingItem is its descendant
// 3) aTargetItem is a top-level frame and aAccessingItem can target
// its opener per rule (1) or (2).
if (aTargetItem == aAccessingItem) {
// A frame is allowed to navigate itself.
return true;
}
nsCOMPtr<nsIDocShell> targetDS = do_QueryInterface(aTargetItem);
nsCOMPtr<nsIDocShell> accessingDS = do_QueryInterface(aAccessingItem);
if (!targetDS || !accessingDS) {
@ -2886,110 +2854,9 @@ bool nsDocShell::CanAccessItem(nsIDocShellTreeItem* aTargetItem,
return false;
}
if (targetDS->GetIsInIsolatedMozBrowserElement() !=
accessingDS->GetIsInIsolatedMozBrowserElement()) {
return false;
}
nsCOMPtr<nsIDocShellTreeItem> accessingRoot;
aAccessingItem->GetInProcessSameTypeRootTreeItem(
getter_AddRefs(accessingRoot));
nsCOMPtr<nsIDocShell> accessingRootDS = do_QueryInterface(accessingRoot);
nsCOMPtr<nsIDocShellTreeItem> targetRoot;
aTargetItem->GetInProcessSameTypeRootTreeItem(getter_AddRefs(targetRoot));
nsCOMPtr<nsIDocShell> targetRootDS = do_QueryInterface(targetRoot);
OriginAttributes targetOA =
static_cast<nsDocShell*>(targetDS.get())->GetOriginAttributes();
OriginAttributes accessingOA =
static_cast<nsDocShell*>(accessingDS.get())->GetOriginAttributes();
// When the first party isolation is on, the top-level docShell may not have
// the firstPartyDomain in its originAttributes, but its document will have
// it. So we get the firstPartyDomain from the nodePrincipal of the document
// before we compare the originAttributes.
if (OriginAttributes::IsFirstPartyEnabled()) {
if (aAccessingItem->ItemType() == nsIDocShellTreeItem::typeContent &&
(accessingDS == accessingRootDS || accessingDS->GetIsMozBrowser())) {
RefPtr<Document> accessingDoc = aAccessingItem->GetDocument();
if (accessingDoc) {
nsCOMPtr<nsIPrincipal> accessingPrincipal =
accessingDoc->NodePrincipal();
accessingOA.mFirstPartyDomain =
accessingPrincipal->OriginAttributesRef().mFirstPartyDomain;
}
}
if (aTargetItem->ItemType() == nsIDocShellTreeItem::typeContent &&
(targetDS == targetRootDS || targetDS->GetIsMozBrowser())) {
RefPtr<Document> targetDoc = aAccessingItem->GetDocument();
if (targetDoc) {
nsCOMPtr<nsIPrincipal> targetPrincipal = targetDoc->NodePrincipal();
targetOA.mFirstPartyDomain =
targetPrincipal->OriginAttributesRef().mFirstPartyDomain;
}
}
}
if (targetOA != accessingOA) {
return false;
}
// A private document can't access a non-private one, and vice versa.
if (static_cast<nsDocShell*>(targetDS.get())->UsePrivateBrowsing() !=
static_cast<nsDocShell*>(accessingDS.get())->UsePrivateBrowsing()) {
return false;
}
if (aTargetItem == accessingRoot) {
// A frame can navigate its root.
return true;
}
// Check if aAccessingItem can navigate one of aTargetItem's ancestors.
nsCOMPtr<nsIDocShellTreeItem> target = aTargetItem;
do {
if (ValidateOrigin(aAccessingItem, target)) {
return true;
}
nsCOMPtr<nsIDocShellTreeItem> parent;
target->GetInProcessSameTypeParent(getter_AddRefs(parent));
parent.swap(target);
} while (target);
if (aTargetItem != targetRoot) {
// target is a subframe, not in accessor's frame hierarchy, and all its
// ancestors have origins different from that of the accessor. Don't
// allow access.
return false;
}
if (!aConsiderOpener) {
// All done here
return false;
}
nsCOMPtr<nsPIDOMWindowOuter> targetWindow = aTargetItem->GetWindow();
if (!targetWindow) {
NS_ERROR("This should not happen, really");
return false;
}
nsCOMPtr<mozIDOMWindowProxy> targetOpener = targetWindow->GetOpener();
nsCOMPtr<nsIWebNavigation> openerWebNav(do_GetInterface(targetOpener));
nsCOMPtr<nsIDocShellTreeItem> openerItem(do_QueryInterface(openerWebNav));
if (!openerItem) {
return false;
}
return CanAccessItem(openerItem, aAccessingItem, false);
return Cast(accessingDS)
->mBrowsingContext->CanAccess(Cast(targetDS)->mBrowsingContext,
aConsiderOpener);
}
static bool ItemIsActive(nsIDocShellTreeItem* aItem) {
@ -4950,12 +4817,6 @@ nsDocShell::Create() {
NS_ENSURE_TRUE(Preferences::GetRootBranch(), NS_ERROR_FAILURE);
mCreated = true;
if (gValidateOrigin == 0xffffffff) {
// Check pref to see if we should prevent frameset spoofing
gValidateOrigin =
Preferences::GetBool("browser.frame.validate_origin", true);
}
mUseStrictSecurityChecks = Preferences::GetBool(
"security.strict_security_checks.enabled", mUseStrictSecurityChecks);
@ -8625,10 +8486,8 @@ nsresult nsDocShell::CheckLoadingPermissions() {
// check on load.
nsresult rv = NS_OK;
if (!gValidateOrigin || !IsFrame()) {
// Origin validation was turned off, or we're not a frame.
// Permit all loads.
if (!IsFrame()) {
// We're not a frame. Permit all loads.
return rv;
}
@ -13196,27 +13055,6 @@ uint32_t nsDocShell::GetInheritedFrameType() {
return static_cast<nsDocShell*>(parent.get())->GetInheritedFrameType();
}
/* [infallible] */
NS_IMETHODIMP nsDocShell::GetIsIsolatedMozBrowserElement(
bool* aIsIsolatedMozBrowserElement) {
bool result = mFrameType == FRAME_TYPE_BROWSER &&
mOriginAttributes.mInIsolatedMozBrowser;
*aIsIsolatedMozBrowserElement = result;
return NS_OK;
}
/* [infallible] */
NS_IMETHODIMP nsDocShell::GetIsInIsolatedMozBrowserElement(
bool* aIsInIsolatedMozBrowserElement) {
MOZ_ASSERT(!mOriginAttributes.mInIsolatedMozBrowser ||
(GetInheritedFrameType() == FRAME_TYPE_BROWSER),
"Isolated mozbrowser should only be true inside browser frames");
bool result = (GetInheritedFrameType() == FRAME_TYPE_BROWSER) &&
mOriginAttributes.mInIsolatedMozBrowser;
*aIsInIsolatedMozBrowserElement = result;
return NS_OK;
}
/* [infallible] */
NS_IMETHODIMP nsDocShell::GetIsInMozBrowser(bool* aIsInMozBrowser) {
*aIsInMozBrowser = (GetInheritedFrameType() == FRAME_TYPE_BROWSER);

28
docshell/base/nsIDocShell.idl
Просмотреть файл

@ -732,34 +732,6 @@ interface nsIDocShell : nsIDocShellTreeItem
*/
[infallible] readonly attribute boolean isMozBrowser;
/**
* Returns true if this docshell corresponds to an isolated <iframe
* mozbrowser>.
*
* <xul:browser> is not considered to be a mozbrowser element.
* <iframe mozbrowser noisolation> does not count as isolated since
* isolation is disabled. Isolation can only be disabled if the
* containing document is chrome.
*/
[infallible] readonly attribute boolean isIsolatedMozBrowserElement;
/**
* Returns true if this docshell corresponds to an isolated <iframe
* mozbrowser> or if the docshell is contained in an isolated <iframe
* mozbrowser>.
*
* <xul:browser> is not considered to be a mozbrowser element. <iframe
* mozbrowser noisolation> does not count as isolated since isolation is
* disabled. Isolation can only be disabled if the containing document is
* chrome.
*
* Our notion here of "contained in" means: Walk up the docshell hierarchy in
* this process until we hit an <iframe mozbrowser> (or until the hierarchy
* ends). Return true iff the docshell we stopped on has
* isIsolatedMozBrowserElement == true.
*/
[infallible] readonly attribute boolean isInIsolatedMozBrowserElement;
/**
* Returns true if this docshell corresponds to an <iframe mozbrowser>, or
* if this docshell is contained in an <iframe mozbrowser>. <xul:browser>

9
docshell/base/nsILoadContext.idl
Просмотреть файл

@ -140,15 +140,6 @@ interface nsILoadContext : nsISupports
*/
[noscript] void SetRemoteSubframes(in boolean aUseRemoteSubframes);
/**
* Returns true iff the load is occurring inside an isolated mozbrowser
* element. <xul:browser> is not considered to be a mozbrowser element.
* <iframe mozbrowser noisolation> does not count as isolated since
* isolation is disabled. Isolation can only be disabled if the
* containing document is chrome.
*/
readonly attribute boolean isInIsolatedMozBrowserElement;
/**
* A dictionary of the non-default origin attributes associated with this
* nsILoadContext.

4
dom/base/PostMessageEvent.cpp
Просмотреть файл

@ -117,10 +117,6 @@ PostMessageEvent::Run() {
MOZ_DIAGNOSTIC_ASSERT(
sourceAttrs.mUserContextId == targetAttrs.mUserContextId,
"Target and source should have the same userContextId attribute.");
MOZ_DIAGNOSTIC_ASSERT(sourceAttrs.mInIsolatedMozBrowser ==
targetAttrs.mInIsolatedMozBrowser,
"Target and source should have the same "
"inIsolatedMozBrowser attribute.");
nsAutoString providedOrigin, targetOrigin;
nsresult rv = nsContentUtils::GetUTFOrigin(targetPrin, targetOrigin);

33
dom/base/nsFrameLoader.cpp
Просмотреть файл

@ -1144,11 +1144,6 @@ nsresult nsFrameLoader::SwapWithOtherRemoteLoader(
return NS_ERROR_NOT_IMPLEMENTED;
}
if (browserParent->IsIsolatedMozBrowserElement() !=
otherBrowserParent->IsIsolatedMozBrowserElement()) {
return NS_ERROR_NOT_IMPLEMENTED;
}
// When we swap docShells, maybe we have to deal with a new page created just
// for this operation. In this case, the browser code should already have set
// the correct userContextId attribute value in the owning element, but our
@ -1550,11 +1545,6 @@ nsresult nsFrameLoader::SwapWithOtherLoader(nsFrameLoader* aOther,
return NS_ERROR_NOT_IMPLEMENTED;
}
if (ourDocshell->GetIsIsolatedMozBrowserElement() !=
otherDocshell->GetIsIsolatedMozBrowserElement()) {
return NS_ERROR_NOT_IMPLEMENTED;
}
// When we swap docShells, maybe we have to deal with a new page created just
// for this operation. In this case, the browser code should already have set
// the correct userContextId attribute value in the owning element, but our
@ -1959,24 +1949,6 @@ bool nsFrameLoader::OwnerIsMozBrowserFrame() {
return browserFrame ? browserFrame->GetReallyIsBrowser() : false;
}
bool nsFrameLoader::OwnerIsIsolatedMozBrowserFrame() {
nsCOMPtr<nsIMozBrowserFrame> browserFrame = do_QueryInterface(mOwnerContent);
if (!browserFrame) {
return false;
}
if (!OwnerIsMozBrowserFrame()) {
return false;
}
bool isolated = browserFrame->GetIsolated();
if (isolated) {
return true;
}
return false;
}
bool nsFrameLoader::ShouldUseRemoteProcess() {
if (PR_GetEnv("MOZ_DISABLE_OOP_TABS") ||
Preferences::GetBool("dom.ipc.tabs.disabled", false)) {
@ -2171,9 +2143,6 @@ nsresult nsFrameLoader::MaybeCreateDocShell() {
MOZ_ASSERT(
attrs.mUserContextId == oa.mUserContextId,
"docshell and document should have the same userContextId attribute.");
MOZ_ASSERT(attrs.mInIsolatedMozBrowser == oa.mInIsolatedMozBrowser,
"docshell and document should have the same "
"inIsolatedMozBrowser attribute.");
MOZ_ASSERT(attrs.mPrivateBrowsingId == oa.mPrivateBrowsingId,
"docshell and document should have the same privateBrowsingId "
"attribute.");
@ -2182,7 +2151,6 @@ nsresult nsFrameLoader::MaybeCreateDocShell() {
}
if (OwnerIsMozBrowserFrame()) {
attrs.mInIsolatedMozBrowser = OwnerIsIsolatedMozBrowserFrame();
docShell->SetFrameType(nsIDocShell::FRAME_TYPE_BROWSER);
} else {
nsCOMPtr<nsIDocShellTreeItem> parentCheck;
@ -3367,7 +3335,6 @@ void nsFrameLoader::MaybeUpdatePrimaryBrowserParent(
nsresult nsFrameLoader::GetNewTabContext(MutableTabContext* aTabContext,
nsIURI* aURI) {
OriginAttributes attrs;
attrs.mInIsolatedMozBrowser = OwnerIsIsolatedMozBrowserFrame();
nsresult rv;
// set the userContextId on the attrs before we pass them into

9
dom/base/nsFrameLoader.h
Просмотреть файл

@ -405,15 +405,6 @@ class nsFrameLoader final : public nsStubMutationObserver,
bool ShouldUseRemoteProcess();
/**
* Is this a frame loader for an isolated <iframe mozbrowser>?
*
* By default, mozbrowser frames are isolated. Isolation can be disabled by
* setting the frame's noisolation attribute. Disabling isolation is
* only allowed if the containing document is chrome.
*/
bool OwnerIsIsolatedMozBrowserFrame();
/**
* Get our owning element's app manifest URL, or return the empty string if
* our owning element doesn't have an app manifest URL.

1
dom/base/test/mochitest.ini
Просмотреть файл

@ -878,7 +878,6 @@ skip-if = fission && (debug || asan) # Causes shutdown leaks under Fission.
[test_window_indexing.html]
[test_window_keys.html]
[test_window_named_frame_enumeration.html]
fail-if = fission
skip-if = fission && (debug || asan) # Causes shutdown leaks under Fission.
[test_window_own_props.html]
[test_window_proto.html]

1
dom/browser-element/mochitest/mochitest.ini
Просмотреть файл

@ -95,6 +95,7 @@ support-files =
[test_browserElement_inproc_ThemeColor.html]
[test_browserElement_inproc_AlertInFrame.html]
[test_browserElement_inproc_Auth.html]
disabled = No longer supported
[test_browserElement_inproc_BrowserWindowNamespace.html]
[test_browserElement_inproc_BrowserWindowResize.html]
[test_browserElement_inproc_Close.html]

13
dom/html/nsGenericHTMLFrameElement.cpp
Просмотреть файл

@ -422,19 +422,6 @@ nsresult nsGenericHTMLFrameElement::GetReallyIsBrowser(bool* aOut) {
return NS_OK;
}
/* [infallible] */
NS_IMETHODIMP nsGenericHTMLFrameElement::GetIsolated(bool* aOut) {
*aOut = true;
if (!nsContentUtils::IsSystemPrincipal(NodePrincipal())) {
return NS_OK;
}
// Isolation is only disabled if the attribute is present
*aOut = !HasAttr(kNameSpaceID_None, nsGkAtoms::noisolation);
return NS_OK;
}
NS_IMETHODIMP
nsGenericHTMLFrameElement::InitializeBrowserAPI() {
MOZ_ASSERT(mFrameLoader);

14
dom/interfaces/html/nsIMozBrowserFrame.idl
Просмотреть файл

@ -21,20 +21,6 @@ interface nsIMozBrowserFrame : nsIDOMMozBrowserFrame
*/
[infallible] readonly attribute boolean reallyIsBrowser;
/**
* Gets whether this frame is an isolated frame.
*
* By default, browser frames are isolated, meaning they have a principal
* where OriginAttributes.mIsInIsolatedMozBrowser == true. This isolates
* storage and other origin related items from non-browser apps, xul:browsers,
* etc.
*
* Isolation can be disabled by setting the frame's isolated attribute to
* false. Disabling isolation is only allowed if the containing document has
* browser permission (or equivalent access).
*/
[infallible] readonly attribute boolean isolated;
/**
* Initialize the API, and add frame message listener that supports API
* invocations.

3
dom/ipc/BrowserBridgeParent.cpp
Просмотреть файл

@ -40,9 +40,6 @@ nsresult BrowserBridgeParent::Init(const nsString& aPresentationURL,
// We can inherit most TabContext fields for the new BrowserParent actor from
// our Manager BrowserParent.
//
// We don't intend to support mozbrowsers with Fission currently, so we set
// |aMozBrowserElement| to be false.
MutableTabContext tabContext;
tabContext.SetTabContext(false, Manager()->ChromeOuterWindowID(),
Manager()->ShowFocusRings(),

1
dom/ipc/BrowserParent.cpp
Просмотреть файл

@ -3531,7 +3531,6 @@ class FakeChannel final : public nsIChannel,
NS_IMETHOD GetUsePrivateBrowsing(bool*) NO_IMPL;
NS_IMETHOD SetUsePrivateBrowsing(bool) NO_IMPL;
NS_IMETHOD SetPrivateBrowsing(bool) NO_IMPL;
NS_IMETHOD GetIsInIsolatedMozBrowserElement(bool*) NO_IMPL;
NS_IMETHOD GetScriptableOriginAttributes(JSContext*,
JS::MutableHandleValue) NO_IMPL;
NS_IMETHOD_(void)

4
dom/ipc/TabContext.cpp
Просмотреть файл

@ -28,10 +28,6 @@ TabContext::TabContext()
bool TabContext::IsMozBrowserElement() const { return mIsMozBrowserElement; }
bool TabContext::IsIsolatedMozBrowserElement() const {
return mOriginAttributes.mInIsolatedMozBrowser;
}
bool TabContext::IsMozBrowser() const { return IsMozBrowserElement(); }
bool TabContext::IsJSPlugin() const { return mJSPluginID >= 0; }

9
dom/ipc/TabContext.h
Просмотреть файл

@ -46,15 +46,6 @@ class TabContext {
*/
bool IsMozBrowserElement() const;
/**
* Does this TabContext correspond to an isolated mozbrowser?
*
* <iframe mozbrowser> is a mozbrowser element, but <xul:browser> is not.
* <iframe mozbrowser noisolation> does not count as isolated since isolation
* is disabled. Isolation can only be disabled by chrome pages.
*/
bool IsIsolatedMozBrowserElement() const;
/**
* Does this TabContext correspond to a mozbrowser? This is equivalent to
* IsMozBrowserElement(). Returns false for <xul:browser>, which isn't a

5
dom/tests/mochitest/dom-level0/mochitest.ini
Просмотреть файл

@ -13,7 +13,6 @@ support-files =
file_test_background_loading_iframes.html
[test_crossdomainprops.html]
skip-if = fission && debug # Crashes: @ nsDocShell::CanAccessItem(nsIDocShellTreeItem*, nsIDocShellTreeItem*, bool)
[test_innerWidthHeight_script.html]
[test_location.html]
fail-if = fission
@ -23,10 +22,8 @@ fail-if = fission
[test_location_setters.html]
fail-if = fission
[test_setting_document.domain_idn.html]
skip-if = fission && debug # Crashes: @ nsDocShell::CanAccessItem(nsIDocShellTreeItem*, nsIDocShellTreeItem*, bool)
fail-if = fission
skip-if = fission && debug # Causes shutdown leaks under Fission.
[test_setting_document.domain_to_shortened_ipaddr.html]
skip-if = fission && debug # Crashes: @ nsDocShell::CanAccessItem(nsIDocShellTreeItem*, nsIDocShellTreeItem*, bool)
fail-if = fission
[test_separate_post_message_queue.html]
[test_background_loading_iframes.html]

5
dom/tests/mochitest/localstorage/mochitest.ini
Просмотреть файл

@ -27,7 +27,6 @@ skip-if = os == "android" || verify # bug 962029
[test_cookieBlock.html]
[test_embededNulls.html]
[test_keySync.html]
skip-if = fission # Crashes: @ nsDocShell::CanAccessItem(nsIDocShellTreeItem*, nsIDocShellTreeItem*, bool)
[test_localStorageBase.html]
skip-if = e10s
[test_localStorageBaseSessionOnly.html]
@ -47,9 +46,7 @@ skip-if = fission
skip-if = fission || toolkit == 'android' #TIMED_OUT
[test_localStorageQuota.html]
fail-if = fission
skip-if =
toolkit == 'android' || #TIMED_OUT
fission && debug # Crashes: @ nsDocShell::CanAccessItem(nsIDocShellTreeItem*, nsIDocShellTreeItem*, bool)
skip-if = toolkit == 'android' #TIMED_OUT
[test_localStorageQuotaSessionOnly.html]
skip-if = toolkit == 'android' || (verify && (os == 'linux' || os == 'mac' || os == 'win')) #TIMED_OUT
[test_localStorageQuotaSessionOnly2.html]

5
dom/tests/mochitest/sessionstorage/mochitest.ini
Просмотреть файл

@ -14,10 +14,7 @@ support-files =
fail-if = fission
skip-if = toolkit == 'android'
[test_sessionStorageHttpHttps.html]
fail-if = fission
skip-if =
toolkit == 'android' || #TIMED_OUT
fission && debug # Crashes: @ nsDocShell::CanAccessItem(nsIDocShellTreeItem*, nsIDocShellTreeItem*, bool)
skip-if = toolkit == 'android' #TIMED_OUT
[test_sessionStorageReplace.html]
fail-if = fission
[test_sessionStorageUsage.html]

2
dom/tests/mochitest/whatwg/mochitest.ini
Просмотреть файл

@ -27,7 +27,6 @@ skip-if = fission && (debug || asan) # Causes shutdown leaks under Fission.
skip-if = toolkit == 'android' #bug 894914 - wrong data - got FAIL, expected message
[test_postMessage_hash.html]
[test_postMessage.html]
skip-if = fission && debug # Crashes: @ nsDocShell::CanAccessItem(nsIDocShellTreeItem*, nsIDocShellTreeItem*, bool)
fail-if = fission
[test_postMessage_idn.xhtml]
fail-if = fission
@ -44,7 +43,6 @@ skip-if = fission && (debug || asan) # Causes shutdown leaks under Fission.
skip-if = fission
[test_postMessage_special.xhtml]
[test_postMessage_structured_clone.html]
skip-if = fission && debug # Crashes: @ nsDocShell::CanAccessItem(nsIDocShellTreeItem*, nsIDocShellTreeItem*, bool)
fail-if = fission
[test_postMessage_throw.html]
fail-if = fission

1
js/xpconnect/tests/mochitest/mochitest.ini
Просмотреть файл

@ -99,7 +99,6 @@ skip-if = fission && (debug || asan) # Causes shutdown leaks under Fission.
[test_bug871887.html]
[test_bug912322.html]
[test_bug916945.html]
skip-if = fission && debug # Crashes: @ nsDocShell::CanAccessItem(nsIDocShellTreeItem*, nsIDocShellTreeItem*, bool)
fail-if = fission
[test_bug92773.html]
[test_bug940783.html]

27
netwerk/base/nsNetUtil.cpp
Просмотреть файл

@ -866,14 +866,7 @@ bool NS_LoadGroupMatchesPrincipal(nsILoadGroup* aLoadGroup,
getter_AddRefs(loadContext));
NS_ENSURE_TRUE(loadContext, false);
// Verify load context browser flag match the principal
bool contextInIsolatedBrowser;
nsresult rv =
loadContext->GetIsInIsolatedMozBrowserElement(&contextInIsolatedBrowser);
NS_ENSURE_SUCCESS(rv, false);
return contextInIsolatedBrowser ==
aPrincipal->GetIsInIsolatedMozBrowserElement();
return true;
}
nsresult NS_NewDownloader(nsIStreamListener** result,
@ -3001,30 +2994,18 @@ nsresult NS_CompareLoadInfoAndLoadContext(nsIChannel* aChannel) {
return NS_OK;
}
bool loadContextIsInBE = false;
nsresult rv =
loadContext->GetIsInIsolatedMozBrowserElement(&loadContextIsInBE);
if (NS_FAILED(rv)) {
return NS_ERROR_UNEXPECTED;
}
OriginAttributes originAttrsLoadInfo = loadInfo->GetOriginAttributes();
OriginAttributes originAttrsLoadContext;
loadContext->GetOriginAttributes(originAttrsLoadContext);
LOG(
("NS_CompareLoadInfoAndLoadContext - loadInfo: %d, %d, %d; "
"loadContext: %d %d, %d. [channel=%p]",
originAttrsLoadInfo.mInIsolatedMozBrowser,
("NS_CompareLoadInfoAndLoadContext - loadInfo: %d, %d; "
"loadContext: %d, %d. [channel=%p]",
originAttrsLoadInfo.mUserContextId,
originAttrsLoadInfo.mPrivateBrowsingId, loadContextIsInBE,
originAttrsLoadInfo.mPrivateBrowsingId,
originAttrsLoadContext.mUserContextId,
originAttrsLoadContext.mPrivateBrowsingId, aChannel));
MOZ_ASSERT(originAttrsLoadInfo.mInIsolatedMozBrowser == loadContextIsInBE,
"The value of InIsolatedMozBrowser in the loadContext and in "
"the loadInfo are not the same!");
MOZ_ASSERT(originAttrsLoadInfo.mUserContextId ==
originAttrsLoadContext.mUserContextId,
"The value of mUserContextId in the loadContext and in the "

4
netwerk/protocol/http/HttpBaseChannel.cpp
Просмотреть файл

@ -2904,10 +2904,6 @@ already_AddRefed<nsILoadInfo> HttpBaseChannel::CloneLoadInfoForRedirect(
MOZ_ASSERT(
docShellAttrs.mUserContextId == attrs.mUserContextId,
"docshell and necko should have the same userContextId attribute.");
MOZ_ASSERT(
docShellAttrs.mInIsolatedMozBrowser == attrs.mInIsolatedMozBrowser,
"docshell and necko should have the same inIsolatedMozBrowser "
"attribute.");
MOZ_ASSERT(
docShellAttrs.mPrivateBrowsingId == attrs.mPrivateBrowsingId,
"docshell and necko should have the same privateBrowsingId attribute.");

2
security/nss/TAG-INFO
Просмотреть файл

@ -1 +1 @@
a31fc0eefc4c
009a7163c80a

2
security/nss/cmd/lib/secpwd.c
Просмотреть файл

@ -66,7 +66,7 @@ SEC_GetPassword(FILE *input, FILE *output, char *prompt,
int infd = fileno(input);
int isTTY = isatty(infd);
#endif
char phrase[200] = { '\0' }; /* ensure EOF doesn't return junk */
char phrase[500] = { '\0' }; /* ensure EOF doesn't return junk */
for (;;) {
/* Prompt for password */

2
security/nss/cmd/pk11mode/pk11mode.c
Просмотреть файл

@ -5229,7 +5229,7 @@ PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
char *
PKM_FilePasswd(char *pwFile)
{
unsigned char phrase[200];
unsigned char phrase[500];
PRFileDesc *fd;
PRInt32 nb;
int i;

2
security/nss/cmd/shlibsign/shlibsign.c
Просмотреть файл

@ -614,7 +614,7 @@ cleanup:
static char *
filePasswd(char *pwFile)
{
unsigned char phrase[200];
unsigned char phrase[500];
PRFileDesc *fd;
PRInt32 nb;
int i;

1
security/nss/coreconf/coreconf.dep
Просмотреть файл

@ -10,4 +10,3 @@
*/
#error "Do not include this header file."

116
security/nss/gtests/softoken_gtest/softoken_gtest.cc
Просмотреть файл

@ -3,6 +3,7 @@
#include "nspr.h"
#include "nss.h"
#include "pk11pub.h"
#include "secmod.h"
#include "secerr.h"
#include "nss_scoped_ptrs.h"
@ -119,6 +120,27 @@ TEST_F(SoftokenTest, CreateObjectChangePassword) {
EXPECT_EQ(nullptr, obj);
}
/* The size limit for a password is 500 characters as defined in pkcs11i.h */
TEST_F(SoftokenTest, CreateObjectChangeToBigPassword) {
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
ASSERT_TRUE(slot);
EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
EXPECT_EQ(
SECSuccess,
PK11_ChangePW(slot.get(), "",
"rUIFIFr2bxKnbJbitsfkyqttpk6vCJzlYMNxcxXcaN37gSZKbLk763X7iR"
"yeVNWZHQ02lSF69HYjzTyPW3318ZD0DBFMMbALZ8ZPZP73CIo5uIQlaowV"
"IbP8eOhRYtGUqoLGlcIFNEYogV8Q3GN58VeBMs0KxrIOvPQ9s8SnYYkqvt"
"zzgntmAvCgvk64x6eQf0okHwegd5wi6m0WVJytEepWXkP9J629FSa5kNT8"
"FvL3jvslkiImzTNuTvl32fQDXXMSc8vVk5Q3mH7trMZM0VDdwHWYERjHbz"
"kGxFgp0VhediHx7p9kkz6H6ac4et9sW4UkTnN7xhYc1Zr17wRSk2heQtcX"
"oZJGwuzhiKm8A8wkuVxms6zO56P4JORIk8oaUW6lyNTLo2kWWnTA"));
EXPECT_EQ(SECSuccess, PK11_Logout(slot.get()));
ScopedPK11GenericObject obj(PK11_CreateGenericObject(
slot.get(), attributes, PR_ARRAY_SIZE(attributes), true));
EXPECT_EQ(nullptr, obj);
}
TEST_F(SoftokenTest, CreateObjectChangeToEmptyPassword) {
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
ASSERT_TRUE(slot);
@ -265,6 +287,100 @@ TEST_F(SoftokenNoDBTest, NeedUserInitNoDB) {
ASSERT_EQ(SECSuccess, NSS_Shutdown());
}
#ifndef NSS_FIPS_DISABLED
class SoftokenFipsTest : public SoftokenTest {
protected:
SoftokenFipsTest() : SoftokenTest("SoftokenFipsTest.d-") {}
virtual void SetUp() {
SoftokenTest::SetUp();
// Turn on FIPS mode (code borrowed from FipsMode in modutil/pk11.c)
char *internal_name;
ASSERT_FALSE(PK11_IsFIPS());
internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName);
ASSERT_EQ(SECSuccess, SECMOD_DeleteInternalModule(internal_name));
PR_smprintf_free(internal_name);
ASSERT_TRUE(PK11_IsFIPS());
}
};
const std::vector<std::string> kFipsPasswordCases[] = {
// FIPS level1 -> level1 -> level1
{"", "", ""},
// FIPS level1 -> level1 -> level2
{"", "", "strong-_123"},
// FIXME: this should work: FIPS level1 -> level2 -> level2
// {"", "strong-_123", "strong-_456"},
// FIPS level2 -> level2 -> level2
{"strong-_123", "strong-_456", "strong-_123"}};
const std::vector<std::string> kFipsPasswordBadCases[] = {
// FIPS level1 -> level2 -> level1
{"", "strong-_123", ""},
// FIPS level2 -> level1 -> level1
{"strong-_123", ""},
// FIPS level2 -> level2 -> level1
{"strong-_123", "strong-_456", ""},
// initialize with a weak password
{"weak"},
// FIPS level1 -> weak password
{"", "weak"},
// FIPS level2 -> weak password
{"strong-_123", "weak"}};
class SoftokenFipsPasswordTest
: public SoftokenFipsTest,
public ::testing::WithParamInterface<std::vector<std::string>> {};
class SoftokenFipsBadPasswordTest
: public SoftokenFipsTest,
public ::testing::WithParamInterface<std::vector<std::string>> {};
TEST_P(SoftokenFipsPasswordTest, SetPassword) {
const std::vector<std::string> &passwords = GetParam();
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
ASSERT_TRUE(slot);
auto it = passwords.begin();
auto prev_it = it;
EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, (*it).c_str()));
for (it++; it != passwords.end(); it++, prev_it++) {
EXPECT_EQ(SECSuccess,
PK11_ChangePW(slot.get(), (*prev_it).c_str(), (*it).c_str()));
}
}
TEST_P(SoftokenFipsBadPasswordTest, SetBadPassword) {
const std::vector<std::string> &passwords = GetParam();
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
ASSERT_TRUE(slot);
auto it = passwords.begin();
auto prev_it = it;
SECStatus rv = PK11_InitPin(slot.get(), nullptr, (*it).c_str());
if (it + 1 == passwords.end())
EXPECT_EQ(SECFailure, rv);
else
EXPECT_EQ(SECSuccess, rv);
for (it++; it != passwords.end(); it++, prev_it++) {
rv = PK11_ChangePW(slot.get(), (*prev_it).c_str(), (*it).c_str());
if (it + 1 == passwords.end())
EXPECT_EQ(SECFailure, rv);
else
EXPECT_EQ(SECSuccess, rv);
}
}
INSTANTIATE_TEST_CASE_P(FipsPasswordCases, SoftokenFipsPasswordTest,
::testing::ValuesIn(kFipsPasswordCases));
INSTANTIATE_TEST_CASE_P(BadFipsPasswordCases, SoftokenFipsBadPasswordTest,
::testing::ValuesIn(kFipsPasswordBadCases));
#endif
} // namespace nss_test
int main(int argc, char **argv) {

21
security/nss/lib/freebl/Makefile
Просмотреть файл

@ -241,9 +241,24 @@ ifeq ($(CPU_ARCH),arm)
DEFINES += -DMP_USE_UINT_DIGIT
DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
MPI_SRCS += mpi_arm.c
ifdef CC_IS_CLANG
DEFINES += -DUSE_HW_AES
EXTRA_SRCS += aes-armv8.c
else ifeq (1,$(CC_IS_GCC))
# Old compiler doesn't support ARM AES.
ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
DEFINES += -DUSE_HW_AES
EXTRA_SRCS += aes-armv8.c
endif
ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
DEFINES += -DUSE_HW_AES
EXTRA_SRCS += aes-armv8.c
endif
endif
endif
ifeq ($(CPU_ARCH),aarch64)
EXTRA_SRCS += gcm-aarch64.c
DEFINES += -DUSE_HW_AES
EXTRA_SRCS += aes-armv8.c gcm-aarch64.c
endif
ifeq ($(CPU_ARCH),ppc)
ifdef USE_64
@ -761,6 +776,10 @@ ifdef INTEL_GCM_CLANG_CL
$(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3
endif
ifeq ($(CPU_ARCH),arm)
$(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8
endif
ifeq ($(CPU_ARCH),aarch64)
$(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
$(OBJDIR)/$(PROG_PREFIX)gcm-aarch64$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
endif

1168
security/nss/lib/freebl/aes-armv8.c Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

103
security/nss/lib/freebl/aes-armv8.h Normal file
Просмотреть файл

@ -0,0 +1,103 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
SECStatus arm_aes_encrypt_ecb_128(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_decrypt_ecb_128(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_encrypt_cbc_128(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_decrypt_cbc_128(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_encrypt_ecb_192(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_decrypt_ecb_192(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_encrypt_cbc_192(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_decrypt_cbc_192(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_encrypt_ecb_256(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_decrypt_ecb_256(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_encrypt_cbc_256(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus arm_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
#define native_aes_ecb_worker(encrypt, keysize) \
((encrypt) \
? ((keysize) == 16 ? arm_aes_encrypt_ecb_128 \
: (keysize) == 24 ? arm_aes_encrypt_ecb_192 \
: arm_aes_encrypt_ecb_256) \
: ((keysize) == 16 ? arm_aes_decrypt_ecb_128 \
: (keysize) == 24 ? arm_aes_decrypt_ecb_192 \
: arm_aes_decrypt_ecb_256))
#define native_aes_cbc_worker(encrypt, keysize) \
((encrypt) \
? ((keysize) == 16 ? arm_aes_encrypt_cbc_128 \
: (keysize) == 24 ? arm_aes_encrypt_cbc_192 \
: arm_aes_encrypt_cbc_256) \
: ((keysize) == 16 ? arm_aes_decrypt_cbc_128 \
: (keysize) == 24 ? arm_aes_decrypt_cbc_192 \
: arm_aes_decrypt_cbc_256))
#define native_aes_init(encrypt, keysize) \
do { \
if (encrypt) { \
rijndael_key_expansion(cx, key, Nk); \
} else { \
rijndael_invkey_expansion(cx, key, Nk); \
} \
} while (0)

43
security/nss/lib/freebl/freebl.gyp
Просмотреть файл

@ -132,6 +132,35 @@
'-march=armv8-a+crypto'
]
},
{
'target_name': 'armv8_c_lib',
'type': 'static_library',
'sources': [
'aes-armv8.c',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports'
],
'conditions': [
[ 'target_arch=="arm"', {
'cflags': [
'-march=armv8-a',
'-mfpu=crypto-neon-fp-armv8'
],
'cflags_mozilla': [
'-march=armv8-a',
'-mfpu=crypto-neon-fp-armv8'
],
}, 'target_arch=="arm64" or target_arch=="aarch64"', {
'cflags': [
'-march=armv8-a+crypto'
],
'cflags_mozilla': [
'-march=armv8-a+crypto'
],
}]
]
},
{
'target_name': 'freebl',
'type': 'static_library',
@ -160,6 +189,10 @@
'dependencies': [
'gcm-aes-x86_c_lib',
],
}, 'target_arch=="arm" or target_arch=="arm64" or target_arch=="aarch64"', {
'dependencies': [
'armv8_c_lib'
],
}],
[ 'target_arch=="arm64" or target_arch=="aarch64"', {
'dependencies': [
@ -202,6 +235,10 @@
'dependencies': [
'gcm-aes-x86_c_lib',
]
}, 'target_arch=="arm" or target_arch=="arm64" or target_arch=="aarch64"', {
'dependencies': [
'armv8_c_lib',
],
}],
[ 'target_arch=="arm64" or target_arch=="aarch64"', {
'dependencies': [
@ -429,6 +466,12 @@
'MP_USE_UINT_DIGIT',
'SHA_NO_LONG_LONG',
'ARMHF',
'USE_HW_AES',
],
}],
[ 'target_arch=="arm64" or target_arch=="aarch64"', {
'defines': [
'USE_HW_AES',
],
}],
],

6
security/nss/lib/freebl/intel-aes.h
Просмотреть файл

@ -100,7 +100,7 @@ SECStatus intel_aes_encrypt_ctr_256(CTRContext *cx, unsigned char *output,
unsigned int inputLen,
unsigned int blocksize);
#define intel_aes_ecb_worker(encrypt, keysize) \
#define native_aes_ecb_worker(encrypt, keysize) \
((encrypt) \
? ((keysize) == 16 ? intel_aes_encrypt_ecb_128 \
: (keysize) == 24 ? intel_aes_encrypt_ecb_192 \
@ -109,7 +109,7 @@ SECStatus intel_aes_encrypt_ctr_256(CTRContext *cx, unsigned char *output,
: (keysize) == 24 ? intel_aes_decrypt_ecb_192 \
: intel_aes_decrypt_ecb_256))
#define intel_aes_cbc_worker(encrypt, keysize) \
#define native_aes_cbc_worker(encrypt, keysize) \
((encrypt) \
? ((keysize) == 16 ? intel_aes_encrypt_cbc_128 \
: (keysize) == 24 ? intel_aes_encrypt_cbc_192 \
@ -123,7 +123,7 @@ SECStatus intel_aes_encrypt_ctr_256(CTRContext *cx, unsigned char *output,
: (nr) == 12 ? intel_aes_encrypt_ctr_192 \
: intel_aes_encrypt_ctr_256)
#define intel_aes_init(encrypt, keysize) \
#define native_aes_init(encrypt, keysize) \
do { \
if (encrypt) { \
if (keysize == 16) \

8
security/nss/lib/freebl/pqg.c
Просмотреть файл

@ -890,7 +890,7 @@ findQfromSeed(
pqgGenType *typePtr, /* output. Generation Type used */
unsigned int *qgen_counter) /* output. q_counter */
{
HASH_HashType hashtype;
HASH_HashType hashtype = HASH_AlgNULL;
SECItem firstseed = { 0, 0, 0 };
SECItem qseed = { 0, 0, 0 };
SECStatus rv;
@ -1239,7 +1239,7 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int outlen; /* Per FIPS 186-3, appendix A.1.1.2. */
unsigned int maxCount;
HASH_HashType hashtype;
HASH_HashType hashtype = HASH_AlgNULL;
SECItem *seed; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
PLArenaPool *arena = NULL;
PQGParams *params = NULL;
@ -1630,8 +1630,8 @@ PQG_VerifyParams(const PQGParams *params,
unsigned int qseed_len;
unsigned int qgen_counter_ = 0;
SECItem pseed_ = { 0, 0, 0 };
HASH_HashType hashtype;
pqgGenType type;
HASH_HashType hashtype = HASH_AlgNULL;
pqgGenType type = FIPS186_1_TYPE;
#define CHECKPARAM(cond) \
if (!(cond)) { \

25
security/nss/lib/freebl/rijndael.c
Просмотреть файл

@ -20,9 +20,18 @@
#include "gcm.h"
#include "mpi.h"
#ifdef USE_HW_AES
#include "intel-aes.h"
#if !defined(IS_LITTLE_ENDIAN) && !defined(NSS_X86_OR_X64)
// not test yet on big endian platform of arm
#undef USE_HW_AES
#endif
#ifdef USE_HW_AES
#ifdef NSS_X86_OR_X64
#include "intel-aes.h"
#else
#include "aes-armv8.h"
#endif
#endif /* USE_HW_AES */
#ifdef INTEL_GCM
#include "intel-gcm.h"
#endif /* INTEL_GCM */
@ -847,7 +856,11 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
use_hw_aes = aesni_support() && (keysize % 8) == 0;
#if defined(NSS_X86_OR_X64) || defined(USE_HW_AES)
use_hw_aes = (aesni_support() || arm_aes_support()) && (keysize % 8) == 0;
#else
use_hw_aes = PR_FALSE;
#endif
/* Nb = (block size in bits) / 32 */
cx->Nb = AES_BLOCK_SIZE / 4;
/* Nk = (key size in bits) / 32 */
@ -860,7 +873,7 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
#ifdef USE_HW_AES
if (use_hw_aes) {
cx->worker = (freeblCipherFunc)
intel_aes_cbc_worker(encrypt, keysize);
native_aes_cbc_worker(encrypt, keysize);
} else
#endif
{
@ -872,7 +885,7 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
#ifdef USE_HW_AES
if (use_hw_aes) {
cx->worker = (freeblCipherFunc)
intel_aes_ecb_worker(encrypt, keysize);
native_aes_ecb_worker(encrypt, keysize);
} else
#endif
{
@ -888,7 +901,7 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
}
#ifdef USE_HW_AES
if (use_hw_aes) {
intel_aes_init(encrypt, keysize);
native_aes_init(encrypt, keysize);
} else
#endif
{

28
security/nss/lib/softoken/fipstokn.c
Просмотреть файл

@ -645,17 +645,37 @@ FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
CHECK_FORK();
if ((rv = sftk_fipsCheck()) == CKR_OK &&
(rv = sftk_newPinCheck(pNewPin, usNewLen)) == CKR_OK) {
rv = sftk_fipsCheck();
if (rv != CKR_OK) {
goto loser;
}
if (isLevel2 || usNewLen > 0) {
rv = sftk_newPinCheck(pNewPin, usNewLen);
if (rv != CKR_OK) {
goto loser;
}
rv = NSC_SetPIN(hSession, pOldPin, usOldLen, pNewPin, usNewLen);
if ((rv == CKR_OK) &&
(sftk_SlotIDFromSessionHandle(hSession) == FIPS_SLOT_ID)) {
if (rv != CKR_OK) {
goto loser;
}
if (sftk_SlotIDFromSessionHandle(hSession) == FIPS_SLOT_ID) {
/* if we set the password in level1 we now go
* to level2. NOTE: we don't allow the user to
* go from level2 to level1 */
isLevel2 = PR_TRUE;
}
} else {
/* here both old and new passwords are empty, but we need to
* call NSC_SetPIN to force rekey the database entries */
PORT_Assert(usNewLen == 0);
rv = NSC_SetPIN(hSession, pOldPin, usOldLen, pNewPin, usNewLen);
if (rv != CKR_OK) {
goto loser;
}
}
loser:
if (sftk_audit_enabled) {
char msg[128];
NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

5
security/nss/lib/softoken/pkcs11.c
Просмотреть файл

@ -3900,7 +3900,10 @@ NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
crv = CKR_PIN_LEN_RANGE;
goto loser;
}
if (ulNewLen < (CK_ULONG)slot->minimumPinLen) {
/* check the length of new pin, unless both old and new passwords
* are empty */
if ((ulNewLen != 0 || ulOldLen != 0) &&
ulNewLen < (CK_ULONG)slot->minimumPinLen) {
crv = CKR_PIN_LEN_RANGE;
goto loser;
}

2
security/nss/lib/softoken/pkcs11i.h
Просмотреть файл

@ -459,7 +459,7 @@ struct SFTKItemTemplateStr {
#define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC | SFTK_TOKEN_TYPE_CRL | 1)
/* how big (in bytes) a password/pin we can deal with */
#define SFTK_MAX_PIN 255
#define SFTK_MAX_PIN 500
/* minimum password/pin length (in Unicode characters) in FIPS mode */
#define FIPS_MIN_PIN 7

10
security/nss/mach
Просмотреть файл

@ -197,6 +197,13 @@ class coverityAction(argparse.Action):
def dump_cov_artifact(self, cov_results, source, output):
import json
def relpath(path):
'''Build path relative to repository root'''
if path.startswith(cwd):
return os.path.relpath(path, cwd)
return path
# Parse Coverity json into structured issues
with open(cov_results) as f:
result = json.load(f)
@ -223,7 +230,7 @@ class coverityAction(argparse.Action):
# Embed all events into extra message
for event in issue['events']:
dict_issue['extra']['stack'].append({'file_path': event['strippedFilePathname'],
dict_issue['extra']['stack'].append({'file_path': relpath(event['strippedFilePathname']),
'line_number': event['lineNumber'],
'path_type': event['eventTag'],
'description': event['eventDescription']})
@ -237,6 +244,7 @@ class coverityAction(argparse.Action):
print('Skipping CID: {0} from file: {1} since it\'s not related with the current patch.'.format(
issue['stateOnServer']['cid'], issue['strippedMainEventFilePathname']))
continue
path = relpath(path)
if path in files_list:
files_list[path]['warnings'].append(build_element(issue))
else:

8
uriloader/prefetch/OfflineCacheUpdateParent.cpp
Просмотреть файл

@ -240,14 +240,6 @@ OfflineCacheUpdateParent::SetRemoteSubframes(bool aUseRemoteSubframes) {
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
OfflineCacheUpdateParent::GetIsInIsolatedMozBrowserElement(
bool* aIsInIsolatedMozBrowserElement) {
NS_ENSURE_TRUE(mLoadingPrincipal, NS_ERROR_UNEXPECTED);
return mLoadingPrincipal->GetIsInIsolatedMozBrowserElement(
aIsInIsolatedMozBrowserElement);
}
NS_IMETHODIMP
OfflineCacheUpdateParent::GetScriptableOriginAttributes(
JSContext* aCx, JS::MutableHandleValue aAttrs) {

6
uriloader/prefetch/nsIOfflineCacheUpdate.idl
Просмотреть файл

@ -223,9 +223,9 @@ interface nsIOfflineCacheUpdateService : nsISupports {
/**
* Schedule a cache update for a given offline manifest using app cache
* bound to the given appID+inIsolatedMozBrowser flag. If an existing update
* is scheduled or running, that update will be returned. Otherwise a new
* update will be scheduled.
* bound to the given appID flag. If an existing update is scheduled or
* running, that update will be returned. Otherwise a new update will be
* scheduled.
*/
nsIOfflineCacheUpdate scheduleAppUpdate(in nsIURI aManifestURI,
in nsIURI aDocumentURI,

1
xpcom/ds/StaticAtoms.py
Просмотреть файл

@ -700,7 +700,6 @@ STATIC_ATOMS = [
Atom("noembed", "noembed"),
Atom("noframes", "noframes"),
Atom("nohref", "nohref"),
Atom("noisolation", "noisolation"),
Atom("nomodule", "nomodule"),
Atom("nonce", "nonce"),
Atom("none", "none"),